Website security is a concern for both individuals and businesses. When we think about widespread data breaches, it’s easy to forget about internal security. Luckily, when you’re a WordPress user, your website comes with five different default WordPress user roles that help you, as the site administrator, control how individual users interact with each and every aspect of your website.
Understanding WordPress User Roles
A thorough understanding of the capabilities of these five different WordPress user roles will help you determine who belongs where. WordPress allows you to instantly assign or modify roles using the User Screen on your dashboard.
The most important WordPress user role is the Administrator role. In fact, you can’t really do much on the site without one! Administrators hold the keys to any WordPress actions.
Your Admin needs to be responsive and responsible, as they’ll manage not only the content but also the ability of users to interact with it. They’ll also ensure that your contributors have the appropriate permissions so that new content and media isn’t uploaded until it meets your high standards.
Some sites that are part of a multisite WordPress installation have a Super Administrator role that overlooks the entire network. For standalone WordPress sites, however, the Super Administrator role isn’t available.
The Super Admin role is one that is assigned to owners of multiple sites. Theis gives them the capability to add and delete sites across their multi-site network, as well as install both standard and plug-ins and create themes unique to the needs of each site.
Super Admins can also manage users for each site – including adding individual admins for individual sites and perform network upgrades across all their sites. Finally, the Super Admin is able to perform the same actions on WordPress as regular administrators. They’re just the oversight for the functionality of all their sites.
For your content providers, assigning them to the Editor role is perfect. They will have access to all of the content on the site, including being able to add and change copy and photos, but they won’t have access to the “skeleton” – that is the frame of the site. Editors can’t access the themes, plug-ins, or widgets.
Editors are able to:
- edit, or
- delete any page on the site including the ones marked as private,
- act as moderators,
- removing comments and
- facilitate discussion in your page’s comments section.
For an extra layer of security, and to ensure that the content of your site remains intact, it’s recommended that you create a new user on your WordPress blog in the “Editor” role. Even if you’re the only person publishing your blog. The extra security measure creates another layer of administrative oversight. There is a good reason for this. In most cases, those that are trying to hack your site – and anyone else who visits, even just to read the content – will see a byline on each post. For instance, “Posted by UserName” below each entry.
If a hacker sees your admin username as the publisher, they can use that information to conduct a “brute force” attack to gain access to your site. You don’t want this! However, if you use the Editor role to post content, it gives an added screening layer between hackers and your true Admin user identity. If your site becomes compromised, hackers won’t be able to access the sensitive information on your site.
The WordPress author’s role differs from that of the editor. Authors can create their own content and posts, and even make changes to it, like the editor can. Authors may create, edit, and delete their own posts, but they can’t create, edit, upload, or delete actual pages on your site.
They simply work within the existing structure of the site and may not access anything created by other users, either. Authors may upload content to the Media Library, including files and photos, as well as delete anything that they have previously uploaded. Again, authors may only control the files they have uploaded, not ones that different users have created. Authors may also moderate comments on their own posts if they choose.
They may be able to further clarify points that they addressed in their content by using the “comment moderation” feature. They can also interact and engage with your site visitors. This encourages users to stay longer on your site, view more content, and generally have a more positive experience than just looking at the content and leaving.
Finally, with multiple authors, you’ll have a library of content associated with each. If you need to remove a certain person or topic, you can easily access all their content together. Or, if you find that users tend to search for content written by certain authors, it’s easier for the admin to group it together for the users to find.
The contributor role is similar to that of the author but designed for less experienced writers, newer members of your team, or guest posters. While contributors may create, edit, and delete their own posts prior to publication on the site, their content must be reviewed by an Administrator or Editor.
Many WordPress blogs with diverse content, users with different interests, and those that like to have fresh perspective make frequent use of the contributor role. If you enjoy having a guest opinion, or if your site has content that encourages different points of view on a topic, then asking for guest posts or counter-opinions is where you’ll find the best use of the contributor role.
Contributors are more useful for those that have mostly text to submit, versus an author who may need to have frequent access to your Media Library, or who may need to link and reference previous content that they have written for your site. As a guest blogger or maybe as a corollary author to a post you already have, the contributor rule works best.
New users to WordPress are automatically labeled as Subscribers by default. When someone is in the subscriber role, they’re basically a site visitor with permissions to interact with your content.
Subscribers can read your site, post comments (which are subject to moderation by Authors, Editors, and Admin), and create a unique user profile through the WordPress dashboard. Subscribers have no other permissions, and cannot edit settings or content on your site.
Next, create a Meta Widget, adding it to your site’s sidebar. Choose this from Appearance, then Widgets. Now, readers can easily register for your site, and you can collect information about your readerships likes and dislikes.
Flexible and responsive
The admins are free to modify a WordPress user role at any time. If your Authors are becoming regular contributors, you may change them to an Editor role, to save time uploading their content. New users are automatically subscribers, so if you’re moving a new person into a content creation role, you’ll be able to assign them to the role from there.
If you need an Editor to fill in your responsibilities, or if you need extra help, you simply choose the Users tab on the WordPress dashboard and change that person’s role to Admin. You can change it back at any time.
The Collaborate Tool
There’s a special tool that you can use to help you manage the different WordPress user roles on your site. If you’re using ManageWP to update one or multiple sites, then there’s a very functional way to control user access on each of your sites.
For instance, you may have authors that contribute across multiple sites, with different specialties. Or, you may have one executive editor that you have in a role strictly to ensure that the overall appearance and connect of your sites meet your high standards.
The Collaborate Toll feature is also very useful for WordPress developers, or for those that design and manage sites for clients. As the designer and developer, you can give your clients access to the ManageWP dashboard for their individual site.
This gives them access to their site while it’s under construction or when you’re changing themes, plug-ins, and establishing the structure of the site. And when you want the clients to be able to follow the rock you’re doing without accidentally “breaking” part of it.
If you wish to control or need to define new WordPress user roles with custom permissions that suit your site’s needs better, then you may need the Capability Manager Enhanced plug-in. This allows you to manage existing WordPress roles, change the capabilities of any role, and add new, custom roles.
And if you just need to bring on another person to maintain your site or want your clients to know what you’re doing, consider signing up for ManageWP and using the Collaborate tool to control user access to your site.