Beginner’s Guide to WordPress User Roles
“WordPress User Roles” is one of the most heated topics in the niche. But there is a portion of people out there who have completely no idea what that is. Shockingly, some people don’t even know such things exists in WordPress. So, in this article, I’ll be providing you the insights through what exactly is user roles in WordPress.
One of the most prominent features of WordPress is the availability of different roles. Without understanding what capabilities the particular user role holds, you may not want to assign roles randomly. If that happens you know that can pose threat to your site.
So, let’s start with what is user roles in WordPress.
What are WordPress User Roles??
Simply, a role is a set of behaviors, functions, rights or obligations conceptualized by people to be performed in a particular situation. Thus, WordPress user roles can be referred to as the rights and authorities assigned to different users. It defines a set of specific permissions on what the owner and the users can do or cannot do within the site.
WordPress has defined 5 default user roles. When these roles are well understood then you can limit the access of Dashboard as per your requirement. So, let’s check out on each one of them in detail.
While installing WordPress a new user with the username and password is defined. That particular user is assigned the role of administrator. The administrator is given the access and full capabilities to perform all actions on a WordPress site.
The user who possesses the role of administrator can install, edit, and delete the WordPress themes as well as plugins. In the same manner, they can also add, edit, publish and delete any post by any users on the website. Thus, Administrator is the most powerful WordPress user role that provides you the overall control of your WordPress site.
You might be thinking what is Super-admin role now? In the case of a WordPress multisite installation, some of the capabilities of that of the administrator are assigned to the super admin. The super-admin, by default, has all the capabilities that an administrator has with the additional capability to handle not just the users but the admin as well. Hence, an administrator has the highest level of access (after super-admin if there is any).
Editor, by its name, we can analyze what capabilities the user with this role could possibly have. Well, the editor gets the full control over the content section of a WordPress site. They can write, edit, publish the posts and even delete them. Not just personal posts, they also have the ability to perform such activities on the posts by other users also.
Beyond that, they can also moderate, approve and delete contents. Moreover, their list of privilege also includes the accessibility to private posts and pages. However, there are some certain restrictions posed by this user role. The user with the editor role cannot access the WordPress settings, themes, plugins and/or widgets.
Since it is second most powerful user role in WordPress, thus, I highly recommend you assign this role to only the one you can fully trust.
Like its name, Author is one of the predefined WordPress user roles. The user with this role can write, edit and publish their own posts. Additionally, they can upload files into the media library as required and can also delete their previous upload. But they have no access to any of the posts created by other users. Also, they are allowed to create a post but not categories. Thus, they only have the option to select the categories available.
Moreover, the author can view the comments but cannot they neither moderate nor approve those comments. They cannot delete the comment as well. All in all, they have no access to the site management tasks. Thus, an author is one of the user roles in WordPress that comparatively in lower risks.
The user with the role of contributor can add and edit their own posts. However, they don’t have the authority to publish any posts, not even their own. The main drawback of the contributor is that they cannot even add the media files. That means, one with this role cannot add images to their own posts. Though some might even take it as a consolation, they can add tags to the articles. But they have no access to the settings, themes, and plugins.
This user role can be one the ideal choice for the WordPress site owners who want other people to come to their site and just write, nothing more.To be more precise, this role can be assigned to guest authors who fitfully submit their contents.
A subscriber is a role in which the user has the minimum access and limited capabilities amongst all the WordPress user roles. Unless the default capabilities are changed, the subscriber user role is delimited to creating and maintaining their profile on a WordPress website. Moreover, they can also change their passwords they wish to. But, they are not even allowed write and publish articles.
This role best fits the ones who are avid readers and actively commenting. Moreover, this user role can also be referred to as the users who have subscribed to a website to get the regular updates from the website.
Manage WordPress User Roles from User section
These default user roles can be assigned from your WordPress admin panel. Let’s check out how we can manage the user roles from the user section.
Firstly, login to your WordPress Admin Panel.
Then, navigate to Users> All Users.
After that, as shown in the image below you are provided with the option to change the roles of the users as needed.
How to create custom user roles?
As I said earlier, all the above WordPress user roles have the predefined parameters. And sometimes you might come across a situation where you need a user role that may not fit in with the parameters of the default roles. WordPress custom user roles allow you to customize all the privileges related to accessibility to the site as per the specific needs of your company. There are two methods of creating custom user roles. They are:
- Create, Edit or Delete WordPress User Roles Manually
- Using a Plugin to Modify WordPress User Roles
1. Creating WordPress Custom user roles manually
Though WordPress has some default user roles, it does not limit you to those predefined roles only. You also have an option to create your own custom roles. In addition, you can also delete any default user roles as required.
There are five basic WordPress functions that enable you to manage roles and capabilities easily and effectively.
- add_role(): Allows you to add a custom role.
- remove_role(): Allows you to remove a custom role.
- add_cap(): Allows you to add a custom capability to a role.
- remove_cap(): Allows you to remove a custom capability from a role.
- get_role (): Gets information about a role as well as the capabilities associated with the role.
So, let’s us now see how these functions are used to add the roles and capabilities.
In this article, we’ll create a user role “moderator” and define some capabilities for that specific user role. You can copy and paste the code and simply provide the user roles with suitable names to create other similar custom user roles.
Alright, now to add a new user role we use the add_role function which contains three parameters:
add_role( $role, $display_name, $capabilities );
- $role: Unique name of the role
- $display_name: name that is to be displayed in the WordPress Admin Panel
- $capabilities: Privileges that will be associated with the role
First, go to your dashboard. Then, Navigate to Users> Editor.
After that, select “Theme Functions” file that is under the theme files section on the right-hand side.
Then, add the code given below:
Finally, click on the “Update File” button. And, that’s it!
The image below might make the steps more clear.
However, using functions and writing codes shall not be a good idea for the newbies.
2. Plugins to Modify WordPress User Roles
Don’t want to take up all the stress to manually control all the user roles in WordPress? Not a big deal. Because we have plugins available for that too. Good news, isn’t this?
As I always say, WordPress offers an extensive range of outstanding WordPress plugins. However, we recommend User Role Editor Plugin for managing and controlling the user roles. This plugin allows you to add, modify and delete the user roles and capabilities very efficiently and effectively.
You can directly install this plugin from your admin area. If you need more instructions on installing a plugin then you can also either check out on our video tutorial on how to install WordPress plugins or you can opt for the article on installing WordPress plugins as per your convenience.
Here’s how we can customize the user roles using this plugin.
Activate the plugin and then navigate to Users>User Role Editor.
After that, select the user role from the top of the page. With this plugin, you can either create a new role or edit the existing one. Moreover, it also allows you to fill a selected role with capabilities which you need. Furthermore, you can assign new created roles or capabilities directly to the user.
Furthermore, if you wish to add a new role and define its capabilities or you want to delete any, you can easily perform the tasks through the main User Role Editor page. In addition, you can also make a copy of capabilities of the existing role for the newly created one. So, this option saves you from enabling the capabilities again.
Capabilities can be defined on a user level as well. In the user list page, you can see a capabilities option that will redirect you to the capabilities page in the WordPress user list page.
Having a detailed knowledge of the WordPress user roles and using them wisely is very crucial for improving site’s security. Besides, it is also very important in keeping the registered users and their roles organized.Hopefully, this article helped you all in understanding what are user roles in WordPress and what the users with the different WordPress user roles are allowed and not allowed to do.
But if you still have any confusions, feel free to leave a query down below in the comment section.Additionally, keep following our blogs as we’ll be adding more WordPress resources in the coming days.