What can the different user types do in WordPress
In today’s article, we are going to discuss the different user types in WordPress. We’ll see how applying the correct role to your users can be important for your site, and we’ll help you choose the correct user roles for your WordPress site.
We use the WordPress user roles as a way to define what the different WordPress users can do. User roles define the user permissions and capabilities in WordPress. This hardens your site’s security by having fewer users with too many privileges. By using different user roles you can also avoid confusion and create a user hierarchy. After all, a user that is supposed to just add posts shouldn’t be able to edit your theme files.
Therefore our goal today is understanding what the different user roles are in WordPress. We’ll also look into how you can manage your user roles, and filter your registered users by role using Users Insights.
Now, let’s see an overview of all the possible user roles. Then we’ll check each of them in particular and what they can or can’t do. It’s also worth pointing out that plugins can change this and add more roles or capabilities.
The easiest way to check out the difference between the user roles in WordPress is visually. Since the capabilities are cumulative by default, each user role will do all the things the previous user role can do and a little bit more.
We also include the Super Admin, which is a role that is reserved for WordPress Network installs. A network install allows you to create new WordPress sites with the push of a button, and all your sites are under the same WordPress installation. This approach has its own use-cases that are too broad for the current article. Just keep in mind that once you have a Network install, your WordPress user permissions are going to be changed as well.
Here we’ll show what each WordPress user can do. Of course, not all capabilities are listed as WordPress itself has a lot more capabilities that we could add, and plugins can add their own. But it’s a good way to understand overall what each user can or can’t do.
This is the simplest user type in WordPress. The subscribers are often used for registered users, so they can just log in and have all their regular information automatically retrieved. Also, the subscriber role can be used in a similar way to the customer role, or other basic roles for other plugins.
User Capabilities: post comments, read posts
Moving up in terms of WordPress user permissions we have the contributor role. This role is often used by sites that count on multiple writers.
It allows the users to upload and edit their own content, but only when it’s a draft. They can’t edit published posts or other user’s posts. After their post is done they can’t publish it immediately, they have to submit for review.
They also don’t have access to the media library and can’t upload media even from the content editor.
Additional User Capabilities: create drafts, delete drafts, submit drafts for review
The author user role in WordPress are very similar to the contributor, but more independent. In addition to creating drafts, they can also publish their own posts and add media. They can also edit their own posts after they have been published. But they can only do that for their own content.
This user role has also access to the media uploader. Although they can use media uploaded by other users, they can’t delete them. They can only do that for media that they have submitted themselves.
Additional User Capabilities: create posts, delete their own posts, edit their own posts, upload media, delete their own media.
Another important user type in WordPress is the editor. They are often used for people who manage the authors and contributors. These users are able to not only add and edit their own content, but they can do that for others as well. Editors have also access to the content structure of the site, so they can add new categories, moderate comments, add pages.
Therefore, editors have access to the entire content of a site and can edit anything related to it.
Additional User Capabilities: create pages, edit all posts, edit all media, edit all categories, edit all tags, edit comments, moderate comments.
For a single site installation, the role with the highest WordPress user permissions is the admin. They can do anything they want on their own site. Import content, add new users, edit theme options, edit plugins and themes.
This is often the only user role with permissions to edit and theme plugin settings.
There’s a small difference if you are running a WordPress network though. They won’t be able to upload or delete themes and plugins. They can only activate plugins that are allowed in your network, and they can’t disable network enabled plugins. Also in a network, they lose the capabilities regarding theme and plugin edits.
Additional User Capabilities: Import and export content, manage users, manage themes, manage plugins.
This WordPress user role is reserved for WordPress networks. They are the admins that can oversee everything and edit all sites. They are also able to create new sites and manage the available plugins and themes.
In fact, once the super admin is present, a regular admin will lose a lot of its power. The super admins will dictate which plugins are enabled in the network, and they can even force some plugins to be active.
Additional User Capabilities: Create Network, manage sites, manage network plugins, manage network themes.
Managing user roles
So far we saw how many built-in user roles WordPress has. But sometimes you may need to create new roles or tweak the existing ones. Well, as the old saying goes, there’s a plugin for that.
The User Role Editor plugin allows you to change the default user capabilities and also add your own custom WordPress user roles.
With a few clicks, you can change the default behavior, hide or show admin areas or show widgets based on the user role. You can also export or import your presets and quickly install similar roles in all your sites.
Filtering users by user role
You may also want to filter users based on their roles. In that case, you can use the Users Insights plugin.
For example, you may have a site with a lot of users, and just want a quick overview of all your subscribers:
But you can also filter out the ones you don’t want to. So, in case you want to see all users who aren’t subscribers or contributors, this can be done by the role “is not” filter.
Today we saw an extensive guide showing all the default WordPress user roles. We also saw how each role can be used and what capabilities they have. By the end of the day, you should be able to correctly assign users to their roles in a way that avoids confusion and hardens your site security.
In addition we discovered some options regarding plugins to edit and filter your user roles.
We hope you enjoyed this article, and see you again next time!