One of the essential features of WordPress is user roles. They determine user permissions and control user access to the website content. If you have writers or site developers other than yourself, understanding user roles helps maintain website security.
Perhaps you have contributors who write guest posts on your site. Maybe you have regular authors that you trust to publish articles. All of their access is controlled through the use of roles.
In this article, I’ll show you how to configure WordPress roles. I’ll also introduce a plugin that allows you to edit existing roles and create new ones. As a result, you’ll be able to govern who does what on your website precisely.
Understanding WordPress Roles and Permissions
User roles and permissions control who can do what on your website. Every user registration is potentially different. You want to be familiar with user roles so you can allow users sufficient access without making everyone an administrator.
User roles should include only the permissions necessary for the role, nothing more. You don’t want an author, whose only task is writing, to have administrator permissions. It’s unnecessary, confusing for the author, and potentially disruptive or destructive.
Someone with too much access can be accidentally harmful; there doesn’t have to be any malicious intent.
Roles provide a way to restrict access to critical site tools. In most cases, only administrators need access to site configuration, plugins, and themes. Authors and other contributors don’t need access to site configuration tools or features. So make sure they don’t have it.
User roles can be changed or modified to grant or remove permissions. I’ll show you how it’s done in a minute.
The Default WordPress User Roles
When you install WordPress, several user roles are created by default.
- Subscriber: Has read access and minimal control of their own profile.
- Contributor: Has read, delete, and edit permissions for their own posts, but not the ability to publish.
- Author: Has full control of their own posts without the ability to create new categories.
- Editor: Has full control of the content areas of the site, such as adding and deleting of posts.
- Administrator: Has complete control of the WordPress system.
There is also a “Super Admin” role that you’ll see if you use the WordPress Multisite feature. In a single-site WordPress installation, Administrators have the same permissions as the Multisite “Super Admin.”
Installing plugins may create additional user roles. For example, eCommerce plugins might include roles such as “Shop Vendor” or “Shop Manager.” It is also possible to create custom user roles with the right knowledge, or by using a plugin, which we cover below.
How to Set WordPress Roles and Permissions
Changing the role of a user is a simple process. It is worth noting that a regular user cannot change their user role. This is only available for site administrators. Or if you have created a custom user role with that ability.
Step 1: Select A User
In the left column navigation, click on Users and select the All Users option.
The Users page shows a list of everyone registered on your website. To the right of each name, you’ll see their role in the “Role” column. Locate the user you want to change the role of and click on the Edit option underneath their name.
Step 2: Change the User Role
On the “Edit User” page, you’ll see several available options. You can remove the Visual Editor for the user, change the color scheme, etc. But we want to change the role, so go to the “Role” drop-down and choose the new role.
Scroll to the bottom of the page and click the “Update User” button.
Certain plugins will install other features you may want to consider when setting permissions on your site. For instance, Yoast SEO will include the ability to disable a user from accessing the analysis part of the plugin in a post or page.
How to Create Custom User Roles in WordPress
The strength of WordPress lies in its ability to be customized to suit any site owner’s needs. Whether you want to add custom styles to the editor or fine-tune the website appearance, the possibilities seem endless.
So, with that in mind, understand that you don’t have to settle for the default WordPress roles. Using the PublishPress Capabilities plugin gives you the ability to customize user controls.
Step 1: Install the PublishPress Capabilities Plugin
Let’s start by clicking on Plugins and selecting the Add New option on the left-hand admin panel.
Search for PublishPress Capabilities in the available search box. This will pull up additional plugins that you may find helpful.
Scroll down until you find the PublishPress Capabilities plugin and click on the “Install Now” button and activate the plugin for use.
Step 2: Configuring PublishPress Capabilities
On the left column navigation, click on Capabilities and select the Capabilities option.
The two ways you’ll most likely use the plugin are to change existing roles and to create new roles.
Changing an Existing WordPress User Role
First, choose the role you want to edit from the User Role selection drop-down.
The plugin breaks up all of the settings into multiple tabs. Due to the sheer quantity of options, I will not cover them all. Instead, I will user the first options as an example of how the plugin functions.
Simply put, the plugin will provide a series of checkboxes that allow you to select what the user role can do (checked box), and what it cannot do (unchecked box). Check and uncheck the boxes to edit the user role.
For example, the initial options allow you to configure what the user can do on Posta and Page content in WordPress.
Go through the various options to fully configure what the user role is capable of. When you are done, be sure to click on the “Save Changes” button at the bottom left of the screen to save the changes you have made.
Be sure to test out the user role yourself to ensure it can do what you want it to. An easy way to do this is to quickly create a new user with that role and explore the site with it.
Creating a New WordPress User Role
The coolest feature of the PublishPress Capabilities plugin is the ability to create new WordPress user roles.
You can’t edit permissions on a per-user basis, but by creating a new role just for a specific user, you can essentially do the same thing. Set custom permission for a single user (or group of users).
To create a new user role, click on the Roles option on the left-hand admin panel.
Here you will see a full list of existing roles on your site. It will tell you if the role is a custom role or a default one, as well as if it has admin access. In this case, let’s ignore this and just click on the “Add New” button at the top.
Note: You can use this area to delete user roles that plugins may have added that you do not want.
Here you can Enter the Role Name. There are not many other options here as you will use the User Role Editing section, we covered to edit the user role.
Once you have entered a name, be sure to click on the “Create Role” button to save it.
And that’s it. The user role you just created is a blank slate with zero capabilities. Refer to the previous section to learn how to edit a user role.
Now You Know More About WordPress User Roles
Taking a close look at user roles in WordPress will give you a sense of control, knowing who can do what. And knowing how to tailor those roles to individuals makes your life as a WordPress administrator much more manageable.
As I mentioned, incorrect permissions in the wrong hands can cause damage. The “wrong hands” are those of any user who doesn’t need to have permission. Make sure only trusted users have administrative permissions.
If you inherited a site with multiple users, you might want to set everyone back to a role with low-level permissions and start over. Granting more advanced roles to the users who need them.
How many users do you have using your website? What tools would you give to those who register an account?