How Do Multi User WordPress Roles and Permissions Work?

WordPress developers and website administrators can apply user roles to precisely manage how individuals create, delete, update, and manage WordPress website resources. WordPress assigns different levels of access depending on the role you want them to have. We’ll answer your questions about why these roles matter, the types of roles and their permissions, how to create user profiles, amending permissions, and using plugins to manage roles.

What Are WordPress User Roles and Why Do They Matter?

WordPress user roles let you control how other people interact with the administration and back-end management of your WordPress website. If you’re the only one who logs into your WordPress website, this doesn’t matter too much. User roles become essential when you allow others to contribute to the WordPress content management system (CMS). You don’t want others having the freedom to do anything to your WordPress website, and roles let you set permissions appropriately. 

What Are the Different Types of WordPress User Roles?

There are six main types of WordPress roles. In descending order of what they can do with the CMS, they are:

  1. Super Administrators.
  2. Administrators.
  3. Editors.
  4. Authors.
  5. Contributors.
  6. Subscribers.

We’ll explain what each one is able to do.

How Does the Super Administrator User Role Work in WordPress?

Upu only need to think about a super administrator role if you have more than one WordPress website in your network. Super administrators are able to make changes that impact your entire network of sites.

This means they have all permissions and can add and delete entire websites, make whatever changes they want to any WordPress website in the network, install and remove plugins, add and remove users, manage content, change settings, and anything else. 

Who Should Have Access to the Super Administrator Role

This role only comes into effect if you have more than one WordPress site in your installations and someone needs access to all of the sites. The Super Admin role should only be given to someone who has complete trust to manage all your WordPress websites responsibly.

How Does the Administrator User Role Work in WordPress?

You’re probably a WordPress administrator yourself. This role is assigned by default to the person that first installs a WordPress website. Administrators can also grant administration roles to others. .

Administrators have very wide permissions for what they can do on a WordPress site. This includes changing settings, adding and removing plugins, assigning and removing other users and roles, adding, editing, and deleting content and files, editing code, and more. 

Administrators are restricted if: 

  • Their WordPress website is part of a multisite installation.
  • A super administrator role has been created and assigned. 

In these cases, the regular administrator does lose some default permissions. Specifically, regular administrators cannot upload or delete themes or plugins, and they cannot change user information, instead this authority rests with the super administrator. 

Who Should Have Access to the Administrator Role

Administrator roles should be reserved for one or a handful of employees who you have deep trust in. Administrators can do anything they want with a WordPress website so assign this role with that in mind.

How Does the Editor User Role Work in WordPress?

An editor role is designed to manage and collaborate with other users on the CMS. Your editors will oversee and work with authors and contributors.

Editors are mainly concerned with “posts” and “pages” in WordPress. They can create, amend, remove, publish and otherwise manage content created by themselves or other users. They can also moderate comments and manage categories used for organizing content. 

Editors are somewhat limited in what they can do. They cannot make changes related to plugins, themes, or other sitewide settings or administration functions.

Who Should Have Access to the Editor Role

Editor roles are typically assigned to content leads, strategies, and others responsible for collating, optimizing, and updating content. Editors do not have access to everything that administrators do, but they do have broad access to all of the content in the CMS. 

How Does the Author User Role Work in WordPress?

The author role is designed for users that should only have responsibility for their own content. All of an author’s permissions are only related to WordPress posts, not WordPress pages.

Authors can create, amend, remove, publish and otherwise manage posts that they have written. They can also upload and use media files. Authors cannot edit pages and they cannot alter other user’s content of any type. They do not have any administrative permissions.

Who Should Have Access to the Author Role

Author roles are ideal for people who want to publish on your WordPress website. They can only manage their own posts.

How Does the Contributor User Role Work in WordPress?

The contributor role is similar to the author role, but only allows for creating, deleting, and editing their own posts. Like authors, they have no access to pages.

Contributors can create, amend, and remove posts that they have written, but they cannot publish posts or upload media files. This means an editor or administrator needs to review a contributor’s posts before publishing them.Contributors do not have any administrative permissions.

Who Should Have Access to the Contributor Role

The contributor role is ideal if you want others to create content but want someone else to review that content prior to publishing.

How Does the Subscriber User Role Work in WordPress?

Subscribers can only read posts on WordPress. Since everyone that visits a WordPress website can read posts on the front-end anyway, the subscriber role is not used very much.

Subscribers cannot create, amend, delete, publish, or make any changes to content. They do not have any administrative permissions.

Who Should Have Access to the Subscriber Role

The subscriber role is of limited usefulness, as the permissions they have also apply to regular visitors to your website, the ability to read WordPress posts.

How Can I Manage and Configure WordPress Users and Roles?

Here are some best practices for creating and managing user profiles and roles:

  • Always seek to minimize the level of access a user needs to complete their role effectively in WordPress. carefully consider the actual permissions they need with regard to administration and content management.
  • Keep the number of administrators and editors to a minimum. These roles have the widest access to the settings on a WordPress website, so assign them only to individuals that you trust.
  • Add new users through the WordPress administration dashboard by going to “Users” in WP Admin and making the required updates.
  • Review and amend existing users on a regular basis to ensure they have the correct level of access.
  • Amend the permissions of an existing role, create new, unique roles, and limit privileges using a WordPress role management plugin like the User Role Editor plugin or the PublishPress Capabilities plugin. These types of plugins allow for extensive fine-tuning of privileges and permissions. 

We hope you’ve found this guide to WordPress user roles helpful. Understand what the roles can do, establish the right level of roles for your content specialists, and follow best practices to secure your WordPress website. 

WordPress makes it easy to run sites of any complexity, from sprawling content hubs to simple business profiles. And Managed WordPress from Media Temple keeps it easy from start to finish, with WordPress-optimized infrastructure and an interface that couldn’t be easier. So you can keep your attention on your audience, not your server.

About the Author Alycia Mitchell is Head of Content Marketing, with 10 years of SEO and digital marketing experience. When she isn’t deep in spreadsheets, you might find her exploring nature. More by this Author