There are a few things that you must understand about user roles and capabilities to be an effective administrator of a WordPress site: things like what a user is, how you make a new one, and what you’d make users for. There’s lots of value in covering those things, but our goal today is to really get a solid understanding of how the whole WordPress user management and role system works conceptually, and to cover a few of the most important ways of modifying it.
The Basics of a WordPress User
Every account that can log into a WordPress site represents a “user,” and every WordPress user has a “role.”
Every account that can log into a WordPress site represents a “user.” That is, every “login” — a username-password pair — is a unit of credentialing in WordPress. These user accounts are the authors of posts, pages, media, etc. As the administrator of a WordPress site, you can create new users at will, by going to “User > Add New” in the administration sidebar. You should, generally, create a new user for each person who you want to log in to your site.
You may also have realized something else about WordPress’s authorization system: each WordPress user has a “role.” You have to select it on the page where you create a new account.
WordPress Default User Roles
Out of the box, WordPress comes with the following roles:
- Super Administrator: This is a multi-site-network-only role. It is, as the name suggests, a more powerful version of an Administrator. A Super Admin can not only change and control a single WordPress site as an Administrator, but can change who has access to specific sites in a network. A fancy thing to call this role would be “WordPress Multisite Keymaster.” But I can see why they went with “Super Admin” instead ?
- Administrator: This is the role you probably use to log into your own WordPress site. It’s what WordPress makes the first user on a site by default, and it’s the most powerful role in the arsenal. If an “Administrator” can’t do it out of the box on a WordPress site, it can’t be done by anyone. Install plugins, change themes, make users, make posts, etc, etc.: all in the Administrator’s control.
- Editor: This is the next most powerful role. You can do all the necessary post- and media- authoring and editing things you can imagine, but you can’t make a new user, or add a new plugin, or do anything that changes how the site functions.
- Author: Another step down from an Editor, the Author role can only change their own posts and media. They can’t make changes to those of other users on the site.
- Contributor: Contributors can edit their own posts, delete unpublished posts they made, and read the site. That’s it. They can’t even publish their own posts.
- Subscriber: The Subscriber
This article was written by David Hayes and originally published on WPShout.