Digital Strategist

WordPress Developer

Content Creator

Unapologetic Punk

Mitch Canter

Know Your Role: The Ultimate Guide to WordPress User Roles

CMDR Mitchcraft

Reading time: 3 minutes

WordPress user roles play a critical role in managing access and permissions on a WordPress site. By assigning specific roles to a user, site owners can control what actions each user can perform on the site.

WordPress User Roles

There are six main roles included with any WordPress installation:

  1. Super Administrator: Usually a Super Admin is only found on a WordPress multisite installation, but a more apt term would be “Network Administrator” – they manage all of the sites on a network, whereas a regular Administrator may only have permissions on a single site.
  2. Administrator: The administrator has full control over the website and can perform any task, including managing other users, changing site settings, installing plugins and themes, and creating content.
  3. Editor: The editor can create, edit, publish, and delete any content on the website, including pages, posts, and comments. They cannot access site settings or install plugins and themes.
  4. Author: The author can create, edit, publish, and delete their own content. However,they cannot access or edit content created by other users.
  5. Contributor: The contributor can create and edit their own content, but they cannot publish it. Instead, their content must be reviewed and published by an editor or administrator.
  6. Subscriber: The subscriber can only view content on the website and cannot create or edit any content.

Creating a User in WordPress

Creating a user in the WordPress Dashboard is incredibly easy:

  1. Log in to your WordPress dashboard using your administrator account.
  2. Click on the “Users” tab in the left-hand menu, then click “Add New”.
  3. Fill out the required fields, including the username, email address, first name, last name, and password.
  4. Choose the user role from the “Role” drop-down menu. Select the appropriate role for the user based on their responsibilities and the level of access they require.
  5. Click the “Add New User” button to create the user account.

That’s it! The new user account will be created, and the user will receive an email with instructions on how to log in to their account. You can edit or delete the user account at any time by going to the “Users” tab in the WordPress dashboard and selecting the appropriate user from the list.

The Principle of Least Privilege

Typically, a good rule of thumb is to only give a user the access level they absolutely need, and nothing more. In security circles, this is called the Principle of Least Privilege. Someone only writing content shouldn’t have access to your plugins and themes, for example, and restricting access to a ‘need to know’ basis means you have less chances for a security breach.

Adding a new WordPress User Role

WordPress provides a way to add new users in plugins and themes via the add_role() function. However, it’s not wise to allow this hook to fire on every page load. To prevent this, we’ll add the code to an activation trigger, set an option value, and update the option with a boolean that will prevent it from firing again:

function mc__update_custom_roles() {
    if ( get_option( 'custom_roles_version' ) < 1 ) {
      add_role(
          'custom_role', // Role slug
          'Custom Role', // Role display name
          array(
              'read' => true, // Can read posts
              'edit_posts' => true, // Can edit their own posts
              'delete_posts' => false, // Cannot delete posts
              'upload_files' => true, // Can upload files
          )
      );
      update_option( 'custom_roles_version', 1 );
    }
}
add_action( 'init', 'mc__update_custom_roles' );

You can also choose to create the user role on a plugin’s activation via the register_activation_hook hook:

function mc__add_roles_on_plugin_activation() {
      add_role(
          'custom_role', // Role slug
          'Custom Role', // Role display name
          array(
              'read' => true, // Can read posts
              'edit_posts' => true, // Can edit their own posts
              'delete_posts' => false, // Cannot delete posts
              'upload_files' => true, // Can upload files
          )
      );
   }
register_activation_hook( __FILE__, 'mc__ add_roles_on_plugin_activation' );

Conclusion

In conclusion, WordPress user roles are a crucial aspect of managing a WordPress site. They allow site owners to control access and permissions for different types of users. By assigning specific roles and permissions to each user, site owners can ensure that users only have access to the areas of the site that they need to perform their tasks. Additionally, WordPress user roles can be customized or expanded using plugins or custom code to fit the specific needs of the site. Understanding the different user roles and their respective permissions is essential for effective WordPress site management.

  • Set Up An Amazing E-Commerce Site in 30 Minutes with WordPress

    Set Up An Amazing E-Commerce Site in 30 Minutes with WordPress

    Reading time: 2 minutes

    Step 1: Get a great product (you’d be surprised how many people forget this step…) Step 2: Install WordPress Step 3: Set up a static front page (Settings > Reading)… create a page called “front page” and a page called “blog”.  Head to the options menu and select the reading tab.  Change the “Front Page…

  • How to Update WordPress Themes and Plugins on WPEngine (Without the Repository)

    How to Update WordPress Themes and Plugins on WPEngine (Without the Repository)

    Reading time: 5 minutes

    Skip to the Tutorial My head is full and my heart is sad tonight. Thousands of WordPress users are left in a strange scenario today as Matt Mullenweg, Automattic’s CEO and founder, pulled access to the WordPress Repository for thousands of users on WPEngine. WPEngine is officially cut off from all updates – plugins, themes,…