A Basic Guide to Understanding WordPress User Roles
WordPress, like many other online sites, has different user capabilities to decide how much or little any user can do on the site. This helps keep your site secure and organized, especially if you have multiple people working on it. In this article, we will talk about the five basic roles, along with one custom role for those with Managed WP Hosting from Ness Web Solutions.
Administrator
· What they can do: Everything. An Administrator has complete control over the entire website. They can create, edit, publish, and delete any posts or pages, and can upload and delete media in the media library. They additionally can install, delete, and update plugins and themes, change all settings, add and remove other users (even other Administrators).
· Who should have this role: The website owner. It's best to have as few Administrators as possible for security reasons.
Site Owner
This is a custom role for Ness Web Solutions Managed WP Hosting customers.
· What they can do: Almost everything. The site owner can do almost everything an Administrator can do, including creating, editing, publishing, and deleting pages and posts, and upload and delete media in the library. They can install and delete plugins and themes, change all settings, and add and remove other users.
· What they can’t do: They cannot push through any updates for plugins, themes, or the WordPress system. They cannot create or delete Administrator users.
· Who should have this role: This role is automatically created and assigned to the website owner/client of Ness Web Solutions. This is done, so that way clients cannot push through system wide updates to prevent a potential system failure due to an update. All updates to the entire system are managed by Ness Web Solutions, and updated weekly at least, to ensure stability and reliability of your entire website. Backups and automated checks are performed before and after website updates, and in the event an update crashes the website, your website is automatically restored to the state before the update, and Ness Web Solutions is notified.
Editor
· What they can do: They can manage the content on the site. An Editor can create, edit, publish, and delete any post or page on the site, not just the pages or posts they create. They can also moderate comments, manage categories and tags, and upload files to the site.
· What they can't do: Change site settings, install or update plugins or themes, or add new users.
· Who should have this role: Someone who manages the content on a blog or website, like a content manager.
Author
· What they can do: They can manage content they create. An Author can write, edit, and publish their own posts, and can also upload images and other media files.
· What they can't do: Edit or delete posts written by other people, create pages, or change any site settings. They also can't moderate comments.
· Who should have this role: Users who are trusted to publish their own work without needing approval, but shouldn’t be editing pages.
Contributor
· What they can do: Write and submit posts for review by someone with higher permissions. A Contributor can write new posts and save them as drafts. They can also edit their own drafts.
· What they can't do: They cannot publish their own posts, and instead an Editor role or higher must publish their posts. They additionally cannot edit any posts once they are published, including their own. They also can't upload media files (like images) to the media library,
· Who should have this role: Guest writers or new team members who need their work approved before it goes live.
Subscriber
· What they can do: Read private posts and manage their own profile on the site, including updating their name, email address, and password. Subscribers can only access the basic features of a WordPress site, and cannot view plugins or themes installed or anything else on the site.
· What they can't do: Create, edit, or publish any pages or posts. They cannot change any site settings, or affect how anything on the website works.
· Who should have this role: People who have signed up for your website to get special access to content, or users signing in to a client portal to view and download things.
Additional Custom Roles: As a Managed WP Hosting customer, we can create custom user roles for your users, to reflect the needs of your organization and website. Just contact us, so we can chat about the needs of your users!
Note: If you have a WordPress Network/Multisite setup, there is an additional administrator role called Super Admin, who can edit all sites in the network, as compared to an Admin, who can only edit specific sites in the network.
You can additionally learn more about the roles from the WordPress.org Codex resource page for Roles and Capabilities.