Back to Top

WordPress User Roles Guide

WP-user-roles imagesOne of the best ways to keep your WordPress installation safe & secure is to properly set your WordPress user roles. You should only be giving access to your WordPress control panel to users that truly need access and those users should only have access to the things that let them do their job. All to often I see site owners giving out way to much access to users on their team and this can create all types of problems and issues, even some that could jeopardize their entire site.

Figuring out the different user permissions can be tedious so, I have created a quick guide that allows you to see all the default WordPress user roles and access levels.

WordPress single site installation (this is probably you) user permissions:

Administrators

Administrators can do just about anything within your WordPress website including, modifying your core WordPress files and all the template files. Hence, admin privileges should be given only when warranted. I have seen situations were admin users have crashed entire sites when they knowingly or unknowingly modified files. Generally, speaking only your webmaster (if you have one) should have this level of access.

thumbs-UP

Can

  • Edit site files and core WordPress files (if enabled)
  • Change and edit themes
  • Activate and delete plugins
  • Edit plugin files (if enabled)
  • Update WordPress
  • Use, edit and change site widgets
  • Manage all users and user permissions
  • Edit, add, publish, and delete all pages and posts
  • View pages and posts marked private on the front side of the site, when logged in
  • Manage site settings and options
  • Manage all comments
  • Add and manage categories
  • Upload files
  • Use import and export functionality
  • Ability to upload unfiltered html

thumb-DOWN

Cannot

Administrators have full access to the entire WordPress ecosystem. The only things that they cannot do would be modifications only available via ftp. Your WordPress installation can be set (recommended) so that the template files can only be edited via ftp, but by default, administrators do normally have this ability.

Editors

Editors have many of the same privileges as administrators do but they do not have access or make changes to the template files or core files along with updating plugins and so on therefore, nothing that could fully wreck your site. However, they can manage all aspects of posts, pages, and commenting.

thumbs-UP

Can

  • Manage all pages and posts, edit, delete, add, and publish
  • View pages and posts marked private on the front side of the site, when logged in
  • Manage comments, edit, delete add, and publish
  • Manage categories, edit, delete, add, and publish
  • Manage other types of custom post types and posting functionality provided by plugins like events and so on

thumb-DOWN

Cannot

  • Manage plugins
  • Manage site settings or options
  • Manage widgets
  • Manage users
  • Manage template files or themes
  • Manage users

Author

Authors have many of the same privileges as editors with one main distinction, authors can only manage their own posts.

thumbs-UP

Can

  • Manage their own posts
  • Read other public posts
  • Manage their own custom post entries and other entries they create with plugins such as, events and so on.

thumb-DOWN

Cannot

  • Manage pages
  • Manage plugins
  • Manage site settings or options
  • Manage widgets
  • Manage users
  • Manage template files or themes
  • Manage users
  • Read posts and pages marked as private
  • Manage commenting
  • Manage categories
  • View pages and posts marked private on the front side of the site, when logged in

Contributor

Contributors unlike authors don’t have the ability to post automatically to the website. When a contributor submits a post it is held in moderation until an editor or administrator publishes their post.

thumbs-UP

Can

  • Create and submit their own posts for moderation
  • Create and submit custom post types and other entries they create with plugins such as events and so on for moderation

thumb-DOWN

Cannot

  • Manage pages
  • Manage plugins
  • Manage site settings or options
  • Manage widgets
  • Manage users
  • Manage template files or themes
  • Manage users
  • Read posts and pages marked as private
  • Manage commenting
  • Manage categories
  • Publish automatically to the site
  • View pages and posts marked private on the front side of the site, when logged in

Subscriber

Subscribers have the fewest permissions of all user types.

thumbs-UP

Can

  • Log in to control panel
  • Manage their own profile

thumb-DOWN

Cannot

Subscriber cannot do anything else on the website.

About Bryan

Bryan

Bryan is one of the founders of bMighty2 and is the COO. Along with being a huge advocate for small businesses his extensive background as a small business consultant gives him a unique insight into small businesses and their unique challenges and needs.

When not steering the ship here at bMighty2 you can find him out with his two daughters chasing them down a mountain either on a mountain bike or on skis.


Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Download this FREE white paper with 10 tips you can use to . . .

Drive More Traffic, More Leads, and More Sales NOW!

Privacy Policy: We hate SPAM and promise to keep your email safe.

Market Like A Superhero!

Not sure how? Sign up here to receive our FREE Monthly Marketing Newsletter. We'll help you get the most out of your marketing dollar and bring out the marketing superhero in you!

g NO THANKS