Understanding User Roles and Permissions in WordPress

Understanding User Roles and Permissions in WordPress

The goal of this WordPress Guide is to help those who have decided to create a new user in their WordPress installation. This is not a comprehensive and exhaustive list of features of each default user role, but this is a quick reference that can be used to answer the common question What user role should I assign this user account I am creating in WordPress?

Did you know? It is possible to create custom user roles in WordPress.

WordPress Default User RolesThere are 5 default user roles that ships with your WordPress installation. In this guide, we will quickly cover what these roles mean to your new user, what they can do on your WordPress dashboard (permissions) and help you decide which role to select.

With no further delay, let’s get started.

Subscriber User Role

This user has no additional rights to your WordPress dashboard. They can only read your posts which is also traditionally available to unregistered users as well. Typically, this role is often assigned and used by membership plugins and, if you so choose, will also be assigned to users when you open registrations under WP Dashboard > Settings > General > Membership (check) Anyone can register.

If you want a higher degree of control on your website, you can disable commenting to unregistered users and require registration which would also take advantage of the subscriber role. We recommend keeping commenting available to everyone and use our guide to help control comment spam should that be an issue.

If you are manually setting up a user on a WordPress site that doesn’t have additional membership software, you’ll likely not need this role.

Contributor User Role

This would likely be the default role you’d assign to a new writer on your website. They can write and manage their own posts but can only submit those posts for review by an Administrator or an Editor.

When a Contributor creates a new post on your website, they will see a blue Submit for Review button instead of a Publish button. There will be no illusion that what they write will automatically appear on the site without first going through an approval process.

Author User Role

  • Can write posts.
  • Can publish their own posts.
  • Can edit their own posts.
  • Can manage comments received to their own posts.

If you plan on establishing a review and approval workflow that all authors will submit content and then get approved by an Editor, you do not want to use the Author user role, instead, you’d place all authors under the Contributor role.

Otherwise, if you do not want an approval process and allow your writer(s) to directly publish content on your website without editorial control, you’d set them up under the Author user role.

Editor User Role

Before assigning anyone to Editor or Administrator on your website, Top Five Advisor highly recommends setting up some sort of automated daily backup solution to protect your data. If an employee that has an Editor or Administrator role goes extremely rogue and decides to delete all of your content, you need to have a backup solution in place to quickly restore the data and kick that employee out of these positions on the site. Some WordPress hosts like WP Engine have backup automatically configured without needing additional plugins or services so check with them first.
  • Has no control over your WordPress site configuration.
  • Cannot create users.
  • Has complete control over all content including administrators and all contributors.
  • Can edit, approve, deny, or delete posts or pages.
  • Full comment administration control.
  • Can manage categories, links and use HTML markup or JavaScript inside posts.

As you can see, the Editor role has a lot of power over your website and should only be assigned to people that you trust. You would assign the Editor role to someone as part of a review and approval workflow with the Editor being the one who approves all content submitted by Contributors.

Administrator User Role

  • Typically the blog owner.
  • Has complete access to all WordPress features.
  • Can be assigned to trusted technical partners.

If you are currently running your WordPress website (which is likely why you are on this guide in the first place), you are already familiar with the Administrator role because that is exactly what your access login is.

If you add another user as an administrator, they will have the exact same rights as your account including the ability to delete any users (including your own administrator account).

There is another role that most won’t see or have access to and is the Super Administrator. This is an administrator of a WordPress Multisite / Network setup that has multiple sites installed under a single WordPress database. The large majority of WordPress sites do not use or need WordPress Multisite and is beyond the scope of this guide.

About Scott Buehler

Scott is the owner and founder of Top Five Advisor. He specializes in business to business products and services. He offers digital marketing services to any local business that wants to drive traffic and customers from the Internet including search, pay per click and social media marketing. This page is maintained by Scott Buehler.