WordPress user roles and permissions

When it’s time to run a WordPress blog, not all users are created equal. Some will be able to do virtually anything they want, while others will have limited access to your site’s content, features, options, and settings. And there’s a good reason for that: you don’t want just anyone to have access to valuable information on the site.

For example, if you hire a writer, they don’t need to have access to themes and plugins. Or, if you allow users to sign up on your site just so they can leave comments and get a few extra perks, you don’t want them to start posting articles and changing their passwords, either. isn’t it?

WordPress User Roles

Fortunately, the WordPress developers have been creative enough to introduce the user role system. When creating a new account, you describe a user with one of the five predefined user roles. Depending on a role, this user will have different permissions and limited access to specific areas of the site. In the following lines we will show you the five user roles with the addition of Super Admin which only appears in an instance of a multisite.

1. Administrator (admin)

An administrator (also known as an Admin) is a person in charge of the entire WordPress installation. This user role gives you the ability to control everything; including installing new plugins, modifying WordPress themes, posting articles, removing content, etc. Admin is the most powerful user role on a regular WordPress site.

The admin can also assign user roles to any other person on a WordPress blog and is the only person who can upgrade and even delete the entire site.

A person who installs WordPress automatically obtains administrator rights.

The top ranked single user is Super Admin who is in charge of a multisite network (a system of interconnected WordPress blogs that work together under the same domain).

2. Editor

Just as an editor in a news magazine would be in charge of the content published in the newspaper, an editor in WordPress is in charge of all the articles and pages of a blog. This user role can control everything related to content.

This means that an editor can write, edit, publish, and delete posts and pages.

Usually, editors wait for authors and contributors to submit articles for review, check and edit them as necessary, then distribute them to the public. Editors can also have complete control over WordPress comments.

Since they are in charge of the content, editors do not have the ability to manage WordPress plugins and themes, or work with other settings.

3. Author

Authors are free to add new tags, but they cannot add new categories (they can only choose existing categories from the list). Regarding comments, authors can see all of them but do not have permission to edit comments.

This user role determines a person with the ability to write, edit, publish, and delete their own content and a person who can upload files without limitation.

Authors have a higher user level than contributors, but lower than publishers.

4. Contributor

This user role is very similar to that of the author, but it has even more limitations.

Contributors can create new articles and edit their own articles, but they cannot publish or delete them.

They can only submit posts for approval so that editors or administrators can publish them.

The biggest difference between authors and contributors is that the latter are not able to download media files. They can also select only existing categories and add new tags. Contributors are allowed to view comments but do not have the ability to edit or approve them.

5. Subscriber

Subscribers are the most limited user role in WordPress.

They can only log in to your site, access their personal profile, and change details and password.

This user role cannot work with posts, pages, comments, settings, or anything else on your site. Subscribers are the ideal user role to use when creating a membership site. Since you can decide to only allow logged in users to post comments on your site, you need a role with strict limitations. By choosing subscribers, you can’t go wrong as they will have the privilege of leaving comments, but they will be restricted from other areas of the site.

6. Super administrator

In some cases, administrators will want multiple websites on a single WordPress installation. From the outside, these blogs might look like individual WordPress installations, but they would actually be part of the multisite network.

In this case, Super Admin is a person who controls the entire WordPress website network.

In addition to all the administrator privileges that we already mentioned at the beginning, Super Admins can add new sites to the network, manage them and delete them. They can install themes and plugins that can be used system-wide, and also work with network-specific settings.

The super administrator will be listed among the available users only when you enable the multisite network, so don’t worry if you cannot see this user role.

How to manage users in WordPress

To see a list of all users who have accounts registered on your blog, go to Users -> All users in the administration menu of the dashboard. Here you can see all usernames, real names, emails, user roles and the number of messages assigned to them.

Manage WordPress users

As an administrator, you can hover the mouse cursor over any user so that you can edit or delete them. At the top of the list, you can see links dedicated to each user role group. So, for example, if you want to list publishers only, click on the appropriate link.

Bulk actions allow you to select multiple users at a time and change their user role by choosing it from the drop-down list.

Each user can manage their individual account. To do this, open Users -> Your profile link where you can change personal information, options and control the account.

How to add a new user

Adding new users to WordPress is relatively straightforward:

  1. Go to Users -> Add new
  2. Fill in the details (only username and email are required)
  3. Click on “Show password” to see the generated password or enter a personalized one
  4. Choose if you want to send an email with the account information
  5. Choose a user role
  6. Click on the “Add a new user” button
How to add new WordPress users

Your new user will now be included in the list of all users. If you have selected the option to send a notification email, this user will receive a message with account information. From the same email, your new user will be able to open the login page and change the password to something unique.

Custom user roles

Although WordPress developers have created user roles so that they can adapt to virtually any site, some people need custom functions. For example, you can allow your publishers to install plugins and control a few settings on your site.

Unfortunately, by default WordPress does not support the creation of custom user roles. But you can create them with the help of a plugin. One of these plugins is free Improved Capability Manager which will allow you to change permissions for any role, add new ones, copy existing functions and even add new functionality to existing users.

Improved Capability Manager


Managing user roles on your WordPress blog is a big job. After reading this article, you should be more informed about default user roles and how to assign them to users. If you want custom user roles, take a look at the free plugin which will let you control every part of every WordPress user role.

About the author

Smith Sunny

Add Comment

Click here to post a comment