Beginner’s Guide to WordPress User Roles and Permissions

A great advantage of WordPress as a CMS is that it comes with loads of features that fits everyone’s needs. No matter if the person is a designer, developer, writer, or even the owner, they all get access to features that they can use for their own work. Keeping this requirement in mind, the awesome people behind WordPress has come up with multiple user roles for different requirements of different users.

The user roles really do make the jobs a lot easier to manage since most of the time, the users get access to features they require while keeping the advanced power to the few. But for a beginner, user roles can be a challenge to understand.

Let’s say you need to give access to your site’s WP admin dashboard to a new person for a job that they need to carry out on your website. It can be anything like a design edit, customization, drafting a blog, or fixing a bug. For this, it can be a challenge for a newbie to understand who needs access to which user role.

So, for this, we compiled this guide, which will help you manage what user roles and permissions are when it comes to WordPress.

User Roles and Permissions in WordPress

WordPress has user roles, which basically defines what all a user can do and can’t do. With different user roles, you get access to various features and levels of power of that WordPress website.

When you install WordPress, you get these five default user roles:

1. Admin or Administrator
2. Editor
3. Author
4. Contributor
5. Subscriber

Of course, you can create a custom user role if you need, and we will discuss that as well later.

Let’s start with understanding what all permissions you get with each role by looking at them individually.

Administrator

On a single WordPress installation, the admin is the user role with access to all the permissions. The Admins can make all the changes to the post that are possible. They can add a new post, remove or delete an existing post and can make changes to post of other users as well.

Apart from making changes to the posts, they can install, change, and even remove themes on the website using the admin dashboard. They can add or remove the plugins on the website as well.

In a nutshell, Admin is the top role in the user roles hierarchy. They are able to do Everything possible on a WordPress website. The thing that sets them apart is that they can add or remove Users to the website.

Since this is the most powerful role in the WordPress user roles, it should be assigned rarely and only where it is extremely required. With the Admin user role, you are giving access to all your work and your space on the internet, so do it wisely!

Ideally, this role should be assigned to the owners of the website.

Admin role highlights:

1. Create, edit, or remove any content.
2. Alter plugins and themes
3. Have access to make any change possible on the website.
4. Can edit or alter the website’s code.
5. Add and remove other user accounts.
6. Can update WordPress, themes, and, plugins.

Editor

As the name suggests, the editor of the website is responsible for handling and managing the content on the website. They can make changes to all the existing content on the website and can add new content as well. This user has access to and can make changes to both posts and pages, even those created by other users.

An editor also has the power and permission to access the comments on the posts and can moderate them as well. They can approve comments, delete them if needed, Apart from this, the Editors can manage the categories and links for the posts.

While they have so many permissions, they do not have the power to make site-wide changes to the website. Changes like adding or removing themes or plugins and even installing updates are something that cannot be done by this role. Mostly they are responsible for the content and overseeing the work of authors and contributors.

Editor role highlights:

1. Can manage the whole content
2. Can add, alter, or remove posts and pages on the website
3. Usually responsible for overseeing the work of authors and contributors
4. Can moderate comments and manage categories and links.
5. Can’t make changes to plugin, themes, and core.

Author

Think of author role as a sub of the editor role. Just like the relationship of the name of the two suggests, the author has less power as compared to the Editor.

Authors can add, edit, and delete their own posts. They can remove the posts even if they are published. When it comes to categories management, they do have the option to choose the category for the post, but they are not permitted to create new categories. Yet they can add their own tags to the posts.

Coming to the comments permissions, they do have the option to see the comments even the unapproved ones, but they cannot approve, moderate, or delete the comments.

Just like the editor role, they do not have the option to add, remove, or update the themes, plugins, or updates. They can only do what the role of an author allows anywhere. Adding, editing, and publishing the articles on a website.

Since this role does not offer much access to permissions, it is comparatively a low-risk user role for situations like guest posts and contributions with the only exception that the users can delete their own posts.

Author role highlights:

1. Can add, edit, and remove posts on the website.
2. Responsible for adding and publishing content on the website.
3. Can remove self-published blogs.
4. Able to see unpublished comments but can’t moderate them.
5. Cannot make changes to the themes, plugins, and the core.

Contributor

Contributors go by their name. They can add new posts or “make contributions” and can make changes and edits to the content as well but cannot publish any posts. They even do not have permission to publish their own posts. Just like the Author, when writing, they can definitely use the existing categories but cannot add new ones. Also, contributors can add tags to the posts when writing.

This can be seen as a stripped down version of the author role. Because of this, the contributor is not able to add media or files. This means that they cannot add images to their own posts.

Contributors can see the comments when the ones which are not approved but they cannot publish them just like Author.

Again, just like any other role except admin role, this role does not have permission to access the settings, plugins, themes, or any setting that can allow them to make site-wide changes.

Contributor role highlights:

1. Contributors can add, edit their own posts.
2. They cannot publish any posts, even of their own.
3. Cannot add any files hence cannot add images to the post.
4. Can see unapproved comments but can’t moderate.
5. Cannot make changes to the themes, plugins, and the core.

Subscriber

The subscriber is the lowest role in the hierarchy of user roles. They only have permission to log in to WordPress and make changes to their user profiles. Since there is nothing that this user can do in the WordPress dashboard, they do not have access to the WP dashboard as well.

This role is only useful to the websites which require users to login before they can read an article or comment on the website. 

On top of these 6 roles, there is one more role, which only applies to specific WordPress installations. The role we are referring to here is the Super Admin role. Let’s have a look at it as well.

Super Admin

This role cannot be left behind, but the thing with this role is that it only applies to multisite installations. If you don’t know what a multisite installation is then in simple words, multisite setup is nothing else but a network of connected WordPress websites. Along with all the powers of all the other users combined, super admins are capable of high-level adjustments like adding or removing websites.

When a website gets a super admin, things change a little bit. With having the super admin role active, regular admins no longer can install, delete, or update the themes and plugins on the website. Nor they can alter the user information on the website. All these permissions are reserved with the Super Admin of the website.

These are all the roles that you get with the Default installation of WordPress. Of course, Since we are talking about WordPress, you do get the option to set up custom roles on your website as well.

How to Effectively use User Roles with User Activity Log Plugin

When you have multiple users on different user roles on your website, you need to be extra cautious on your website regarding who can access what data and who can alter that data. For this, it is good to have access to all the activities that are happening on your website.

The default installation of WordPress does not come with an option to track the activities on your WordPress website. But, with a single plugin, this can be done easily.

You can keep track of all the activities on your WordPress website with the User Activity Log plugin effortlessly.

This plugin gives you access to information about all the activities happening on your website’s WordPress admin dashboard.

Let’s see what all this plugin can do.

Setting Up User Activity Log Pro

To use User Activity Log on your website, you need to make sure that it is installed on your website first. Installation of User Activity Log Pro is no brainer and gets installed like any other plugin. Simply go to your WP admin dashboard, and then go to Plugins> Add New.

Now upload the zip file and click on the install button, once the installation is completed, click on the Activate button.

If you want a more detailed User Activity Log installation guide, check here

Once you have User Activity Log Pro installed and activated, we can go ahead and check how the plugin to effectively use User Activity Log Pro.

Using User Activity Log Pro

Once you activate, you will notice the respective option in the Admin dashboard panel.

Click on this option to check the logs on your website. You can see who made any update, deleted a post, or made changes to the themes as well.

You can use the available options and filters to narrow down your results as well. If you wish to enhance your tracking, you can use the Custom Activity log option to add a custom event or hook to generate new activity logs.

You can even sort the data based on the parameters that suit your requirements.

Furthermore, you can restrict your users regarding who can see the activity logs from the settings. This can be done from the settings of User Activity Log Pro. You can restrict the access to admin level only or can give access to any desired role.

Learn more about User Activity Log Pro.

Final Thoughts

Since User Roles and Permissions are an important aspect of a WordPress website, it is advisable that you pay more attention to these settings and roles.

Understand every role before assigning a new user to that account. If you have a new user, you need to understand how that user is going to fit in your website and what all tasks he will be doing. After you know what their task is, go ahead and give them a role that fits their tasks and accesses they require.

Pay special attention while giving Admin or Super Admin roles to new users. Only assign these roles when you can rely on these users. Nonetheless, if you happen to give out these roles to the users, do not worry about it as you can track their activity with the User Activity Log Pro plugin.

You can sit back and track every user’s activities on your website and can access them all at one place that is User Activity dashboard which you can find in your admin dashboard.

I hope now you are aware of all the roles and permission on a WordPress website. Go ahead and incorporate these on your website and assign user roles if required.

Have you ever had issues with tracking User Activity on your website earlier? Share your experiences down in the comments!

If you liked this article, do share it!