Off the shelf, WordPress allows you to assign a number of different user roles to people who use your website in one capacity or another. Now for the newest of users, this may not seem like such a big deal, but after a catastrophic event — like the office manager accidentally wiping out the company website right before the president gives a big press conference and directs everyone to your site to get all the details on your new, game-changing product — maybe you’ll understand its significance.
But, if that person had only a certain level of access to the website and wasn’t able to do anything more than they were trained to do, wouldn’t that put everyone’s mind at ease? It’s kind of like handing the nuclear launch codes to the lady behind the lunch counter. Sure she seems quite personable, and of course if anything were to go wrong it would be a complete accident, but how about we try to avoid that scenario altogether?
What is a Role?
Before we can begin to understand the user roles within WordPress, let’s have a brief refresher on what a role actually is. A role is a defined set of tasks that can only be performed by the person(s) assigned to that role.
So in our first example with the office manager, if that person had only been allowed to perform certain tasks, then the company website would not have gone down right before the press conference, because the role assigned to the office manager wouldn’t have allowed that to happen. Simple, right?
So What Kind of Roles Does WordPress Offer?
Now, sadly, most site owners assign everyone admin rights to their website, which is the equivalent of handing your toddler the keys to you car and telling them to take it for a spin. . .nothing good can come from that. Luckily, WordPress offers a number of built-in roles, which we will look at now and then we’ll discuss some simple rules to keep in mind.
Let’s Start Small and Work our Way Up, Shall We?
Subscriber — A subscriber can only manage their profile and view whatever widgets you have in the dashboard. They can’t make any changes, other than the color scheme of their dashboard. This is a pretty safe user role, to say the least.
Contributor — This is a pretty common role for those who use outside writers on their websites. In addition to the subscriber functions, it allows people to log into the site, write posts, and submit them for review — but not publish them. They can also moderate comments on their own posts, but not anyone else’s.
Author — Now we are getting some good traction. This person can write, publish, and manage their own posts, without needing anyone’s approval. It also goes without saying (even though I am) that the Author has the same rights as the Contributor. And just to clarify, they can only work on their own material.
Editor — An editor can manage and publish anyone’s posts, including their own. It’s almost like a super power if placed in the wrong hands (kidding, sort of). But this user role allows multiple contributors and authors to write content and submit it, and then let the editors do what they do best (because who else actually has a clue what an Oxford comma is and where it goes?).
Administrator — This is the user role most people hand out like Halloween candy, when in fact they should be stingier than Scrooge with it. This is the big Daddy of user roles. Once assigned an Admin, you can do anything within the site ( including bring it down, like in our first example). But just like Uncle Ben says in just about every Spider-Man reboot, “ With great power, comes great responsibility,” and as an administrator for a WordPress website you have great power. You can change the theme, add and remove plugins, add new users, edit code, and do pretty much anything else you can think of — including, but not limited to, bringing the site down by accident.
So how do we prevent this from happening? By assigning roles to people that suit what they’ll be doing within your site. Not everyone needs to be an admin, and only certain people need to be able to control the content globally on your site ( Editors and Admins can do that, in case you were wondering).
For the record, there’s one more built in user role, and thats called Super-Admin, but it is only used in what is known as a Multi Site network, which is a subject for another day.
Ok so now that we know what the roles are how about a couple of simple built in rules?
There are a few rules we need to be aware of when it comes to WordPress, but they are pretty straightforward.
- Only admins can add or delete users, no one else.
- Anyone can reset their password, it’s not just admins.
- Usernames cannot be changed. . .so don’t go with ‘crankywomanatthefrontdesk’. She will appreciate it.
- Each user needs a unique email address.
- You can always bump up your biographical info to make yourself sound more like a super hero. . .because who wouldn’t want to sound like a super hero?
So there you have it. Everything you wanted to know about user roles but never thought to ask. Or didn’t care to. But I know some of you still have one question that has yet to be answered.
And I know what that question is. . .
What if the default user roles don’t fit my needs? What if I need more flexibility?
Well my friends, you have come to the right place, because I have the answer you are looking for, and of course it’s a plugin. It’s a beautiful plugin called Members, which was written by a very smart guy named Justin Tadlock.
It allows you to create very specific user roles (among other things) with very specific functionality attached to them. Say, for example, I want to create a user role that only allows someone with this role to be able to manage categories for posts. With this plugin, I could do that. The other bonus with this plugin is that as you add and activate other plugins, it adds the functions from the plugin to the list of available options, so you can get even more finite in your user roles. It’s a pretty sweet plugin, for sure.
So we’ve learned about the default user roles in WordPress, we’ve learned a little about creating custom user roles with a plugin, now I think it’s about time you go back and review all the users on your site and what roles they have been assigned and make sure it’s appropriate for what they need to do before your next big press conference.
When not at his day job in the hosting industry, Al teaches WordPress at a Toronto, Ontario college and also does corporate WordPress training. As a freelance web developer, he is always busy building sites on the WordPress platform. All this leaves him very little time to ride his Harley and watch NFL football.