WordPress User Roles and Capabilities is how permissions are handled by the CMS aka Content Management System. These rules are what determines what a person can, and cannot do while either visiting your website, or logged into your site.
These user roles and capabilities determine if a person can install themes and plugins, publish posts or pages, edit posts and pages of others, or simply consume your content as a subscriber.
You can even create custom user roles with custom capabilities that enable a person to do something that falls outside the typical functionality of the default user roles. For example, you can create a specific role with the capability to download premium themes, plugins, or PDFs. The possibilities are endless.
Understanding the power of the various roles and capabilities is important to website owners and also WordPress Theme & Plugin Developers. Checkout this article on WordPress Theme Development with DevWP.
WordPress Roles Explained
A Role defines the capabilities a user has on your website. The role assigned to a user determines what they can actually do on your site. More than one user can have the same role and the capabilities that come with that role. That’s why it’s important you properly manage the roles your users have.
WordPress Capabilities Explained
Capabilities are the actions or tasks a user can perform on your website based on their user role. Capabilities are groupings of permissions assigned to a role.
For example, a user with the Administrator role can install themes, plugins, assign roles to others and more. A user with the role of Author can only publish and manage their own posts. An Author cannot install themes or plugins. An Author cannot edit the posts of others.
There are 5 user roles in a standard WordPress installation, and 6 user roles for an advanced version of WordPress called Multisite. WordPress Multisite enables you to have a network of sites which opens up a lot of opportunities which I cover in another article on WordPress Multisite.
These are the 5 Roles in a standard WordPress Installation:
The Sixth Role used by a WordPress Multisite is called a Super-Admin role.
In researching this topic, the ultimate best source of information comes from the WordPress Documentation which I urge you to take a look at.
The purpose of this article is to share my thoughts and insights on the various roles and how you as a website owner can use them to properly manage your content and site.
What is the Super Admin Role and what can they do?
The Super Admin user role is the Administrator of a network of websites and determine how other sites in the network function. The Super Admin is has the ultimate authority over the network of sites.
What is the Administrator Role and what can it do?
The Administrator is someone who has the ability to govern what happens on a single site WordPress installation. In a standard installation, the Administrator is the most powerful user role and needs to be properly secured to ensure the safety of your website and your site members and visitors.
As the owner of a website, you should have two user roles. You should have your main Administrator role which enables you to perform all tasks on your site, but you should also create an Editor role for yourself so you can login and only perform the tasks which you intend to handle, particularly writing and editing articles.
The reason for this is the security of your website. By only logging in as an editor, if for whatever reason your editor credentials get discovered by another party, they would only be able to perform the actions allowed by an editor on your site.
You should also ensure that the Administrator account is secured with more than one layer of security such as:
- 20+ characters in upper and lower case, and includes special characters and numbers.
- Multi-factor Authentication which will ensure that even if your credentials get discovered by another party, they wouldn’t be able to access your account without the other means of authentication.
Checkout this article if you want to learn more about how to secure your WordPress Website.
Or watch the video.
What is the Editor Role and what can they do?
The Editor Role is a powerful role that gives the user the ability to edit and publish the posts and pages of others (below the editor role).
The editor role should only be given to a trusted person, who is contractually obligated to ensure the content meets your editorial guidelines.
What is the Author Role and what can they do?
The Author role is used by those who have the capability to publish and manage their own posts. They can’t publish pages, and they can’t edit posts published by others. This is an important role and should be given to a person who needs the ability to publish new articles or blog posts on your website.
What is the Contributor Role and what can they do?
The Contributor role is assigned to someone who can create their own posts, but they can’t publish posts. Contributors need to submit their posts for review by an Editor or Administrator.
This is a the role you want to assign to someone you’re adding to your team, but want to ensure that their writings meet your editorial guidelines. This role can be given to someone who is on a trial bases, and who might one day be assigned the role of Author. The Contributor role can also be given to a person who is a Guest Blogger for your site.
What is the Subscriber Role and what can they do?
A subscriber can really only manage their profile, and view your content. The subscriber role has the least capabilities and is basically used for people who want to be kept up to date on new content added to your site.
WordPress Plugins for User Management
There are several plugins that you can use to manage users on your site, and to see what that user can actually do on your website.
Members WordPress Plugin
The Members Plugin allows you to set permissions to restrict content on your website based on the users role. You can create new roles with this plugin can give it custom capabilities.
User Role Editor WordPress Plugin
The User Role Editor Plugin User Role Editor WordPress plugin allows you to change user roles and capabilities easy. Add new roles and customize its capabilities according to your needs.
View Admin As WordPress Plugin
The View Admin As Plugin will add a menu item to your admin bar where you can change your view in the WordPress admin.
Switch to other users without the need to login as that user or even switch roles and temporarily change your own capabilities.
User Switching WordPress Plugin
The User Switching Plugin allows you to quickly swap between user accounts in WordPress at the click of a button. You’ll be instantly logged out and logged in as your desired user.
WordPress Functions for Roles & Capabilities
There are several functions you can use to add or remove roles and capabilities without the use of plugins. These are just a few of the functions you can explore using.
- add_role() Adds a role, if it does not exist.
- remove_role() Removes a role, if it exists.
- add_cap() Assign role a capability.
- remove_cap() Removes a capability from a role.
WordPress Roles and Capabilities Recap
- There are 6 WordPress Roles in a Multisite Installation
- There are 5 WordPress Roles in a Standard Installation
- Capabilities are permissions assigned to a role
- Managing Roles and Capabilities are an important job for a website owner
- You can use plugins to manage roles and capabilities
- Assign Roles based on the capabilities you feel a user will need on your website
- A user should only have the capability to do their tasks and nothing more
Learning about WordPress User Roles, Capabilities and Permissions are an extremely important topic for website owners, theme and plugin developers.
Hopefully you found this article helpful, and if watching videos are your thing, then checkout this video I created on WordPress User Roles, Capabilities & Permissions.
Thanks for reading.