L6.3 – User Roles & Permissions

Module : 06 – Managing a WordPress Site

Lesson < : Lesson 6.2 — Backups & Restore Options
Lesson > : Lesson 6.4 — Comment Moderation

What Are User Roles?
Why Permissions Matter
Default WordPress User Roles
Understanding Capabilities
How to Add or Remove Users
Choosing the Right Role for a User
Modifying Roles with Plugins
Best Practices
Summary

1. What Are User Roles?

User roles control what actions users can perform in WordPress. Each role has a set of permissions called capabilities. These capabilities define what users can view, edit, publish, or manage.

User roles help you manage access and maintain security across your website.

2. Why Permissions Matter

Permissions ensure that each user has the correct level of access based on their responsibilities. This prevents unauthorized changes, protects data, and helps maintain site stability.

Protects sensitive settings
Prevents accidental content deletion
Ensures users only access relevant features
Improves workflow and collaboration

3. Default WordPress User Roles

WordPress provides six default user roles. Each role has a specific set of capabilities.

Administrator

Complete access to all WordPress features. Administrators can install plugins, manage themes, add or remove users, and change settings.

Editor

Can publish, edit, or delete any posts or pages, including those created by others. Editors manage content but cannot change site settings.

Author

Can write, edit, and publish their own posts, but cannot manage others’ posts or site settings.

Contributor

Can write and edit their own posts, but cannot publish them. Contributors require approval from an Editor or Administrator.

Subscriber

Can log in and manage their profile but cannot create or edit content. Ideal for registered members or customers.

Super Admin

Appears only in WordPress Multisite installations. Has full control over all sites in the network.

4. Understanding Capabilities

Capabilities are individual permissions that define what a user can do. Examples include:

edit_posts
publish_posts
delete_posts
manage_options
install_plugins

User roles are simply collections of these capabilities. For example, an Editor has more capabilities than an Author.

5. How to Add or Remove Users

WordPress allows administrators to manage user accounts easily from the dashboard.

Go to Users → Add New
Enter username, email, and password
Assign an appropriate user role
Click Add New User

To remove a user, go to Users → All Users and select Delete. You will be asked what to do with their content.

6. Choosing the Right Role for a User

Assigning the correct role ensures users have access only to what they need. Use these guidelines when selecting roles:

Use Administrator role only for trusted users
Editors manage content across the entire site
Authors publish only their own content
Contributors write content but require approval
Subscribers are for basic user accounts

Choosing the right role reduces security risks and improves workflow.

7. Modifying Roles with Plugins

If you need more control over user permissions, you can use plugins to customize roles or create new ones.

User Role Editor
Members by MemberPress

These plugins allow you to add or remove capabilities for each role or create entirely new roles based on your needs.

8. Best Practices

Following best practices helps protect your site from unauthorized changes and mistakes.

Assign roles based on responsibility
Use the least-privilege principle (only give necessary access)
Limit the number of Administrators
Review user accounts regularly
Remove inactive or unknown users

Maintaining proper access control improves site security and organization.

9. Summary

User roles define what actions users can perform in WordPress
Permissions protect your site and structure workflows
WordPress includes several default roles with different capabilities
Administrators can add, remove, and manage users
Plugins allow customization of roles and permissions
Following best practices reduces security risks