How to assign the right WordPress user roles for your website

We’ve talked to many clients about the importance of WordPress user roles and correctly assigning them to team members.  So, we’ve put together this resource to help you do it right!

If you have multiple people in charge of running your WordPress website or contributing content, you need to make sure you have full control of what each of these users can and can’t do. Assigning the right roles helps ensure your site permissions are secure, organized, and updated. 

In this post, we’ll give you an overview of what WordPress user roles are, why they’re important, and what capabilities each role covers. This way, you can establish who on your team should be assigned what role type. 

What are WordPress user roles?

Your WordPress website comes with a pre-made user role management system that defines what capabilities each user has on your website. These capabilities control things like who can publish posts, install plugins, or edit themes. 

It’s important for you to correctly assign each role to keep your website’s security in check. In other words: make sure only certain people have access to certain things. This way, unauthorized people can’t do things like install a new plugin or give backend access to a completely new user. User roles  ensure each person stays in their lane.

Your WordPress website comes with six default user roles which cover all the typical capabilities you’ll need, but they can also be customized if needed. We’ll explain each below, starting with the role that has the least capabilities and working up to the ones with the most. 

The six main WordPress user roles

1. Subscriber

Subscribers are the most limited user role. Their only capability is the ability to read all your website posts and manage their profile. Typically, anyone can read your website posts without being assigned a role at all so you might not even use this option. That said, the subscriber role can be helpful for subscription-based sites where you only want certain people to read certain content.

2. Contributor

Contributors can perform three tasks: reading all posts, editing posts they write themselves, and deleting posts they write. They can’t publish posts or upload media files. They’re good for one-time contributors or new content creators before they gain your “trust.”  

3. Author

Authors can do everything a contributor can do, but they are able to publish their own posts and upload media files. That said, they can’t edit actual web pages or change other users’ content. Authors are good roles to assign people who regularly create blog posts for your website. 

4. Editor

Editors have a high level of control over content. This means they can create, edit, delete, and publish both pages and posts no matter who they belong to. They can also moderate comments and manage post categories and links. They cannot make site-wide changes like adding plugins, changing themes, or installing updates.

5. Administrator 

Administrators are at the top of the hierarchy. This will likely be the role assigned to you when you create a website. You’ll typically only have one administrator and they are able to access all website functions. They can do everything an editor can do on the content side, plus they can manage plugins and themes, edit code, and delete or change other user accounts. 

You should only give people this role if they are taking a leadership role in your website management. If you’re working with a website designer/developer like us, we’ll automatically be assigned this role while we host and manage your site.

6. Super Admin

The last WordPress user role is the Super Admin. These roles only exist on WordPress multisite networks so it may not be relevant to you. The Super Admin oversees all the websites within a network. This means they can make network-wide changes like adding or removing websites or changing themes, plugins, and users across multiple websites. 

How to apply the right WordPress user roles

As we’ve mentioned, it’s super important you give each user the right level of access they actually need to ensure the security of your website. Limit the number of user roles at the top. If you have a mid-size team, this will generally mean one administrator and a few trusted editors. Your authors can include regular content creators and one-time (or new) writers can be contributors.

Got questions about WordPress user roles?

We’re here to help! Post your questions in the comments below and we’d be happy to help. And, don’t forget to check out our other blog posts for all your need-to-know website and digital marketing know-how.