How to manage WordPress user roles

For a website to run smoothly and without complications, each user must understand their respective tasks and admin rights. With WordPress, user roles are easy to set up and maintain. We’ll show you how to manage WordPress roles, which roles exist, and what you should consider when setting them up.

WordPress roles define user rights and access permissions for a website. The number of tasks on a website can be huge, but beyond posting content not every single employee may be authorized to make changes to the page’s settings, for example. User roles can range from creating new posts to adding other users to installing a plugin. It’s usually a good idea to ensure everyone understands their respective tasks and thereby prevent inadmissible behavior right from the start.

Say you’re developing a website for a client. You’ll want them to be able to access their content, but not necessarily have permission to modify a theme. WordPress roles work in a similar way. An editor does not need to and should not be able to access plugins; however, employees in charge of adding visual content or modifying posts will require the appropriate access. A well thought-out and stringent division of WordPress role permissions, rights and clearly communicated duties ensure smooth processing and more effective and safe working.

Some five or six different user roles can be defined in WordPress. It is important to distribute tasks sensibly from the get-go and issue permissions accordingly.

Every website has an administrator by default. This person has all permissions, access to all capabilities, and gets to assign WordPress role permissions. The admin adds or deletes new users, installs updates or plugins, changes themes, and has control over the entire site. The administrator role should be assigned to a user well-suited to this kind of responsibility; someone who is trustworthy and reliable and able to maintain a good overview of all operations. It is also recommended that only one person act as an administrator and access is protected by means of a .htaccess password.

Editors are responsible for publications on the site. A WordPress editor can create, change, publish, and delete posts and pages. This also applies to posts and pages created by other users. So the main task of an editor is to oversee the content across the website and supervise other users. On the other hand, editors cannot install plugins, themes, or updates

Unlike the two previous WordPress roles, the author is solely responsible for their content. Therefore, they can neither correct, nor publish or delete posts of other users. But an author can post, edit, and remove their own contributions and upload media such as images and videos. Authors can assign their posts to existing categories, but they cannot create their own categories.

The contributor is subordinate to the editor. Although they can write and create their own contributions, they must be published by an editor (or the administrator). Contributors have neither the option to change or delete their contributions afterwards, nor can they access the contributions of other users. This is ideal for external contributors or guest authors who contribute content, but cannot or should not take responsibility for the site.

Subscribers have no active capabilities or rights on WordPress Placeholder: WordPress E-Book for Beginners. They can only modify and customize their personal profile. However, they have access to all posts on the site and are allowed to read them. This model is suitable for users who should have access to exclusive content on the site. However, there is no collaboration on the content.

This WordPress role exists only in multisite systems. The Super Administrator has all rights and access to all websites of the network and is superior to admins of the individual sites. Only they can install themes, manage plugins, and even delete individual pages.

While the above WordPress user roles are standard, some plugins let you set up other roles with additional clearly defined tasks and capabilities. Examples include manager functions for stores or SEO editors.

WordPress roles are defined and assigned permissions in the backend.

1. First, click on “Users” in the menu on the left and select “Add New”.
2. In the user administration you can see which entries are required and which are voluntary.
3. The username is the first entry. This is not the user’s real name. For security reasons, the username should not hint at what the first or last name of the new user could be.
4. Enter their email address to share login data with the new user. Each address can only be used once.
5. Adding a first name and surname is optional. Leaving them blank means that posts will be published under the username. However, actual names tend to look more professional here.
6. Adding a website is optional. The respective user may wish to link to their personal website.
7. Passwords are auto-generated when you create new roles in WordPress. However, the first time a user logs in, they will be prompted to create a new password. To best protect your website and data, users should choose a secure password. To be absolutely sure, it is recommended to use a password tool for this purpose.
8. Finally, you can choose from the different WordPress roles and assign a position and thus appropriate permissions to the new user.

Admins can manage names, dates, passwords, or WordPress user roles or change individual entries in the web administration panel. To do this, simply click on “Users” on the left side and then “All Users”. Select the “Edit” option under the user you wish to edit or change permissions for.

Maintaining, keeping track of, and managing individual WordPress roles can be confusing and time-consuming, especially among large teams with numerous editors and authors. For this purpose, various WordPress plugins are available to customize roles and access rights and maintain an overview of permissions.

If a user no longer works for you or your website, you can simply delete them from the backend. This way you can maintain the order and ensure that the former employee no longer has access to the content of your site. To do this, click on “Users” in left sidebar and then on “All Users”. Place a checkmark beside the user you wish to delete and click “delete” from the dropdown menu at the top left under “Select action”.

Since you may wish to preserve content that the user has created, WordPress now gives you the option to assign posts to another user. Alternatively, you can delete all content of the user and click on “Confirm deletion”.