If you have grown your website to a size where you need help or want to allow contributors, you’re going to want to know about WordPress user roles and capabilities.
They are an essential tool for any website owner who wants to open up their site to work with editors, writers, moderators or contributors.
User roles and capabilities enable you to control who does what on the back end of your website. Much like roles and permissions allow you to do certain things on computers at work or college, the same applies with your WordPress website.
By intelligently implementing user roles and capabilities, you can allow others to contribute to your website without worrying about them damaging it, breaking it or otherwise doing what they shouldn’t.
We’re going to explain the different user roles and capability levels and how to implement them.
We’ll also show you some popular use cases so you get an idea of what types of scenarios work best for each.
- What Are User Roles and Capabilities in WordPress?
- Why You Need to Control User Roles and Capabilities
- WordPress User Roles
- How to Assign Roles to Users
- How to Assign Capabilities and Customize Roles
- How to Create New Custom Roles
- How to Remove User Roles From WordPress
- Five of the Best WordPress User Role Plugins
- Final Thoughts
User roles are collective terms for a series of capabilities, or permissions, assigned to users. They are given names that give you an idea of what role you might assign each.
Capabilities and permissions are the same thing. They control what a person can and cannot do on their website and are linked to their login. WordPress has a specific nomenclature for capabilities which we also include a sample of by each user role.
For example, a contributor has the capability to write posts but not publish them. An editor has the capability to edit posts from anyone and publish them. Similar to how the roles work in the real world.
The WordPress user roles are called:
- Super Administrator
As you can see, each role has been named to correspond with a particular job someone might do within a website.
Each has a specific set of capabilities set as default. You, as the website owner, can assign or remove each of these roles as you see fit.
As soon as you open up your website to others, you lose some control. As soon as you allow contributors, editors and authors to help you run things, there is a risk they may do something to damage the site, either accidentally or on purpose.
You can control that to a degree with user roles.
A user role helps keep your website secure by limiting what someone with that role can do. If you trust them, you can assign more capabilities. If you don’t know them yet, you can assign modest capabilities.
As long as the user has the capabilities to get their job done, the rest is entirely up to you.
For example, if you open up your website to user submissions, you don’t want to assign a random writer admin permissions so they can do whatever they like on the site.
You will want to restrict them to the author role first and then, perhaps, elevate their role once they prove themselves.
The other use of roles is to keep users focused.
For example, if you grant a writer the author role, all they can do is log in and write. There is no opportunity to wander around the back end of your website or get curious about what plugins you have.
They can only do what the corresponding role allows, which helps keep them focused.
Image credit (Wordfence)
Hello! My name is Sujay and I’m CEO of Astra.
We’re on a mission to help small businesses grow online with affordable software products and the education you need to succeed.
Let’s take a closer look at each of those WordPress user roles.
Aside from having a very cool name, the Super Administrator is responsible for running WordPress multisite networks. If you run several websites using WordPress Multisite, the Super Administrator is like an Administrator but for the entire network.
Super Administrators can:
- Do everything an Administrator role can do
- Add and remove websites within the multisite network
- Add and remove other users across the network
- Change or remove permissions for other users across the network
- Add, move or delete pages and posts across the network
- Modify or change themes and plugins across the network
- Take the website offline or into maintenance mode across the network
The WordPress Super Administrator role is one with a lot of responsibility. Yes, it has a very cool name but the entire network of websites is yours to control.
According to WordPress.org, the specific Super Administrator capabilities are:
Typical use cases for Super Administrators are to manage WordPress Multisite and everything that goes on within them.
The Administrator, or admin, is the main user in WordPress. The admin has permission to do almost anything on the website, from changing other user’s roles to adding permissions, changing the website theme, adding or removing plugins, deleting pages and posts and much more.
- Add and remove other users
- Change or remove permissions for other users
- Add, move or delete pages and posts
- Modify or change themes and plugins
- Take the website offline or into maintenance mode
As you can see, the administrator has a lot of power. If you give another person the administrator role on your website, you better be able to trust them!
The specific capabilities include:
Typical use cases for administrators include co-owners of a website, other staff within an organization responsible for running the website.
The WordPress Editor role is exactly what you might expect. Someone who can edit pages and posts on the website. They don’t have anything like the power of the admin but can add, change or remove pages and posts published by any user on the website.
- Add, change or remove posts and pages
- Create content
- Create categories
- Moderate comments
- Add, change or remove images or media from posts and pages
- Change internal and external links
The WordPress editor role is also a trusted position on a website. They can change anything about your pages and posts, including what they say. They won’t be able to make changes to how the website operates but they have a lot of influence over how readers experience your website.
Specific editor capabilities include:
Typical use cases for the WordPress Editor role is an editor or content manager for an organization with the responsibility for monitoring content and quality.
The Author role is another well-named WordPress user role. As an author you can create content for the website and add or remove the images that go with them. The permissions are similar to the editor, except authors can only work on their own content and not content submitted by other users.
- Create, edit or delete their own posts and pages
- Add, change or remove images or media from their own posts and pages
- Change internal and external links in their own posts and pages
Authors only have permissions to modify their own work. They will usually only see their own work from the WordPress dashboard too.
Typical author capabilities include:
Typical use cases for the author role include guest posters, new or junior staff members who require oversight before publishing or for websites who want to enforce strict editorial policies with oversight.
The WordPress Contributor role is similar to the author role but contributors cannot publish to the site. You will be able to create and write pages and posts but you can only submit them to the editor and not publish them yourself.
- Create pages and posts but not publish them
- Contributors can create and upload blog posts and pages but cannot add rich media, manage comments or publish their own posts.
Typical contributor capabilities include:
read Reusable Blocks
Typical use cases for the contributor role include user submissions, clubs or organizations that accept user-submitted content who want to check before publishing.
The WordPress Subscriber role is exactly what it says on the tin. The subscriber can access member-only areas of a website but cannot contribute or make any material changes to the site.
- Access member-only areas of a website
- Create an account and upload an avatar or profile
This user role is mainly used for subscription websites, LMS (Learning Management Systems) or other website types with member areas.
A contributor only has read capability.
Typical use cases for the subscriber role include LMS, membership websites, websites with forums and websites with premium content.
Assigning roles to users is very straightforward. You can do it as you sign up a user or change their role at any time. First, we’ll cover assigning a role to a new user and then changing the role of an existing user.
You will need to be a Super Administrator or Administrator to be able to make any of these changes.
To assign a role to a new user:
- Select Users and Add New from the left menu in the WordPress dashboard
- Enter the Username and details of the user
- Select the menu by Role at the bottom of the New User page
- Assign the appropriate role
- Select the blue Add New User button to create the user
That user will now show up in the user dashboard with the appropriate role in the table.
To change a role for an existing user:
- Select Users and All Users from the left menu in the WordPress dashboard
- Check the box next to the user you want to modify
- Select the ‘Change Role To’ dropdown menu at the top of the table
- Select the appropriate role from the menu
- Select the Change button next to that menu
The user role will now change to whatever you selected.
Now you have an idea of what user roles there are, let’s move on to capabilities.
You can change capabilities using the WordPress database or by modifying the WP_Roles file, but as always, there’s a plugin for that.
We use WPFront User Role Editor. It’s free, simple and gets the job done. There are other user role plugins, some of which we’ll list later on in this article.
Once installed, you can find the tool under the new Roles menu item you’ll see in your WordPress dashboard.
To assign a permission to a role, do this:
- Select All Roles under Roles in the WordPress side menu
- Select the role you want to assign a permission to in order to open the Edit Role window
- Select the permission you want to assign from within the Capabilities window by checking the box next to it
- Select Update Role at the bottom of the page
You have successfully assigned a new permission to a role. You can select multiple capabilities at once and remove capabilities by unchecking the corresponding box.
Adding a new user role in WordPress is also very straightforward when you use a plugin. You can create them manually with a little code wizardry but plugins make it easier.
To create a custom role in WordPress:
- Select Roles and Add New from the WordPress dashboard
- Name your new role where it says Display Name and Role Name
- Check the boxes next to each capability you want to add to the role
- Select the blue Add New Role button at the bottom of the page to add your new role.
If your new role is similar to an existing one, you can use the ‘Copy From’ action at the top left of the Add New Role screen. Select the role from the dropdown menu and select Apply next to it.
This will import the capabilities from that role. You can add or remove capabilities as required and then save the changes at the bottom. It’s a very simple process!
To properly remove a user role, you will first need to reassign any user within that role. Once done, perform the following steps to remove the role from your website.
Remove a user role in WordPress:
- Select Roles and All Roles from the WordPress dashboard
- Select a role from the table in the Roles screen
- Hover underneath until you see Delete
- Select Delete and confirm your choice
You should now see the roles table updated without the role you just deleted. It is that simple!
If you know WordPress well, you’ll probably find managing user roles easy. For the rest of us, plugins make short work of managing roles and categories.
If you’re like us and prefer to use a simple plugin, here are five of the best WordPress user role plugins you can use.
WPFront User Role Editor is a simple, no-nonsense user role plugin that makes it easy to control capabilities and roles within WordPress. It has a free and a premium version, both of which provide the tools you need to control every single capability within WordPress.
WPFront User Role Editor is free or $29.99 for a single site.
User Role Editor is another competent plugin for managing roles and capabilities. It has a basic free version that provides simple controls for assigning roles but you’ll need the premium version to change capabilities.
It’s another easy to use plugin that installs quickly and provides useful tools for managing users. It’s a shame all the good tools are locked behind premium though.
User Role Editor has a free version and premium that costs from $29 per year for a single site.
The Members WordPress Plugin is from MemberPress. It’s another very capable plugin that helps you control user roles and capabilities. This is a formerly premium plugin that is now free and includes lots of useful tools for managing users.
The plugin includes lots of permission options, role clone tools, integration with leading eCommerce plugins like Easy Digital Downloads and WooCommerce and some useful tools for if you run membership websites.
Members WordPress Plugin is free to use.
Advanced Access Manager, AAM, is another very usable plugin for controlling users and capabilities in WordPress. It’s simple to use, comes with excellent documentation, a simple dashboard to control everything and the tools you need to manage permissions.
There is a free and a premium version of the plugin with many of the core features you’ll need within the free version. That alone makes AAM worth considering. Premium adds extra security functions to enhance the core plugin.
Advanced Access Manager has a free version and premium costing from $39.
PublishPress Capabilities is our final recommendation for managing user roles and permissions in WordPress. It’s a fully featured plugin with a simple checkbox system to add capabilities.
The free version includes most of the tools you’ll need for managing users while premium adds extra permissions for plugins, navigation and post status.
PublishPress Capabilities has a free version and premium that costs from $69 per year.
User roles and capabilities are powerful methods to control what people can do on your website.
When your website is at the stage where you need a little help, there’s no need to worry about people messing things up. Assign the correct user role or customize an existing one to fit and you can rest easy knowing your website is safe.
Hopefully this article has provided the information you need to understand and fully utilize user roles and capabilities on your own website!
Do you use user roles and capabilities? Have you made custom roles as the default ones didn’t fit? Have any advice for assigning roles or capabilities for new website owners?
Tell us your thoughts below!