In WordPress, user permissions define what each user role can and can’t do on your website. By default, five user roles are offered, and you assign a role to each user so they can perform the tasks they need to do.
This means that some users can have full control over your website while others only have permission to view your content. Most users will have access somewhere in between.
As your website grows, it’s important to become familiar with user roles and permissions.
What Are User Permissions in WordPress?
User permissions allow you to maintain complete control over your WordPress website while limiting the access other users have. You should limit them to only those capabilities they need for their role. Doing this the right way can help improve your website security.
When you think about it, there are a lot of very different tasks that need to be performed on a WordPress website so that it can run smoothly. These are known as ‘capabilities’, and WordPress has over 70 of them. Here are some examples:
- Installing WordPress plugins
- Add new blog posts
- Editing other users’ blog posts
- Publishing and scheduling content
- Moderating comments and deleting spam
- Deleting or unpublishing content
- Adding new users
However, you don’t want every user on your site to have complete access to your website so they can perform all of these tasks. For example, you wouldn’t want a guest blogger to be able to install plugins or delete content.
WordPress comes with a user role management system. It lets you grant permission to specific roles to perform the capabilities that are needed for that role.
You can then assign the appropriate role to each user. To keep your site secure, you should never give a user a role with more capabilities than they need.
Let’s take a better look at which WordPress user roles are available.
WordPress User Roles and Permissions
In WordPress, a user is someone who is registered on your website so that they can log in with a username and password. Each user is assigned a role that defines the tasks they are able to perform on your website.
On a regular WordPress website, there are five user roles available by default, and a sixth role is available on multisite network. Let’s take a brief look at each of these roles:
- Subscribers can log in to your WordPress website, edit their user profiles, view published content, and no more.
- Contributors can add new posts and edit their own posts. They can’t publish posts, delete posts, or upload files.
- Authors can write, edit, publish, and delete their own posts, but not posts written by others. They can upload files and view comments, but not moderate comments.
- Editors can write, edit, publish, and delete posts written by themselves and others. They can upload files, create new categories, and moderate comments.
- Administrators have complete control over a website. This is the only role that can change site settings, install themes and plugins, add users, and other administrative tasks.
- Super administrators have admin access to every site on a WordPress multisite network.
You can customize the permissions that each role has, and even create new roles to meet the needs of your WordPress website.
To maintain your website’s security, you should give each user the role with the fewest permissions needed to do their job. In particular, avoid giving users the admin role. You should have as few admin users as possible.
How to Assign a Role to a User
If you have the administrator role on your website, then you can easily add new users and assign them a role.
First, you should navigate to User» Add New from your WordPress dashboard. Next, you should fill in the user fields with the new user’s information.
When you come to the ‘Role’ section you can choose the appropriate user role for that user from the drop down menu.
Once you’ve done this, the new WordPress user can log in and will have the capabilities that have been assigned to their particular role. You can change their role at any time by visiting Users » All Users and selecting a different role on their user profile.
For more details, see our guide on how to add new users to your WordPress blog.
How to Customize WordPress User Roles and Permissions
The default WordPress user roles have capabilities that will work for most WordPress websites and blogs.
For example, if you run a magazine website, then the ‘Editor’ role can be assigned to senior staff, the ‘Author’ user role to junior staff, and the ‘Contributor’ role to guest writers.
But sometimes you might want to customize the permissions and capabilities assigned to the role for the specific needs of your website. You can also create new user roles with specific combinations of permissions.
There may be times you wish to add permissions to a user role. For example, you could let contributors edit their posts after being approved.
Alternatively, you may wish to take away some capabilities from a role. For example, you could restrict authors to a specific category or prevent authors from deleting posts.
You can learn more about how to customize existing user roles and create new ones by following our guide on how to add or remove capabilities to user roles in WordPress.
We hope this article helped you learn more about user permissions in WordPress. You may also want to see our Additional Reading list below for related articles on useful WordPress tips, tricks, and ideas.
If you liked this guide, then please consider subscribing to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.