Digital Strategist

WordPress Developer

Content Creator

Unapologetic Punk

Mitch Canter

Know Your Role: The Ultimate Guide to WordPress User Roles

CMDR Mitchcraft

Reading time: 3 minutes

WordPress user roles play a critical role in managing access and permissions on a WordPress site. By assigning specific roles to a user, site owners can control what actions each user can perform on the site.

WordPress User Roles

There are six main roles included with any WordPress installation:

  1. Super Administrator: Usually a Super Admin is only found on a WordPress multisite installation, but a more apt term would be “Network Administrator” – they manage all of the sites on a network, whereas a regular Administrator may only have permissions on a single site.
  2. Administrator: The administrator has full control over the website and can perform any task, including managing other users, changing site settings, installing plugins and themes, and creating content.
  3. Editor: The editor can create, edit, publish, and delete any content on the website, including pages, posts, and comments. They cannot access site settings or install plugins and themes.
  4. Author: The author can create, edit, publish, and delete their own content. However,they cannot access or edit content created by other users.
  5. Contributor: The contributor can create and edit their own content, but they cannot publish it. Instead, their content must be reviewed and published by an editor or administrator.
  6. Subscriber: The subscriber can only view content on the website and cannot create or edit any content.

Creating a User in WordPress

Creating a user in the WordPress Dashboard is incredibly easy:

  1. Log in to your WordPress dashboard using your administrator account.
  2. Click on the “Users” tab in the left-hand menu, then click “Add New”.
  3. Fill out the required fields, including the username, email address, first name, last name, and password.
  4. Choose the user role from the “Role” drop-down menu. Select the appropriate role for the user based on their responsibilities and the level of access they require.
  5. Click the “Add New User” button to create the user account.

That’s it! The new user account will be created, and the user will receive an email with instructions on how to log in to their account. You can edit or delete the user account at any time by going to the “Users” tab in the WordPress dashboard and selecting the appropriate user from the list.

The Principle of Least Privilege

Typically, a good rule of thumb is to only give a user the access level they absolutely need, and nothing more. In security circles, this is called the Principle of Least Privilege. Someone only writing content shouldn’t have access to your plugins and themes, for example, and restricting access to a ‘need to know’ basis means you have less chances for a security breach.

Adding a new WordPress User Role

WordPress provides a way to add new users in plugins and themes via the add_role() function. However, it’s not wise to allow this hook to fire on every page load. To prevent this, we’ll add the code to an activation trigger, set an option value, and update the option with a boolean that will prevent it from firing again:

function mc__update_custom_roles() {
    if ( get_option( 'custom_roles_version' ) < 1 ) {
      add_role(
          'custom_role', // Role slug
          'Custom Role', // Role display name
          array(
              'read' => true, // Can read posts
              'edit_posts' => true, // Can edit their own posts
              'delete_posts' => false, // Cannot delete posts
              'upload_files' => true, // Can upload files
          )
      );
      update_option( 'custom_roles_version', 1 );
    }
}
add_action( 'init', 'mc__update_custom_roles' );

You can also choose to create the user role on a plugin’s activation via the register_activation_hook hook:

function mc__add_roles_on_plugin_activation() {
      add_role(
          'custom_role', // Role slug
          'Custom Role', // Role display name
          array(
              'read' => true, // Can read posts
              'edit_posts' => true, // Can edit their own posts
              'delete_posts' => false, // Cannot delete posts
              'upload_files' => true, // Can upload files
          )
      );
   }
register_activation_hook( __FILE__, 'mc__ add_roles_on_plugin_activation' );

Conclusion

In conclusion, WordPress user roles are a crucial aspect of managing a WordPress site. They allow site owners to control access and permissions for different types of users. By assigning specific roles and permissions to each user, site owners can ensure that users only have access to the areas of the site that they need to perform their tasks. Additionally, WordPress user roles can be customized or expanded using plugins or custom code to fit the specific needs of the site. Understanding the different user roles and their respective permissions is essential for effective WordPress site management.

  • The State of WordPress Plugin Development

    The State of WordPress Plugin Development

    Reading time: 4 minutes

    Seeing all the fun plugins you guys posted to the site today has reminded me of a topic that I’ve both seen published on other sites as of late and been pondering myself lately – the authors.  I’ve co-created a plugin, and it’s currently residing well in the plugin repository, but it hasn’t been all…

  • iPhone Theme for WordPress

    iPhone Theme for WordPress

    Reading time: 1 minute

    Now that everyone and their mother has gone out and bought a shiny new iPhone (yesterday was the 3G iPhone’s release date, after all), it’s time you made your WordPress theme a bit more iPhone friendly.