When you start with WordPress, your first concern is to create a website with an impeccable design that includes everything you want to offer your readers. Precisely for this reason, in previous posts we’ve already told you how to create and manage menus, widgets or even add new custom sidebars to ensure that the design of your website is exactly what you were looking for.
But in addition to the great flexibility in design, another great advantage that WordPress offers is that it is multi-user. In other words, you can have the users or people you want registered in your WordPress and they will be able to access its Dashboard to make the changes they want directly. To prevent all registered users from accessing all the desktop options, WordPress has defined a system of user profiles or roles that determine the different permissions and what they can access and manage from the Dashboard.
Check what tasks and jobs each user is supposed to do in your website and grant them the appropriate permissions. No more, no less. If you understand and manage the permissions of the different user roles well, your website will be safer and you will avoid unpleasant surprises from unwanted modifications. So, let’s see what kind of profiles or roles WordPress offers us!
Types of User Roles in WordPress
As I’ve already mentioned, in WordPress there are different types of user roles depending on the capabilities we want them to have, such as writing and editing comments, posts or pages, creating categories, moderating comments, managing plugins or themes, or even managing other users by assigning a specific role to each of them. The 6 predefined user roles in WordPress are as follows:
The user who has the role of Administrator is the one who has the master key that opens all the doors of the WordPress castle.
Administrators of a WordPress installation with a single website can perform all the tasks available on the WordPress Dashboard, including management tasks such as modifying any basic file, adding or deleting plugins, creating new users and changing their roles and passwords, importing and exporting the site, and manipulating all settings in general. They have control over all aspects of the design, being able to install, modify and delete themes, widgets, and menus. And, as it could not be otherwise, they have access to all the content that is published on their website, being able to create, modify and delete pages and posts, upload or delete multimedia files, and moderate comments.
Although you can have several administrators on a site, reserve this role exclusively for the user who needs to have full control. In fact, we always recommend that as a precaution, and even if you are the only person who will have access to your website, you create at least a couple of users: one with the role of Administrator to use it only when you really need to perform administrative tasks and another with a role with fewer permissions to manage content.
Also note that in case your WordPress is multisite, there are certain Administrator privileges that change, as I explain below.
Super Admin Role
In case your WordPress installation is multisite, the role of Super Admin includes all the Administrator’s capabilities plus some extra capabilities that only make sense or apply in a multisite environment: creating, managing and deleting sites, networks, users of those sites, network plugins, network issues, and network options. Don’t miss David’s article on the creation and management of WordPress Multisite to learn more about this topic.
As I told you before, there are a number of privileges that an Administrator of a single-site installation usually has, but doesn’t in the case of a multi-site installation. In particular, the privileges related to the management of the site that include the tasks of creating, modifying and deleting themes, plugins, files, and users are privileges that only users with the role of Super Admin may have.
And for the record: the role of Super Admin is not available in single-site installations.
The Editorrole is the best option for all those users who have to access all the content of the web, but shouldn’t be able to manage it or tweak its look and feel.
Editors can publish, edit or delete any page or post (even those tagged as “private”) and upload files to the media library. They can also moderate comments, manage categories, tags, and links. That is, editors can do practically anything they want with the content, but they can’t modify the site’s settings.
If you are the only owner of your website, for your own security, this is the role you should have assigned to create all the content of your website and use the role of Administrator only when you have to change its settings, update your plugins, and so on.
The Author role allows you to publish, edit or delete your own posts, but does not allow you to access posts created by other users. It also allows you to create, edit or modify pages, upload files to the Media Library and delete files that you have previously uploaded. On top of the posts, they will also be able to assign the tags and categories of the existing ones. In addition, authors can also moderate comments that have been added to posts they have published.
The author role is the one you will normally assign to regular writers on your blog who you trust to publish their own posts and upload their own images to the media library, but you don’t want them to have access to other articles or content on your website.
The Contributor role allows you to write and edit your own posts, but not publish them nor upload anything to the media library. In other words, this role is the one you should assign to a sporadic writer or guest that you want to write a post in your blog. Keep in mind that an Editor will be responsible for uploading the images this author requires, validating the post, and, ultimately, publishing it.
Finally, the Subscriber role is the one that WordPress assigns by default to any new user and is the lowest profile. Subscribers can log in to the web, change their password, read posts, and create comments to them, but they can’t have any special interaction with the WordPress Dashboard.
Create A New User
When we install WordPress, the first user we use during the installation process usually becomes its administrator automatically. But I’ve already commented that even if you are only one person managing and writing on your website, it’s advisable to create more than one user with different profiles.
How do we create a new user? It’s very easy.
On the Dashboard, access Users » Add new
Fill in the form for the new User. Note you can define your own password or use the one WordPress randomly generated. Then assign the profile that best fits the user you are creating.
Once you’ve created the user, you’ll be able to edit their profile information as well as customize some details.
Create New Roles And Customize Permissions
The roles that WordPress offers might not fit your needs. For example, you might want certain people with technical profiles only to be able to install and uninstall plugins and nothing else.
For these cases, you’ll find several plugins that allow you to customize the capabilities of WordPress profiles. For example, with User Role Editor, you can create new user roles and assign the specific capabilities you want each role to have. Or you can also modify the permissions a user has with the role they have.
For example, the image above shows that the user Ruth is an Administrator, but you could deactivate the capabilities you want from those that come by default with that profile. This way, you could very easily create a WordPress profile that could only install and uninstall plugins without having access to modify the content of the web.
As you can see, keeping a rigorous control of the permissions and capabilities you give to your users is very easy. Don’t leave this issue aside if you want to avoid possible future problems with your website!