If you have a WordPress site, then you have at least one user: you. And there’s a good chance that you’re an administrator. WordPress actually has five different user levels, but if you’re the only user on your site, you may not know about them, why they are there, and when to use them.
In all, there are 5 user levels in WordPress. Administrator, Editor, Author, Contributor, and Subscriber.
Each level has a unique set of capabilities that limits the user’s abilities to make changes on your site. If you add a user as an administrator, you are granting that person full access to everything including all posts and pages, all comments, and even design. Below is a brief overview of all the user levels and the capabilities they give you.
- Administrator: An administrator has full access to everything, can update all posts/pages, custom post types, and comments. They can add and remove themes and plugins, as well as add and delete users on the account.
- Editor: An editor can edit and publish any posts and pages, as well as moderate comments, manage categories, tags and links as well as upload media. Editors cannot add or remove plugins, themes, or users.
- Author: An author can edit and publish their own posts as well as upload media. They cannot modify anyone else’s posts.
- Contributor: A contributor can edit and create posts, but cannot publish them. It has to be submitted for an administrator to review and publish first. A contributor cannot upload media files. And, once a post is published by an admin, it can no longer be edited by the contributor.
- Subscriber: A subscriber is one who can only manage their own profile. They can’t edit or update anything on the site. They have no access to any content, comments, or images. They have only “read” access to the front end of the site. This is often the default role for members on a membership based site, and is also the role of any buyer on a WooCommerce site.
If you are running WooCommerce, there is an added role of Shop Manager. A shop manager is a role for someone you want to manage your products and orders, but don’t need admin access to your site. This gives the user the ability to manage all the settings in WooCommerce as well as orders and customers.
If you’ve added the plugin Yoast SEO, you’ll get a couple more roles too. Those roles are SEO Manager and SEO Editor. If you’re hiring someone to take control of your SEO, you don’t have to give them Administrator access, you can assign them an SEO role that fits better.
When might you need users at various levels?
If you need to add additional users to your WordPress site, you don’t always need to add them as an administrator. For a lot of website owners, who don’t know the difference, they just create new users with full administrator capabilities. But that’s not always the right choice.
Granting someone administrator access is serious business. They can do anything on your site, including adding new plugins, changing your content, changing your theme, appearance or even delete you as a user. So add administrators with care. If you’re hiring a new web developer or designer, then adding them as an administrator makes sense. But if you’re adding a copywriter, they typically don’t need that much access.
A few examples for you:
If you hire a writer to spiff up your content, adding them as an editor is your best bet.
Another example would be a blog that has multiple writers. Each writer should be given the role of author, which allows them to write, edit and publish their posts, but not have access to anyone else’s posts or edit any pages.
What about custom user roles?
Oh guess what? Your user roles don’t end at the 5-6 I mentioned above. You can create custom roles! I use a plugin called User Role Editor for this purpose.
This plugin is great for modifying existing user roles as well as creating new ones. I use it frequently to adjust capabilities granted to the role of Editor. Sometimes I’ll want an editor role that has a few more capabilities than what’s allowed, and User Role Editor does that.
I can also use User Role Editor to add new roles with a mix and match of different capabilities to to fit the needs I have for the people who need access to any given site. One of my favorite options is that I can clone an existing role, adjust it’s capabilities, and give it a new name. For example, I may have a role titled “Blog Editor” which is simply an author role with the ability to edit other people’s blog posts as well as your own.
There’s no end to your options when it comes to WordPress user roles!
When adding users to your site, be sure to think about what their needs are and give them only the capabilities they need, for security purposes. And always remember to remove users who no longer need access to your site as well! Leaving old users on your site is an open door to let that user back in, or even allow that defunct user account to be hacked.
Join our list!
Our blog, delivered to your inbox. Never miss a post!