WordPress allows you to easily add new users to your website. Depending on the role and permissions you assign them, these users can then work on your site.
Many new WordPress users aren’t aware of these user roles and permissions. We have seen them give strangers full admin access to their business websites, compromising sensitive customer and business data.
In this article, we’ll explain WordPress user roles and permissions in detail and teach you which user role to assign when adding new users.
What Are WordPress User Roles and Permissions?
Using WordPress user roles and permissions correctly gives you complete control over your WordPress website and can help improve your website security.
WordPress allows you to add multiple users to your website. You can also open user registration on your website so that other users can sign up.
When adding a new user to your website, you can choose a user role for them. You can also set a default user role for your site, which will be automatically assigned to new users who sign up for an account.
Each user role comprises specific capabilities, or permissions, that spell out the actions a user can take on your website.
There are five default user roles available in WordPress:
- Administrator
- Editor
- Author
- Contributor
- Subscriber
You can see a complete visual comparison between each user role by viewing the infographic below:
Alternatively, you can read the summary of each user role and their capabilities and permissions below.
1. Administrator Role
On a regular WordPress website, the administrator role is the most powerful user role. Users with the administrator role can add new posts, edit posts by any users, and delete those posts.
Plus, they can install, edit, and delete plugins and themes.
Most importantly, admin users can add and delete users and change information about existing users, including their passwords.
This role is reserved for site owners and gives you full control of your WordPress website.
If you are running a multi-user WordPress site, you need to be very careful who you assign the administrator user role to.
Can I Share Admin Access With a Developer?
From our experience, creating a staging website under the same hosting account is somewhat safer. It allows developers to have the same web hosting environment to test their code but without the right to publish anything on your live website.
Alternatively, you can share an empty website under the same hosting account with the developers to work on. This way, they will not have access to the data stored on your website.
For more information, see our article on sharing admin access with plugin developers.
2. Editor Role
Users with the editor role in WordPress have complete control over the content sections of your website.
They can add, edit, publish, and delete any post on the site, including those written by others. An editor can also moderate, edit, and delete comments.
Editors cannot change your site settings, install plugins and themes, or add new users.
3. Author Role
Users with the author role can write, edit, and publish their own posts. They can also delete their own posts, even if they have already been published.
Authors cannot create new categories when writing posts, but they can choose from existing ones and add tags to their posts.
Authors can view comments, even those pending review, but they cannot moderate, approve, or delete any comments.
They do not have access to site settings, plugins, or themes, so it is a relatively low-risk user role. The only exception is the ability to delete their own published posts.
4. Contributor Role
Users with the contributor role can add new posts and edit their posts, but they cannot publish any posts.
When writing posts, they can choose from existing categories and create their tags.
The most significant disadvantage of the contributor role is they cannot upload files, so they can’t add images to their posts.
Contributors can also view all website comments, but they cannot approve or delete comments.
Finally, they don’t have access to website settings, plugins, or themes, so they cannot change any settings on your site.
5. Subscriber Role
Users with the subscriber role can log in to your WordPress site, update their user profiles, and change their passwords.
They can’t write posts, view comments, or do anything else inside your WordPress admin area.
This user role is particularly useful if you have a membership site, online store, or another site where users can register and log in.
If you want to create a custom login experience for your visitors, then see our guide on how to add a front-end login page and widgets in WordPress.
Bonus: Super Admin Role
This user role is only available on a WordPress multisite network.
Users with the super admin user role can add and delete sites on a multisite network. They can also install plugins and themes, add users, and perform network-wide actions on a WordPress multisite setup.
Think of it like having admin access to every site in the network.
How to Customize Existing User Roles and Permissions in WordPress
The default WordPress user roles have capabilities that will work for most WordPress websites and blogs.
For example, if you run a magazine website, then the ‘Editor’ role can be assigned to senior staff, the ‘Author’ user role can be for junior writers, and the ‘Contributor’ role can be for guest writers.
But sometimes, you might want to customize the permissions and capabilities assigned to the role to meet the specific needs of your website.
Like the default author role, which lets users publish their posts and also gives them the ability to delete their published posts, you may want to remove the capability that lets authors delete their posts in this case.
There are some plugins that add specific roles to your website, such as a comment moderator user role plugin.
However, the easiest way to customize your WordPress user roles is to use the Members plugin. It lets you create, manage, and change user roles across your website.
The first thing you need to do is activate and install the plugin. For more details, see our step-by-step guide on how to install a WordPress plugin.
Upon activation, you will have a new menu item called ‘Members’ in your WordPress admin panel.
You need to go to Members » Roles and click on the user role you want to edit.
In this example, we will be editing the ‘Author’ role, but you can choose the best role for your needs.
This brings you to a screen where you can fully customize the capabilities for that role.
To remove a capability for the role, check the ‘Deny’ box. If you want to add a new capability, check the ‘Grant’ box.
Here, we will check the ‘Deny’ box for the Delete Posts user capability.
If you don’t check a box for an available role, that user won’t have that capability.
Once you have finished customizing your role, click the ‘Update’ button.
The changes you make will automatically apply to all existing users with that role and to all new users to whom the role is assigned.
How to Create Custom User Roles in WordPress
Another thing you can do is create completely custom user roles in WordPress with unique sets of capabilities.
To do this, you will be using the same plugin as above.
Simply navigate to Members » Add New Role, and give your new role a name.
For instance, you can create a developer role that you can give to a WordPress developer with specific permissions granted.
The left-hand column has different sections that have lists of available capabilities. We will select the ‘Appearance’ tab and then add capabilities to edit, install, and update themes.
After that, click the ‘Add Role’ button to save the user role.
Next, you can create a new user and assign them the new user role.
To do this, go to Users » Add New and fill in your new user information.
At the bottom of the screen, you will see a ‘User Roles’ section.
Now, you can check the boxes for the user roles you want to assign to the new user and then click the ‘Add New User’ button.
Now, you have created a new custom WordPress user role and assigned it to a new user.
For more details, see our guide on how to add new users and authors to WordPress.
If you want to create a WordPress user role that’s only for moderating comments, then see our guide on how to allow blog users to moderate comments in WordPress.
We hope this article helped you understand user roles and permissions. You may also want to see our guide on how to prevent authors from deleting posts, or take a look at our tutorial on limiting authors to their own posts.
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
Oyatogun Oluwaseun Samuel
This is a great article. very simple and easy to understand. I want to ask that is there no way one can add user that has more attribute than what is currently available on registration? Let’s say you want to add users that you need to know their “Age” or “Date of Birth” is there no way one can go about it.
WPBeginner Comments
In this case yo will likely want to customize the user registration. Check out this guide on how to add fields to the user sign-up form: https://www.wpbeginner.com/plugins/how-to-add-additional-user-profile-fields-in-wordpress-registration/
Mrteesurez
This is a detail article that nailed out all what user roles entail and give best practices to assign each to specific users.
My question:
By default, Does a contributor role can see an admin bar ?
I know of athour role.
WPBeginner Support
Unless you disable it for the user role, all user roles would see the admin bar when logged in.
Admin
Jiří Vaněk
I need to add a user to the website who will only have specific rights to what he can do on the website and what he must not have access to. Thank you for the instructions on how to create exactly such a user in WordPress. It saved me a lot of time looking for instructions on how to achieve this.
Muhammad Afzal Qureshi
Very nice explain in detail, I have a great experience after reading out.
WPBeginner Support
Glad you found our article helpful!
Admin
Waqar
Your blog is really awesome, especially when ever I need to learn something about WordPress in deep dive.
WPBeginner Support
Glad you find our content helpful!
Admin
Jen
Hi WPB, how many “admin” roles can a website have? On my site, the original admin has full rights. But new admin usernames don’t. Is that normal?
WPBeginner Support
You can have as many admin users as you like on a WordPress site, if you do not have the default admin privileges then either a plugin may have modified the privileges as the most common reason.
Admin
Sam
Hi – I’m wondering if I can set a default for subscribers that doesn’t allow them access to the dashboard. I have subscribers through a free online course. I want to automatically eliminate the dashboard access so I don’t have to manually uncheck the box “Show Toolbar when viewing site ” Is there a way to do that?
WPBeginner Support
If you only want to hide the admin bar then we have a guide below that for hiding it:
wpbeginner.com/wp-tutorials/how-to-disable-wordpress-admin-bar-for-all-users-except-administrators
We also have a guide for redirecting users after they log into your site below that can help achieve what you’re looking for:
https://www.wpbeginner.com/plugins/how-to-redirect-users-after-successful-login-in-wordpress/
Admin