By default, there are 5 different user roles in WordPress. Each having its own permissions.
- Subscriber – Basic account, assigned to visitor who signs up on the website. Can only read or visit site.
- Contributor – Can edit and delete posts, but can’t publish them. Not allowed to upload media
- Author – Allowed to publish posts, upload media, approve comments. Don’t have access to website settings or publish pages.
- Editor – Does have access to some website settings and can manage user roles and settings of lesser authoritative roles. Can publish pages and edit them. Can’t add plugins or change theme or other website settings
- Administrator – Highest level of account with every permission to access website content or edit it. The default username is admin. For security purposes it is recommended to change the default admin user.
Below is a graphic that explains the user roles in WordPress briefly
One really important thing to understand before starting is that user roles should be assigned keeping in mind what user will be doing on the site.
Here is a look into the details of the management of User Roles in WordPress.
A subscriber role has the least website permissions. All this user role can do is login to your WordPress site and edit or update their user profiles. Within their profiles, they can only change their passwords. This user cannot create or edit posts or does not have access to the WordPress site’s dashboard.
Generally, this user role is beneficial when you require someone to login first to view posts or comments.
Contributors are users who can create and edit their own posts. They can add tags to their posts. However, they cannot publish posts and select categories of a post.
This role doesn’t have permissions to add media to their own posts, which is sort of a disadvantage as an editor or admin has to work on the post after it is submitted for review.
Contributors can view comments on their posts, they can reply to a comment but cannot approve or disapprove a comment delete a comment.
They also don’t have access to website settings like plugins or themes, hence cannot change any settings on the site.
As briefed earlier, an author can write, edit and publish posts. This user can also delete their own posts in case they are published.
Unlike contributors, who cannot upload media to the posts, an author can do upload media files to posts. Also they can select categories, an author can select categories for post, but these categories have to be added beforehand by an editor or an admin.
Authors can view comments on their posts, they can reply to a comment but cannot approve or disapprove a comment or delete a comment.
This user doesn’t have access to website settings like plugins or themes, hence cannot change any settings, making it a low-risk user, but has the ability to publish or delete their own posts.
The user role management in WordPress has provided us with an editor role. This is the second highest role in terms of permissions and has almost full content control on the site. This user can create, edit, publish or delete any WordPress posts or pages. An editor can also monitor/moderate comments.
An editor can manage post categories. It can add, edit or delete categories of posts.
An editor however, doesn’t have access to add or delete plugins or themes on the site. It also cannot add new users or manage them.
Lastly, the Administrator. This user role is the godfather of all roles. It is the most powerful user role of WordPress, hence should be given to someone carefully if you have to.
Users with their role set as Administrator have access to everything on your WordPress website. This user actually looks after the user role management in WordPress.
This role is basically for website owners and gives full authority over content and website settings. Apart from all the permissions of an editor has, an administrator can add or delete plugins, change between themes and most importantly, add new users roles, even an administrator.
They can also change password of users or even delete users including user roles as administrator.
There are user role editor plugins that allow you to change user roles in WordPress capabilities. ( Search “user role plugins in WordPress”)