Disclosure: This content is reader-supported, which means if you click on some of our links that we may earn a commission.
As you grow your WordPress site, you’re going to get to a point where you can’t manage everything yourself. Sometimes before you realize you need them, you find yourself needing to assign WordPress roles to editors, writers, or even additional site managers. But what are these roles, and how do you know who should perform them? Today, we’ll go over everything you need to know about WordPress roles and permissions, from quick starting tips to how to handle roles long-term.
Why WordPress Roles Are So Important
WordPress roles determine what different users can and can’t do whenever they log onto your site. Generally, WordPress provides you with the following user permissions:
There’s also one additional user permission called Super Admin, which has access to a larger network of WordPress sites, though this one is only available on a WordPress Multisite Network.
Here’s a quick breakdown of each role, what their default permissions are, and why they can be important to your site.
You can think of the Administrator WordPress role as the all-seeing eye in the sky. Administrators can change just about anything on your site, assign roles and permissions to anyone they want at any time, and moderate comments as they see fit. They can also modify, delete, and install plugins at their leisure and alter site settings to their liking.
In short, it’s the most powerful WordPress role you can assign any user. It’s also the role that you are most likely to play yourself and/or assign to your most trusted WordPress advisors. This is logical, since it’s your site and you want the final word on what happens on it.
Editors can do exactly what their name might suggest. They can moderate comments, create their own content, and edit or delete content published by other roles.
However, Editors are limited in what they can do as far as modifying the actual settings of your site. Editors can’t change your site’s theme, add roles, modify site settings, or install plugins.
Your Editor will most likely be your main site manager and/or content manager. They don’t mess with your back end, but they handle everything content-related for you.
Authors are able to edit, write, delete, and publish their own posts, but that’s it. They can’t modify, manage, or moderate anything about the site. A good example of an Author is a member of your team responsible for creating and uploading regular content.
Contributors can create and edit their own content on your site, but not publish it themselves. They also can’t delete or edit content created by anyone else, and they also can’t modify or moderate anything on the site.
A good example of a contributor is a regular guest blogger or poster on your site. Their content is important to your messaging, but they’re not responsible for actually posting it.
A Subscriber role is the most limited role you can assign through your website. Subscribers are usually members of your audience who have access to limited or restricted content that regular site visitors don’t (until they subscribe). All a Subscriber can do is access that content and manage their own profile.
Now, why are WordPress roles so important? On top of creating a management tree for running your site, WordPress roles ensure the site’s safety. With assigned roles, you know exactly who has permission to do what and who makes any changes when. This avoids confusion and any possible trouble in the long run, especially as your team grows.
Quick Tips to Improve How You Manage WordPress Roles Today
Now, there are plenty of WordPress plugins you can use to modify WordPress roles, though some are easier to use than others. A great option is the User Role Editor plugin.
It’s constantly being updated and has over 700,000 active users. Once you upload it to your WordPress plugins, you can modify your user roles and capabilities with ease. We’ll look at the following tips as they’d appear in User Role Editor.
Customize Specific Role Permissions
From your WordPress dashboard, once you’ve successfully uploaded and activated the User Role Editor plugin, navigate to Users then User Role Editor.
At the top of the dashboard under Select role and change its capabilities, you can choose the role you want to edit. From there, you can get pretty granular in terms of what permissions you want to add or disallow with the checklist right under it.
Let’s say you want to change the permissions for the Contributor role. You’d navigate to Select role and change its capabilities and select Contributor. To make it easier on you, you can also check off the Show capabilities in human-readable form to make each permission easier to identify.
From there, you can use the Group column to group similar permissions together to make them easier to navigate and check off. You can also use the additional filter to filter through specific permissions.
I went ahead and added permissions for the Contributor role to be able to activate plugins, create users, and delete landing pages. Once I hit the update button, I see a message asking me to confirm my new permission changes.
Delete The Subscriber Role Completely To Avoid Spam Registrations
Have you ever noticed strange new users on your User list? That’s because your WordPress site automatically allows any users that come across your site to create their own Subscriber role.
Though this role is pretty limited in terms of what it can do, it can create a bunch of spam registrations on your WordPress site that you simply don’t need. Thankfully, there’s an easy way to disable this setting.
Once you’re signed in to your WordPress dashboard and you navigate to Settings then General, you’ll be met with a set of options. Under Membership, simply uncheck the Anyone can register option and you’re set.
Default To Minimum Access For Most Users
When it comes down to it, most of your site users don’t need access to a ton of site permissions. Most of them can get away with a contributor role if you need them to log in and upload their own content for you to publish.
The higher up you go in terms of permissions, the higher the risk you’re taking. You want to withhold administrator positions to only a handful of your most trusted team members for good measure.
You can even create a contract for higher-level users beforehand where you outline what the repercussions can be if they misuse their position. If that interests you, we’ve researched the best contract management software as well.
Long-Term Strategies for Managing WordPress Roles
For good measure, here are a few additional tips you can try on for size when you’re thinking about the long-term maintenance of your WordPress roles and permissions.
Modify Your New User Default Role
If you’re adding new users to your site in bulk, setting a default user role makes it easier to add roles without being afraid you’ll accidentally allow them the wrong permissions.
To set a default permission, from your WordPress dashboard, navigate to Settings, then General and you’ll be met with a set of choices. Under New User Default Role you can toggle a list to choose your preferred default role.
Once you’ve made your changes, make sure you scroll down to and hit Save to save your changes.
It’s important to keep in mind that once you add certain plugins, they add new user roles to the list of default roles you can assign. This explains why you might see some extra roles in your list.
To get more information about what certain roles that come attached to plugins can do, you should consult that plugin’s user directions or knowledge base in case you want to use the role properly. You’ll want to be informed about what permissions come with such roles.
Make Sure Your Plugin Is Updated
This can seem like a no-brainer, but if you’re using a WordPress plugin to customize your roles, you’ll want to make sure your plugin is updated. Depending on your WordPress settings, WordPress can do this automatically in the background.
However, if your update settings are set to manual, you’ll want to navigate to Plugins from your WordPress dashboard and click on the update notification for your plugin to ensure it’s up to date and compatible with the latest version of WordPress.
Delete Any Old Roles That Aren’t Active
If you’re managing a growing number of site permissions, it can be good practice to periodically take the time to erase roles that are no longer active. This helps you keep your list of roles clean while only including active roles.
To delete old roles, from your WordPress dashboard, navigate to User where you’ll be met with a list of users and their assigned roles. To delete an old role that is no longer active, simply navigate and hover over the user you want to delete and click on the Delete option. Once you confirm your intentions to delete the role, you’re all set.
Be Deliberate About Who’s In Charge Of Assigning Roles
Let’s say you’re running a huge site that publishes tons of content daily. Properly assigning and keeping track of user permissions can become a real zoo if you aren’t deliberate about exactly who is in charge of changing, adding, or modifying roles.
This is especially true if you have quite a few Administrator roles since they all have the power to add or delete roles as they see fit.
Being deliberate about assigning one or two Administrator roles the job of adding, modifying, and even periodically erasing inactive roles can help save you a ton of headaches in the long run. It’ll help you keep accurate track of who has been assigned roles with what permissions. Going forward, a simple meeting or team-wide email getting everyone on the same page can do the trick.
You got this far, which means you know all about each WordPress role as well as tips and tricks to best handle them. What now? Well, WordPress has built quite the expansive site-building universe, so there’s always plenty to learn.
One of our best WordPress guides teaches you how to optimize your WordPress site to the heavens. This other one, however, teaches you everything you need to know to speed up your WordPress website, which as you probably know is an important part of optimizing your site for SEO.
If you’ve been wondering about what the best WordPress hosting is, this guide walks you through the best options according to your specific situation.
Finally, this guide would be incomplete without mentioning our Crazy Egg WordPress plugin. It helps you take a closer look into what users actually do once they land on your website by showing you everything from heat maps to click reports.