WordPress User Roles 101 What They Are and How to Use Them

If youre the only person running your website, youve probably never had to think about WordPress user roles. However, if you ever need to give other people  access to your WordPress site, WordPress user roles are essential for controlling what actions the various users at your site are permitted to takeBy smartly applying WordPress user roles, you ensure that no one has more power than they need. And this helps make your site more secure and streamline your workflow.In this guide, well explain what WordPress user roles are and why they matter. Then well walk you through each default role before offering some tips on how to apply them effectively. Lets begin! User roles enable you to manage your website team effectively.WordPress user roles define what actions each user at your site is allowed to perform. These actions are called  capabilities. For example, the ability to publish a WordPress post is one capability, while the ability to install a new plugin is another capability.So at a simple level, user roles are just a collection of different actions (called capabilities) that a user with that role is allowed to perform.WordPress user roles are important because they:Help secure your WordPress site by ensuring that users dont have access to things they shouldnt have. For example, you dont want an untrusted user to have the ability to install new plugins on your site.Can help you define your workflows. For example, WordPress has pre-made user roles that you can apply to authors on your site to give them access to only the functionality they need to write WordPress posts.The six default WordPress user rolesOut of the box, WordPress includes six different user roles. Understanding each one is key if you want to protect your site and ensure your team works more effectively. Lets take a look at each of these roles in turn.Well also show you what the WordPress dashboard looks like from the perspective of each role.1. AdministratorThis is the role assigned to you when you create a website. The administrator is at the very top of the hierarchy (unless youre running a Multisite installation, which well discuss soon). In most cases, there is only one, and they are able to access all the functions of the WordPress backend.Administrators are able to do  everything. This user role can, in part:Create, edit, and delete any contentManage plugins and themesEdit codeDelete other user accountsAdministrator is the most powerful user role and should rarely be assigned to any other account.  If you give someone else this user role, youre essentially giving them the keys to the castle. So be careful!2. EditorAs the name of this user role suggests, an editor is generally responsible for managing content and thus has a high level of access. They can create, edit, delete, and publish both pages and posts – even those belonging to other users.An editor can also:Moderate commentsManage categories and linksHowever, they cannot make site-wide changes such as adding plugins and themes or installing updates. Instead, they are responsible for overseeing the work of authors and contributors.3. AuthorAn author has far fewer permissions than editors. They cannot edit pages and are unable to alter other users content. In addition, they lack any sort of administrative capabilities.What they can do is create, edit, delete, and publish their own posts (and upload media files). This makes their role pretty clear – authors are responsible for creating content, and nothing more.4. ContributorThe contributor role is essentially a stripped-down version of the author role. A contributor is only able to perform three tasks – reading all posts, as well as deleting and editing their own posts. This role is quite limited since it doesnt enable users to publish posts or upload media files. However, its ideal for one-time and new content creators.5. SubscriberSubscribers have only one main capability and their WordPress dashboard is usu ally incredibly bare. They can read all posts on the site (as well as manage their own profiles). Normally, anyone can read posts without being assigned a role, so not all sites will use this option. However, it comes in handy for subscription-based sites, where you want to enable access to content only for certain people.6. Super AdminFinally, wed be remiss if we didnt mention the  super admin role. This role only applies to Multisite installations – networks of connected WordPress sites. The super admin is responsible for the entire network and can make high-level changes such as adding and deleting sites. They can also manage the networks users, themes, plugins, and more. As such, their dashboard looks similar to a regular Administrator.When there is a super admin, the regular administrator role is somewhat modified. For example, regular admins on WordPress Multisite networks can no longer install, upload, and delete themes and plugins, nor can they modify user informati on. These capabilities are reserved for the super admin.As an example of how these roles interact, the super admin can decide what plugins to install on the network, and individual site admins can only choose whether or not to activate them.A deeper look at what the WordPress user roles can doIf you want a deeper, but less beginner-friendly, summary of what each WordPress user role can do, we recommend that you view the  Capability vs. Role Table at the WordPress Codex. It lays out the specific actions that each default user role can take on your site.How to apply user roles effectively on your websiteUnderstanding the various user roles is important, but so is knowing how to apply them correctly.Every site is a little different, but here are a few tips for making the best use of this feature:Give each user only the level of access they need. This is key for security, so no one can make unapproved changes or delete content accidentally.Keep the number of user roles at the top limi ted. A solid rule of thumb is to stick with one administrator and a few trusted editors. The Author role can be assigned to regular content creators who have proven themselves, and new or one-time writers can simply be given the contributor role.Try using plugins to customize your user roles. The default system is effective, but you may benefit from a plugin to enhance its functionality. User role plugins enable you to create your own specialized roles, alter the existing ones, and more. We recommend starting with the aptly-named User Role Editor.And always remember – when in doubt, its better to assign too few permissions than too many.ConclusionThe key to managing an effective team is clearly defining each persons role and responsibilities. Fortunately, WordPress offers a built-in way to do this. Through careful use of WordPress user roles, you can enhance security and efficiency on your site.First, youll want to make sure you understand the five (sometimes six) basic user roles in WordPress, and what each is capable of. Then, you can follow a few simple techniques to take advantage of this feature. For example, consider keeping your pool of top-level users small, only assigning what permissions are necessary, and using plugins to customize your roles.Do you have any questions about how WordPress user roles work? Ask away in the comments section below! An introduction to #WordPress user roles and why they matter