Easy Guide To WordPress User Roles
So, you’re launching a new website (congrats!) or need to add people to your current site. You will want to think about how much access to give your team, agency and vendors. The level of editing rights and access a person has on WordPress can literally make or break your website. For our website design and maintenance clients at The Cannabiz Agency, we ask that you provide list of team members and what level of access each should have to your site. We created this guide to make it easy to understand the differences in WordPress user roles and determine what’s right for each stakeholder.
In summary, administrative (admin level) should be granted to the website owner and the develop of your website. (They can break things.) An editor role is the next level down and best for website managers because it allows the user to publish to your live site. A user with the contributor or author role has a restricted level of access to create content – perfect for a team of bloggers or junior staff that need to go through a review process. Here is an expanded explanation in our WordPress user roles guide.
What are WordPress User Roles?
WordPress is the best content management system (CMS) out there. Inherent in this powerful platform is a user role management system to define what a specific person can and cannot do on your website. These are five standard user roles on any hosted WordPress website:
Use this handy infographic to see what each can do at-a-glance. Keep reading for more detailed information and how we recommend using each role.
Image source: www.wpbeginner.com
The top role on your website is “Administrator”. It can do anything including adding new pages or posts, editing anyone else’s pages or posts (including deleting), and publishing anything live. Most importantly, the admin can install, edit, and delete plugins, change themes and access your website code. Admins can add new users to the site, change information about existing users including their passwords as well as delete any user (including other administrators). This is the role that hackers go after in order to compromise or take down a website.
This important, powerful role should always use a secure password. Admin access should be granted to site owners, your site developer or front end designer, and trusted tech savvy admins. Always remove past employees and vendors from this role immediately when they transition off your team. If you are working with trusted vendors, agencies or contractors; providing admin level access is normal and required for them to do their job.
The “Editor” role is the second most powerful in WordPress because it grants full control of content on your website. Editors can add, edit, publish, and delete any page or posts on a WordPress site including ones written by others. An editor can moderate, edit, and delete comments. They can also manage a team of “Contributors” to edit and publish posts live that are drafted for review. Editors cannot change website settings, install plugins and themes, or manage users. We recommend granting the editor role to people who are savvy about your brand standards and your organization’s process – such as online marketing managers, editorial managers, the marketing team or vendors providing content services.
The “Author” user role can write, edit, delete and publish only their own pages and blog posts that they create. When writing posts, authors cannot create blog categories, they can choose from existing categories giving editors and admins the power to manage this at the top level for the website. Authors can upload photos and media. They can, however, create new tags. The author is limited in their power to manage the website in the broader picture, for example they can view live or pending review comments, but they have no moderation power to manage comments. The author role does not of course have access to change, delete or break anything on your website settings, plugins, or themes. We typically utilize the author role for content admins or blog writers who can be trusted to publish pages and their own posts with it being held for review.
This is among the user roles with the least risk. A “Contributor” can add new posts and edit their own posts, which are held in draft for review by an editor or administrator. They cannot publish posts live nor do they have access to edit other user’s pages or posts. Like authors, they cannot create new categories and must choose from existing categories, and they can add tags to their posts. The biggest workflow limitation of this role is that they cannot upload to the media library, preventing them from adding new images to their post. They do not have the power to moderate comments, access website settings, plugins, or themes. We reserve this role for content contributors in training, interns, or stakeholders in the organization who require review (and maybe some tech support and formatting, too) before their blog is published live. For example, the sales team may want to write for the blog – great! – put them in the review process so the marketing lead can ensure everything is on strategy and A-OK before publishing.
Sorry “Subscriber”, you are the least powerful role in WordPress. But we still need you! Keep reading. The subscriber user role allows others to login to your WordPress site to update their profile, change their password, and participate in other features you build for visitors. They cannot create pages or posts, view comments, or do ANYTHING else inside your WordPress admin. Why do we use it? This is the perfect role for marketing features to website visitors such as customer care, shopping, forums, or downloading or uploading files. Marketers love it because it offers a way to capture customer data. For example, you would use it for a community website, a customer portal, and any other login only sections of a site.
Yes, there is sixth role to consider called “Super Admin” and it has super powers. If you run WordPress Multisite Network this user can add and delete sites. They can install plugins and themes, access code, add users, and perform network wide actions on multi-site. They are all-powerful creators. Like an administrator, you will want to reserve this role for website owners and trusted developers.
Can I Customize User Roles?
Did we mention WordPress is the most awesome, bestest CMS in the universe? Because it is an open source platform, developers freely create all kinds of capabilities to expand the capabilities of the base platform. It’s called plugins. And, most of these added features ARE FREE. You can create your own custom user roles in WordPress with your own set of capabilities by using a plugin. We recommend User Role Editor, a free and trusted plugin that is popular in the community.
Still have questions? Contact us and we’d be happy to help.