If you run a large website, a membership site, or simply need to give other people access so they can manage, edit, or contribute to your site, WordPress user roles and permissions let you control what users can and can't do.\r\n\r\nWordPress provides six default user roles, each with its own set of permissions and capabilities. And there's good reason for this - you don't want just anyone to have open access to your site.\r\n\r\nWhile some users, such as site owners, will have overarching access to do practically anything they want, other users only need limited access to options and settings. After all, in the name of <a href="https:\/\/pagely.com\/solutions\/secure-wordpress-hosting\/">keeping your site secure<\/a>, you wouldn't give a casual blog contributor access to your plugins, or allow users who've register on your site to leave comments additional access to the post editor.\r\n\r\nIn this post, I'll explain the different WordPress user roles and their capabilities. Then I'll walk you through how to manage users in the WordPress admin, the best plugins for customizing roles, along with best practices when dealing with user permissions.\r\n<h2>WordPress User Roles<\/h2>\r\nThe WordPress user management system is based on two concepts: <a href="https:\/\/codex.wordpress.org\/Roles_and_Capabilities#Roles" target="_blank" rel="noopener noreferrer"><span class="s1"><b>roles<\/b><\/span><\/a> and <a href="https:\/\/codex.wordpress.org\/Glossary#Capabilities" target="_blank" rel="noopener noreferrer"><span class="s1"><b>capabilities<\/b><\/span><\/a>.\r\n\r\nA <b>role<\/b> is essentially a set of permissions, called <b>capabilities<\/b>, that you assign to a group of users on your WordPress site.\r\n\r\nA <b>capability<\/b> is a specific action that a user is permitted to complete. For example, editing a post is one distinct capability while publishing a post is another capability.\r\n\r\nWordPress has six default user roles:\r\n<ul>\r\n \t<li>Admin<\/li>\r\n \t<li>Editor<\/li>\r\n \t<li>Author<\/li>\r\n \t<li>Contributor<\/li>\r\n \t<li>Subscriber<\/li>\r\n \t<li>Super Admin<\/li>\r\n<\/ul>\r\nThere are many types of capabilities, including writing and editing posts, creating pages, defining links, creating categories, moderating comments, managing plugins and themes, and managing other users, just to name a few.\r\n\r\nTo give you a clearer picture of how all this works, let's look at each of the roles and their associated capabilities in more detail.\r\n<h3>Administrator<\/h3>\r\nThe administrator is the most powerful user role with the most capabilities. As a site owner, when you create a new instance of WordPress you'll be automatically assigned this role.\r\n\r\nAdministrators, usually referred to as "admins," have unrestricted access. They can install, configure, and remove plugins and themes, as well as create, edit and delete new and existing pages and posts. Admins can also manage other users, including adding and removing users, updating user information (such as names and passwords), and even delete other admins.\r\n\r\nSince this role provides full control over a WordPress site and all its settings- including security, privacy, and editing code- it's usually reserved for site owners. However, it's not unusual for site owners to assign this user role to developers and maintenance services that require a higher level of user permissions.\r\n\r\nOn <a href="https:\/\/pagely.com\/blog\/wordpress-multisite\/">WordPress Multisite<\/a> networks, admins have different user permissions. More on this below.\r\n<h3>Editor<\/h3>\r\nAs the name suggests, this user role assumes responsibility for managing content.\r\n\r\nEditors can add, edit, publish, and delete any posts and media, including those written by other users. Editors can also moderate, edit, and delete comments, and also add and edit categories and tags.\r\n\r\nWhile editors have unrestricted access to editing content and overseeing the work of authors and contributors, they don't have access to site settings, such as plugins, themes, and users.\r\n<h3>Author<\/h3>\r\nThe author role has far fewer permissions than editors. They can create, edit, and publish their own posts. They can also delete their own posts (even when they're already published), but they cannot edit or delete posts written by other users.\r\n\r\nAuthors can't create or edit categories, but they can choose from existing categories and create new tags to add to their posts. They can also upload images and other media files. Like editors, authors don't have access to settings, plugins, themes, or user profiles other than their own. Unlike editors, authors can't moderate comments, approve, or delete comments.\r\n\r\nAuthors are responsible for creating and editing their own content and nothing more. While it is a fairly low-risk role, it's important to keep in mind that users assigned the author role can delete their own published posts, which might be a concern if you hire writers for your blog.\r\n<h3>Contributor<\/h3>\r\nThe contributor role is basically a stripped-down version of the author role. Users who are assigned this role can perform three main tasks on your site: read all posts, create and edit their own posts, and delete their own posts. However, contributors can't publish their posts.\r\n\r\nWhile this role is ideal to assign to writers who contribute content to your site, it does have one major drawback - contributors can't upload media. This means that if writers want to add images or other types of media to their posts, they'll need a user with media library permissions to do it for them.\r\n\r\nLike authors, contributors can't create new categories but can add existing ones to their posts. They can also create and add tags to their posts. Contributors can view comments, even those awaiting moderation, but they can't approve, edit, or delete them.\r\n\r\nContributors don't have any administrative permissions, such as access to settings, plugins, and themes.\r\n<h3>Subscriber<\/h3>\r\nThe subscriber role is the default role assigned to new users if you enable registrations on your site. This role has the least number of permissions of all the roles. Basically, subscribers can update their own user profile, read the content on your site, and leave comments.\r\n\r\nSubscribers don't have any administrative permissions (i.e. they can't access site settings, plugins, or themes), and they can't edit or delete content.\r\n\r\nThis user role is useful if you require users to log in before they can leave a comment on a blog post.\r\n<h3>WordPress Multisite Role: Super Admin<\/h3>\r\nThe super admin role is only available for Multisite networks. Super admins have overarching permissions to manage networks, including making high-level changes such as adding and deleting sub-sites.\r\n\r\nSuper admins can also manage the network's users, themes, and plugins, and have unrestricted access to settings, security, privacy, and code.\r\n\r\nThe administrator role is somewhat modified on Multisite networks. They can no longer install, upload, and delete themes and plugins, or modify user profiles. While super admins can decide what plugins and themes to install on a network, individual sub-site admins can only choose whether or not to activate them.\r\n<h3>Extra Option: "No Role for This Site"<\/h3>\r\nThere's a seventh option worth highlighting- "no user role for this site." This option is useful if you want to keep an inactive user's profile information on your site and not delete it.\r\n\r\nFor example, say a writer or staff member has left your business and no longer needs permissions for your site. Obviously, you don't want to continue giving them access to your site settings and content. But if they've contributed content, such as blog posts, you might want to keep their byline and author profile. In this case, you could reassign the user the "No user role for this site" option.\r\n<h2>Creating New Users and Assigning Roles<\/h2>\r\nThere are two ways to add new users to your site: by <strong>enabling site registration<\/strong> or <strong>adding new users manually<\/strong>.\r\n\r\nEnabling site registration is useful if you run a membership site and want to allow users to register to create their own account. You can enable this option by going to <b>Settings > General<\/b> and checking the option "Anyone can register."\r\n\r\n<img class="aligncenter size-full wp-image-15156" src="https:\/\/pagely.com\/wp-content\/uploads\/2018\/07\/site-registration.png" alt="WordPress enabling site registration" width="982" height="344" \/>\r\n\r\nAlternatively, you can add a new user manually. To do this, go to <b>Users > Add New<\/b>.\r\n\r\n<img class="aligncenter size-full wp-image-15157" src="https:\/\/pagely.com\/wp-content\/uploads\/2018\/07\/add-new-user.png" alt="Manually adding new users to WordPress" width="433" height="292" \/>\r\n\r\nA new screen will appear where you can fill in all the necessary details for the new users, including their name, email, and website. You can also choose to set their password, send a notification with details of their new account, and assign the user a role other than "subscriber."\r\n\r\n<img class="aligncenter size-full wp-image-15158" src="https:\/\/pagely.com\/wp-content\/uploads\/2018\/07\/add-new-user-details.png" alt="Adding new user details in WordPress" width="616" height="639" \/>\r\n\r\nOnce you click "Add New User," the user will be added to your WordPress database and their details will appear under <b>All Users<\/b>.\r\n\r\n<img class="aligncenter size-full wp-image-15159" src="https:\/\/pagely.com\/wp-content\/uploads\/2018\/07\/all-users-screen.png" alt="WordPress All Users screen" width="910" height="307" \/>\r\n\r\nAs you can see above, there's only one user for my site. Since I'm the site owner, I have the administrator user role.\r\n\r\nIn order to edit your user profile, simply go to <b>Users > Your Profile<\/b> where you can update your name, email, website and author biographical info, as well as your profile picture and password, among other details.\r\n\r\nIf you have the admin or super admin role and want to modify another user's profile information, go to <b>Users > All Users<\/b> and select the user you want to edit.\r\n<h2>The Case for Custom User Roles<\/h2>\r\nBig brands such as Facebook, Microsoft, Wired and Quartz rely on WordPress to power some of their publications. So having appropriate user roles is crucial when assigning editors, authors and contributors to produce and manage content.\r\n\r\nBut while the default WordPress user roles have been designed to have capabilities that fit the requirements of modern websites, they don't meet the needs of all websites.\r\n\r\nOne common example of why you might want to create custom roles is related to adding guest or staff writers to your blog.\r\n\r\nIf you want to add a new user to your blog to contribute content, then you might assign them the author or contributor role. However, by default authors have the ability to publish posts, which is a capability you might not want to give a new member of your team right off the bat. Users with this role can also edit and delete published posts.\r\n\r\nWith that in mind, you might think the contributor role would be a better option since it has more restricted access. However, contributors, while not being able to publish or edit existing content, can't upload files to the media library, including images for their own posts.\r\n\r\nSo when assigning roles to new writers, this puts you in somewhat of a quandary: do you give them access to do their job with added permissions to make far-reaching changes to your published content, or play it safe with the result of not giving them enough access to complete their tasks, while potentially creating more work for others with access to the media library?\r\n\r\nThis is where being able to customize and create new user roles on your WordPress site becomes a useful ability to have. But since WordPress doesn't provide options out-of-the-box for customizing user roles, you'll need to use a plugin to modify user roles and permissions.\r\n<h2>How to Create and Customize User Roles in WordPress<\/h2>\r\nThere's a WordPress plugin for just about anything you can think up, and user roles are no exception. Here are 6 options for customizing user roles and capabilities.\r\n<h3>1. <a href="https:\/\/wordpress.org\/plugins\/user-role-editor\/" target="_blank" rel="noopener noreferrer"><span class="s1">User Role Editor<\/span><\/a><\/h3>\r\nUser Role Editor is the most popular way to customize the default WordPress user roles, with more than 600,000 active installations. This free plugin lets you modify user capabilities in just a few clicks. You can also create new roles and assign selected capabilities to existing users.\r\n\r\nOnce you've installed and activated the plugin, a new User Role Editor option will appear in the WordPress admin (<b>Settings > User Role Editor<\/b>) where you can edit each of the default user roles, create new roles, add capabilities, and delete roles and capabilities.\r\n\r\n<img class="aligncenter size-full wp-image-15160" src="https:\/\/pagely.com\/wp-content\/uploads\/2018\/07\/user-role-editor.png" alt="User Role Editor" width="1009" height="633" \/>\r\n\r\nA new "Capabilities" option will also appear when you hover users on the <b>All Users<\/b> screen, enabling you to customize capabilities for individual users.\r\n\r\nIt's a powerful plugin that gives you complete access to customize roles how you like and is a great option should you need to modify permissions for your site.\r\n<h3>2. <a href="https:\/\/wordpress.org\/plugins\/members\/" target="_blank" rel="noopener noreferrer"><span class="s1">Members<\/span><\/a><\/h3>\r\nMembers is a powerful user, role, and capability management plugin for WordPress. It puts you in control of permissions on your site by providing a user interface for WordPress' powerful user management system, which is traditionally only available to developers who know how to code this by hand.\r\n\r\nWhen you install and activate this plugin, it adds two new menu items to the WordPress admin: <b>Roles<\/b> and <b>Add New Role<\/b>. Roles displays all the available user roles along with the number of users that have each role.\r\n\r\nThe <b>Add New Role<\/b> screen lets you create new user roles. All you need to do is give your role a name and check each of the capabilities you want to assign to the role.\r\n\r\n<img class="aligncenter size-full wp-image-15161" src="https:\/\/pagely.com\/wp-content\/uploads\/2018\/07\/members-add-new-role.png" alt="Members plugin screen" width="1114" height="816" \/>\r\n\r\nOther features include the ability to assign multiple roles to a user, explicitly deny capabilities, and clone roles. There are also shortcodes available for controlling who has access to content.\r\n<h3>3. <a href="https:\/\/wordpress.org\/plugins\/wpfront-user-role-editor\/" target="_blank" rel="noopener noreferrer"><span class="s1">WPFront User Role Editor<\/span><\/a><\/h3>\r\nWPFront User Role Editor is another powerful plugin for creating and customizing user roles. Once installed and activated, the plugin adds a new <strong>Roles<\/strong> option to the WordPress admin, with options for adding new roles, restoring defaults, adding and removing capabilities, and more.\r\n\r\nLike other plugins mentioned in this post, WPFront lets you easily create new roles and assign capabilities via an intuitive interface.\r\n\r\n<img class="aligncenter size-full wp-image-15162" src="https:\/\/pagely.com\/wp-content\/uploads\/2018\/07\/wpfront-add-new-role.png" alt="WPFront Add New Role" width="1105" height="638" \/>\r\n\r\nA nice feature is the ability to restore the administrator, editor, author, contributor, and subscriber roles to their default settings after you've made modifications. It's also possible to create redirects for user roles, so after logging in, users will be redirected to different pages of your site, or even different URLs.\r\n\r\nThere's a Pro version of this plugin that offers additional features, including media library permissions, Multisite support, custom post type permissions, and more.\r\n<h3>4. <a href="https:\/\/wordpress.org\/plugins\/capability-manager-enhanced\/" target="_blank" rel="noopener noreferrer"><span class="s1">Capability Manager Enhanced<\/span><\/a><\/h3>\r\nCapability Manager Enhanced provides a simple way to manage the default WordPress user roles.\r\n\r\nAfter you install and activate this plugin, it adds a new <b>Capabilities<\/b> menu item to the WordPress admin. From this screen, you can view and change capabilities for any role, add new roles, copy existing roles into new ones, and add new capabilities to existing roles.\r\n\r\n<img class="aligncenter size-full wp-image-15163" src="https:\/\/pagely.com\/wp-content\/uploads\/2018\/07\/capability-manager-enhanced.png" alt="Capability Manager Enhanced plugin" width="1103" height="640" \/>\r\n\r\nThere's also capability negation, which allows you to set any capability to granted, not granted, or blocked. Other features include the ability to copy any role across all Multisite network sites, mark any role for auto-copy to future network sites, backup and restore roles and capabilities so you can revert your last changes, and reset roles and capabilities to the WordPress defaults.\r\n<h3>5. <a href="https:\/\/wordpress.org\/plugins\/advanced-access-manager\/" target="_blank" rel="noopener noreferrer"><span class="s1">Advanced Access Manager<\/span><\/a><\/h3>\r\nAdvanced Access Manager is a simple but straightforward plugin for customizing user roles, creating new ones, and managing user permissions. After installing and activating the plugin, you'll notice a new <b>AAM<\/b> menu item in the WordPress admin, which takes you to this screen:\r\n\r\n<img class="aligncenter size-full wp-image-15164" src="https:\/\/pagely.com\/wp-content\/uploads\/2018\/07\/advanced-access-manager.png" alt="Advanced Access Manager" width="1105" height="628" \/>\r\n\r\nThe options in the top-right let you switch between managing roles and capabilities, controlling settings for the plugin, and adding Pro extensions for great functionality.\r\n\r\nA unique feature of this plugin is the ability to manage user access to the WordPress admin, as well as create and manage temporary user accounts. This plugin is also developer-friendly, with lots of hooks, <a href="https:\/\/pagely.com\/blog\/react-js-wordpress-rest-api\/">WordPress REST API<\/a> integration, and numerous abstract layers to simplify programmatic access management.\r\n<h3>6. <a href="https:\/\/elextensions.com\/plugin\/woocommerce-catalog-mode-wholesale-role-based-pricing\/">ELEX Role Based Pricing Plugin<\/a><\/h3>\r\nWith a little bit of a different use case, this plugin allows you to create role based pricing on your <a href="https:\/\/pagely.com\/solutions\/woocommerce-hosting\/">WooCommerce<\/a> store, as well as create additional user roles on your site. Based on the roles defined on your store, you will be able to set up prices for each product based on those roles. Particularly useful when managing a wholesale store on WooCommerce, different roles can see pricing based on how you've defined it for them.\r\n\r\n<img class="aligncenter size-full wp-image-18278 lazy" src="https:\/\/pagely.com\/wp-content\/uploads\/2018\/07\/ELEX-Catalog-Mode-Role-based-Pricing-Plugin.png" alt="" width="859" height="570" \/>\r\n\r\nYou can also use this plugin to disable the eCommerce functionality of a Woo store. With a single click you can convert your store into a catalog for all guest users, and allow shopping functionality only to registered customers. You can also configure price adjustments and modify tax display options.\r\n<h2>Best Practices for Managing WordPress User Roles and Capabilities on Your Site<\/h2>\r\nUnderstanding the various user roles and capabilities that WordPress provides is key to managing them effectively- but so is knowing how to apply them correctly and customize where appropriate.\r\n\r\nWhether you run a large website or a small blog with only a handful of users, here are some best practice tips to help you manage the user roles and capabilities on your WordPress site:\r\n<h3>1. Only give users the level of access they need<\/h3>\r\nThis one is key for three reasons: security, to top users making unapproved changes, and to prevent content being accidentally deleted.\r\n\r\nBefore assigning a user a role, consider what tasks they will need to perform on your site and only assign them the role that gives them the capabilities they need and nothing more.\r\n<h3>2. Limit how many users have the administrator role<\/h3>\r\nWhile some might recommend that you have only one administrator and assign other trusted members of your team the editor role, this isn't always practical. There will no doubt be times when other people, such as developers and maintenance services, need higher level access to WordPress permissions.\r\n\r\nOn larger sites, you might find several people are assigned the admin role. If this is the case for you, make sure the people who have this role use strong usernames and passwords (enable two-factor authentication, if possible). Also, regularly review the admins for your site and reassign them a new role or remove users where necessary.\r\n<h3>3. Regularly review user roles and capabilities<\/h3>\r\nWhenever you carry out site maintenance, review user roles too. Start by checking how many users you have for each role and reassigning users to different roles if you feel the tasks they perform on your site don't quite match the capabilities of their role.\r\n\r\nFor larger sites, this is an important practice if you regularly have new staff members joining your site or former employees who no longer require site permissions.\r\n<h3><b>Customize roles to give users only the capabilities they need<\/b><\/h3>\r\nAs we've covered in this post, the default user roles in WordPress don't quite meet the needs of all websites. So there might be times when you find a role doesn't provide the necessary capabilities you need for a particular user. This is where creating a new user role or customizing an existing role comes in handy.\r\n\r\nEach of the plugins listed above will let you create and customize user roles and offer added features for better managing the WordPress user management system. If you decide to use a plugin, do your research and choose the tool that best suits what you want to achieve as far as roles and capabilities go for your site.\r\n<h2>Conclusion<\/h2>\r\nWhether you run a large website with many users or a membership website with on-site registration, the WordPress user management system provides a solid foundation for managing the many people who use and contribute to your site.\r\n\r\nOf course, as an admin, you are free to modify user roles and capabilities how and when you like! So whether you decide to temporarily reassign a user to the admin role, or choose to create a new role with only select capabilities to cover essential tasks, it's your prerogative- especially when you can simply revert any changes you make and return to the defaults.\r\n\r\nFor advanced control over user management, be sure to check out the plugins listed above. They will give you greater control and options for customizing roles and capabilities. And follow the best practice tips above to ensure your site remains organized and secure.