Beginner’s Guide to WordPress User Roles and Capabilities
If you are running a multi-user WordPress site, then you need to know about WordPress user roles and their capabilities. Because many times WordPress site owners assign higher user roles to new users without knowing the capabilities of that role.
This way you are giving users all the keys to your WordPress castle and as a result, any user can able to do whatever they want.
For example, you don’t know what are the capabilities of a WordPress Editor role and if you assign the role to a regular user, then the user can able to delete all your posts, edit your links without taking your permissions. Not to mention, this is how a user can ruin your whole site.
That’s why you need to understand WordPress user roles and capabilities before you promote any user on your site. Luckily, WordPress comes with a system of user roles and capabilities.
In this post, I will define what are the WordPress user roles and their capabilities. I will also show you how to customize existing user roles and create custom user role.
What are WordPress User Roles and Capabilities?
Before I start discussing user roles, let’s define what are the capabilities.
In WordPress, a Capability specifies a particular power or ability that a user can take. For example, a user can able to:
- change site setting
- publish post
- installing plugins & themes
- edit private posts
- can change links
- add new users
- and much more…
By default, WordPress includes total 69 user capabilities that covering the whole WordPress core functionality. But, the number may vary on installing plugins.
On the other hand, a user role includes a number of capabilities.
In short, you can assign a user account with a user role that comes with a set of allowed capabilities.
WordPress User Roles and Capabilities
By default, WordPress comes with 5 different user roles:
There is another user role – Super Admin, which is available in WordPress multisite network.
1. The Super Admin
- The Super Admin only available in a WordPress multisite network where the user can control other WordPress sites.
- The Super Admin can add or delete sites from the multisite network.
- They can also change site settings, install plugins, themes.
- It sounds like a normal site Administrator, but Super Admin is more powerful than the normal one.
2. The Administrator Role
- Administrators are the most powerful user role in a WordPress site. They have all kind of capabilities and can perform any task whichever they want.
- Users with the Administrator role have full access to the WordPress admin panel, can change theme, activate plugins and modify core files.
- They have the complete control all over content. They can add new posts, edit any user’s posts, and they can even delete any other user’s posts.
- Admins can create new user accounts and assign any user role to them. They can also change user information including passwords and delete any user accounts.
- Basically, they have the full control over your site like after installing WordPress, you have. If you are running a multi-user WordPress site, then you need to be careful before making anyone Admin. Because, once they became Administrator of your site, they can perform any task whatever they want and most importantly, they can even delete your account.
3. The Editor Role
- Editors have the full control all over your content.
- Editors can add, edit or delete any post on your site including the posts written by other users.
- They can also moderate comments, manage categories, tags, and links.
- Generally, they have the access to your content areas but can’t change site settings, install plugins, themes or add new users.
4. The Author Role
- Authors can publish, edit or delete their own posts but they don’t have access that are created by other users.
- They can upload media files into the media library and can delete their uploaded media files.
- As I mentioned above that Authors can create posts but they can’t create, edit or delete a page.
- They can view all the comments including pending ones but they can’t approve, modify or delete any comments.
- They don’t have access to the site settings, plugins, and themes.
5. The Contributor Role
- Users with the Contributor role can write, edit and delete their own unpublished post.
- Contributors can’t publish their own content and their content must be reviewed by Admin or Editor.
- Contributors don’t have the access to the media library, that means if they want to upload any images for their content, they need assistance from an Admin or Editor.
- Like Author role, they can’t modify any comments and they don’t have access to site settings, plugin or theme.
- If you accept guest posts, then you can assign Contributor role to users who want to submit guest posts.
6. The Subscriber Role
- Users with Subscriber role have the lowest capabilities in WordPress. By default, WordPress labels all new users as subscriber.
- Subscribers can only read your blog posts and create account from your WordPress dashboard.
- They can also change their user information including password. But they don’t have any other permissions like install plugin, create post etc.
Customizing Existing WordPress User Roles
Each user role has its own capability. For example, Users with the Administration role have full control over a site and they can perform any task as they want, Contributors can only submit their written post but they can’t publish.
If you are running a multi-user site, you may want to customize existing WordPress user roles. For instance, the Editor role has the ability to delete posts and no wonder an Editor can delete one of your most valuable posts, which is a nightmare. Contributors aren’t allowed to upload image files for their posts etc.
By default, WordPress doesn’t allow to modify existing user roles. Fortunately, there is a plugin called User Role Editor that will enable you to customize existing WordPress user roles easily.
At first, install and activate the User Role Editor plugin. Then go to Users> User Role Editor. There you can see all the WordPress user roles and their capabilities. From the drop-down menu, select a user role you want to modify. This will load all the capabilities of the user.
To change the permissions of a user role, check or uncheck the capabilities. Once you finished customizing, click on Update to store the new settings.
How to Create a Custom User Role in WordPress
Using the user role editor plugin, you can also create custom user roles in WordPress with a set of capabilities. First, install and activate the plugin and go to Users> User Role Editor. From the right side box, click on Add Role.
Then a popup “Add New Role” box will appear. Enter your Role name for example, “senior staff” or whatever you want. You can also make a copy of your existing user roles from the drop down option.
Now click on Add Role to create your custom role. See the screenshot below for details.
Once you have created a new user role, you need to assign capabilities. From the drop-down option, select your new user role and add capabilities like you did before. Then click on Update and you are done.
How to Change Capabilities for an Individual User
Another good thing about this plugin is that it allows you to change capabilities for an individual user account. For example, you have total 15 users and you want to change capabilities for a single user i.e. Jack.
First, go to Users> All Users and click on the capabilities option of the user you want to change.
Then the user capability page will open. From there check or uncheck the capabilities of the user. Now click on Update to store the settings.
That’s it. In this article, I have explained WordPress user roles and capabilities. I also showed how to customize an existing user role and how to create a custom user role in WordPress.
Now you understood the difference and functionality of WordPress user roles and from now you can promote users carefully. If you have any question in mind, let us know in the comment section. If you like this tutorial, subscribe us on Facebook, Twitter, and Google+.
- 12 Best WordPress Security Plugins to Secure Your Website
- How to Automatically Logout Idle Users in WordPress
- How to Change the Default Admin Username in WordPress