WordPress user roles play a critical role in managing access and permissions on a WordPress site. By assigning specific roles to a user, site owners can control what actions each user can perform on the site.
WordPress User Roles
There are six main roles included with any WordPress installation:
- Super Administrator: Usually a Super Admin is only found on a WordPress multisite installation, but a more apt term would be “Network Administrator” – they manage all of the sites on a network, whereas a regular Administrator may only have permissions on a single site.
- Administrator: The administrator has full control over the website and can perform any task, including managing other users, changing site settings, installing plugins and themes, and creating content.
- Editor: The editor can create, edit, publish, and delete any content on the website, including pages, posts, and comments. They cannot access site settings or install plugins and themes.
- Author: The author can create, edit, publish, and delete their own content. However,they cannot access or edit content created by other users.
- Contributor: The contributor can create and edit their own content, but they cannot publish it. Instead, their content must be reviewed and published by an editor or administrator.
- Subscriber: The subscriber can only view content on the website and cannot create or edit any content.
Creating a User in WordPress
Creating a user in the WordPress Dashboard is incredibly easy:
- Log in to your WordPress dashboard using your administrator account.
- Click on the “Users” tab in the left-hand menu, then click “Add New”.
- Fill out the required fields, including the username, email address, first name, last name, and password.
- Choose the user role from the “Role” drop-down menu. Select the appropriate role for the user based on their responsibilities and the level of access they require.
- Click the “Add New User” button to create the user account.
That’s it! The new user account will be created, and the user will receive an email with instructions on how to log in to their account. You can edit or delete the user account at any time by going to the “Users” tab in the WordPress dashboard and selecting the appropriate user from the list.
The Principle of Least Privilege
Typically, a good rule of thumb is to only give a user the access level they absolutely need, and nothing more. In security circles, this is called the Principle of Least Privilege. Someone only writing content shouldn’t have access to your plugins and themes, for example, and restricting access to a ‘need to know’ basis means you have less chances for a security breach.
Adding a new WordPress User Role
WordPress provides a way to add new users in plugins and themes via the add_role()
function. However, it’s not wise to allow this hook to fire on every page load. To prevent this, we’ll add the code to an activation trigger, set an option value, and update the option with a boolean that will prevent it from firing again:
function mc__update_custom_roles() {
if ( get_option( 'custom_roles_version' ) < 1 ) {
add_role(
'custom_role', // Role slug
'Custom Role', // Role display name
array(
'read' => true, // Can read posts
'edit_posts' => true, // Can edit their own posts
'delete_posts' => false, // Cannot delete posts
'upload_files' => true, // Can upload files
)
);
update_option( 'custom_roles_version', 1 );
}
}
add_action( 'init', 'mc__update_custom_roles' );
You can also choose to create the user role on a plugin’s activation via the register_activation_hook
hook:
function mc__add_roles_on_plugin_activation() {
add_role(
'custom_role', // Role slug
'Custom Role', // Role display name
array(
'read' => true, // Can read posts
'edit_posts' => true, // Can edit their own posts
'delete_posts' => false, // Cannot delete posts
'upload_files' => true, // Can upload files
)
);
}
register_activation_hook( __FILE__, 'mc__ add_roles_on_plugin_activation' );
Conclusion
In conclusion, WordPress user roles are a crucial aspect of managing a WordPress site. They allow site owners to control access and permissions for different types of users. By assigning specific roles and permissions to each user, site owners can ensure that users only have access to the areas of the site that they need to perform their tasks. Additionally, WordPress user roles can be customized or expanded using plugins or custom code to fit the specific needs of the site. Understanding the different user roles and their respective permissions is essential for effective WordPress site management.