WordPress User Roles – Who Can Do What, and Why?

Website security is a concern for both individuals and businesses. When we think about widespread data breaches, it’s easy to forget about internal security. Luckily, when you’re a WordPress user, your website comes with five different default WordPress user roles that help you, as the site administrator, control how individual users interact with each and every aspect of your website.

Sign up once for Instant Access to all Free Webinars

Understanding WordPress User Roles

A thorough understanding of the capabilities of these five different WordPress user roles will help you determine who belongs where. WordPress allows you to instantly assign or modify roles using the User Screen on your dashboard.

Administrator Role

The most important WordPress user role is the Administrator role. In fact, you can’t really do much on the site without one! Administrators hold the keys to any WordPress actions.

Administrators can perform different tasks through their dashboard, including changing the overall look of the website. This includes themes, modifying the core files, and adding, changing, and deleting other user’s roles. Admins have complete control over all content on their WordPress site.

There is an option to have multiple administrators, although many users feel their site works best with just one main admin or others who have the need for full access.

The admin role is very important – it determines the overall appearance and user experience of your site. As a site owner and creator, choosing an administrator to run your site is important to the overall success of the user experience.

Your Admin needs to be responsive and responsible, as they’ll manage not only the content but also the ability of users to interact with it. They’ll also ensure that your contributors have the appropriate permissions so that new content and media isn’t uploaded until it meets your high standards.

Some sites that are part of a multisite WordPress installation have a Super Administrator role that overlooks the entire network. For standalone WordPress sites, however, the Super Administrator role isn’t available.

Super Admin

The Super Admin role isn’t one of the basic features of WordPress. However, it can be extremely useful to have if you’re using the WordPress Multisite Network.

The Super Admin role is one that is assigned to owners of multiple sites. Theis gives them the capability to add and delete sites across their multi-site network, as well as install both standard and plug-ins and create themes unique to the needs of each site.

Super Admins can also manage users for each site – including adding individual admins for individual sites and perform network upgrades across all their sites. Finally, the Super Admin is able to perform the same actions on WordPress as regular administrators. They’re just the oversight for the functionality of all their sites.

Editor Role

For your content providers, assigning them to the Editor role is perfect. They will have access to all of the content on the site, including being able to add and change copy and photos, but they won’t have access to the “skeleton” – that is the frame of the site. Editors can’t access the themes, plug-ins, or widgets.

Editors are able to:

  • publish,
  • edit, or
  • delete any page on the site including the ones marked as private,
  • act as moderators,
  • removing comments and
  • facilitate discussion in your page’s comments section.
Editors can manage categories and links, but can’t add a new widget to a separate category – just manage the existing ones. There are almost unlimited permissions for editors to work with the content of the site, without disrupting the settings the site owner or administrator has put in place.

For an extra layer of security, and to ensure that the content of your site remains intact, it’s recommended that you create a new user on your WordPress blog in the “Editor” role. Even if you’re the only person publishing your blog. The extra security measure creates another layer of administrative oversight. There is a good reason for this. In most cases, those that are trying to hack your site – and anyone else who visits, even just to read the content – will see a byline on each post. For instance, “Posted by UserName” below each entry.

If a hacker sees your admin username as the publisher, they can use that information to conduct a “brute force” attack to gain access to your site. You don’t want this! However, if you use the Editor role to post content, it gives an added screening layer between hackers and your true Admin user identity. If your site becomes compromised, hackers won’t be able to access the sensitive information on your site.

Author Role

The WordPress author’s role differs from that of the editor. Authors can create their own content and posts, and even make changes to it, like the editor can. Authors may create, edit, and delete their own posts, but they can’t create, edit, upload, or delete actual pages on your site.

They simply work within the existing structure of the site and may not access anything created by other users, either. Authors may upload content to the Media Library, including files and photos, as well as delete anything that they have previously uploaded. Again, authors may only control the files they have uploaded, not ones that different users have created. Authors may also moderate comments on their own posts if they choose.

The Author role can be another layer of added security, as well. You may have many different content providers but group them together under the editor byline. Your authors can take some of the load off moderating comments, if your editors aren’t able to manage your site full-time, or if you have an active community.
Using an author, versus a contributor is a great move for sites that produce a lot of new content, as the authors can help ensure that users always find something fresh. If you publish a site with a lot of specialty or niche content, having several users in the Author role is also helpful.

They may be able to further clarify points that they addressed in their content by using the “comment moderation” feature. They can also interact and engage with your site visitors. This encourages users to stay longer on your site, view more content, and generally have a more positive experience than just looking at the content and leaving.

Finally, with multiple authors, you’ll have a library of content associated with each. If you need to remove a certain person or topic, you can easily access all their content together. Or, if you find that users tend to search for content written by certain authors, it’s easier for the admin to group it together for the users to find.

Contributor Role

The contributor role is similar to that of the author but designed for less experienced writers, newer members of your team, or guest posters. While contributors may create, edit, and delete their own posts prior to publication on the site, their content must be reviewed by an Administrator or Editor.

Contributors may not publish their own content, either – this is also part of the Editor or Admin role. Contributors are also blocked from accessing the Media Library, so if they want to use certain media pieces the Admin or Site Owner controls (such as images, videos, or audio files), they will need the assistance of the Admin or Editor.
Contributor roles are good to assign to new team members, or for guest authors on your blog that don’t regularly submit content. This helps you manage the tone and style of your blog.

Many WordPress blogs with diverse content, users with different interests, and those that like to have fresh perspective make frequent use of the contributor role. If you enjoy having a guest opinion, or if your site has content that encourages different points of view on a topic, then asking for guest posts or counter-opinions is where you’ll find the best use of the contributor role.

Contributors are more useful for those that have mostly text to submit, versus an author who may need to have frequent access to your Media Library, or who may need to link and reference previous content that they have written for your site. As a guest blogger or maybe as a corollary author to a post you already have, the contributor rule works best.

Subscriber Role

New users to WordPress are automatically labeled as Subscribers by default. When someone is in the subscriber role, they’re basically a site visitor with permissions to interact with your content.

Subscribers can read your site, post comments (which are subject to moderation by Authors, Editors, and Admin), and create a unique user profile through the WordPress dashboard. Subscribers have no other permissions, and cannot edit settings or content on your site.

As a WordPress Admin, you can make it easy for site visitors to register and keep up with new content posted to your site. Make it easy for new users to register by first checking the “Anyone Can Register” box.It’s found by choosing Settings, then general, the membership.

Next, create a Meta Widget, adding it to your site’s sidebar. Choose this from Appearance, then Widgets. Now, readers can easily register for your site, and you can collect information about your readerships likes and dislikes.

Flexible and responsive

The admins are free to modify a WordPress user role at any time. If your Authors are becoming regular contributors, you may change them to an Editor role, to save time uploading their content. New users are automatically subscribers, so if you’re moving a new person into a content creation role, you’ll be able to assign them to the role from there.

If you need an Editor to fill in your responsibilities, or if you need extra help, you simply choose the Users tab on the WordPress dashboard and change that person’s role to Admin. You can change it back at any time.

The Collaborate Tool

There’s a special tool that you can use to help you manage the different WordPress user roles on your site. If you’re using ManageWP to update one or multiple sites, then there’s a very functional way to control user access on each of your sites.

Using the “Collaborate” tool, you can add other people to your company or network to help you maintain the site. Thie feature also allows you to give users full access or read-only access to different parts of your site – useful for those that you just want updating content or moderating comments, as well as decide which of your sites they can access.

For instance, you may have authors that contribute across multiple sites, with different specialties. Or, you may have one executive editor that you have in a role strictly to ensure that the overall appearance and connect of your sites meet your high standards.

The Collaborate Toll feature is also very useful for WordPress developers, or for those that design and manage sites for clients. As the designer and developer, you can give your clients access to the ManageWP dashboard for their individual site.

This gives them access to their site while it’s under construction or when you’re changing themes, plug-ins, and establishing the structure of the site. And when you want the clients to be able to follow the rock you’re doing without accidentally “breaking” part of it.

When you understand and are able to fully use the default roles for WordPress, you’ll have a much better handle on your site’s overall security, as well as be able to keep all your registered users organized.

If you wish to control or need to define new WordPress user roles with custom permissions that suit your site’s needs better, then you may need the Capability Manager Enhanced plug-in. This allows you to manage existing WordPress roles, change the capabilities of any role, and add new, custom roles.

And if you just need to bring on another person to maintain your site or want your clients to know what you’re doing, consider signing up for ManageWP and using the Collaborate tool to control user access to your site.

Summary
Understanding User Roles on WordPress - Who can do what, and why?
Article Name
Understanding User Roles on WordPress - Who can do what, and why?
Description
When we think about widespread data breaches, it's easy to forget about internal security. Luckily, when you're a WordPress user, your website comes with five different default user roles that help you, as the site administrator, control how individual users interact with each and every aspect of your website.
Author
Publisher Name
Ballen Brands
Publisher Logo

Learn How to Get More Real Estate Leads

Leave a Reply