Every WordPress website owner has to learn to set WordPress User Roles and Permissions sooner or later. Building out your first WordPress website from scratch and need to set your partner up as an admin? Give a plugin support team temporary access for troubleshooting? Want to give a friend permission to edit posts for you? Feature a guest author on your blog? Add another full time author?
These might seem like daunting tasks if you’ve never dealt with them before. You may not even be aware that you have that fine grain control over permissions. Fortunately though you do, and WordPress makes setting them super easy.
You can be an expert on WordPress User Roles in less than 5 minutes, and this quick start guide is all you’re going to need!
WordPress User Roles Explained
There are 5 user roles to choose from, and each of the 5 roles gives each user a different set of permissions while on your website. Understanding the level of permission you are granting a user is critical to keeping your website safe. Many headline-grabbing data breaches that have made the news in recent years have only been possible because of unnecessary administrator accounts on WordPress sites, for example.
Use this section to determine which role you need to grant a user. In the next section below you’ll find out how to actually grant or change the role as well 🙂
The Administrator Role
Administrators have full access to the entire WordPress website and all of its features. This includes (but is not limited to):
- Installing, deleting, and activating/deactivating plugins
- Installing, deleting, activating/deactivating, and modifying themes
- Creation, deletion, and modification of all posts and pages
- Access to WordPress core files and the ability to upload files
- Modifying and creating WordPress User Roles of other users
Only users that truly need it should ever have access to Administrator permissions. For security reasons, there should never be dormant Administrator accounts sitting around, either!
Note that if you are running a WordPress Multisite, there is also a Super Administrator role that grants these permissions across each site of the multisite.
The Editor Role
Editors have full access to posts and pages, but none of the other permissions granted to an Administrator. Editors can:
- Fully modify, publish, or delete any WordPress post
- Fully modify, publish, or delete any WordPress post
- Full moderation control over comments
If you need someone to be able to fully manage the content of your website, this is the WordPress User Role you’re looking for.
The Author Role
Authors have full control their own WordPress posts, but not those of others. They can’t access WordPress pages. They can:
- Publish a post
- Edit their own posts
- Delete their own posts
- Upload files into the Media Library for use in their posts
- Moderate comments for their own posts
This is the WordPress User Role for users that will be regularly contributing content to your website. They’ll have full access to do what’s needed to generate fully fleshed out post content of their own, but nothing else.
The Contributor Role
Contributors can create post content, but are limited in what they can do outside of that. A Contributor can:
- Create a new post
- Generate content for posts they’ve created
- Delete unpublished (and only unpublished) posts they’ve created
This is the perfect WordPress user role for guest authors. They can generate new content for you, but can’t touch anything else. They can’t publish the content they create themselves- an Administrator or Editor will need to do that for them, allowing their work to be reviewed and approved before it goes live. They’ll also need an Administrator or Editor to upload media files for them, as they are unable themselves.
The Subscriber Role
Subscribers are the default role assigned to a new user if you have WordPress set up to allow users to register. Subscribers can:
- Create a profile for themselves in the WordPress dashboard
- Post comments using under their new user profile
If you just want users to be able to interact with your site with the added touch of a unique personal profile, this is the WordPress User Role you want.
How Do I Set User Roles?
Easy! Navigate in your WordPress dashboard to Users>All Users and select the profile that you want to check or modify roles for. Scrolling down the page just a tad you’ll see the Role setting dropdown field:
Just adjust that setting to coorespond to the role you need as described in the previous section of this article!
How Do I Grant Temporary Adminstrator Credentials?
It’s very common for plugin support teams to ask you to create temporary admin credentials for troubleshooting purposes. This process simply involves creating a new WordPress user and toggling the Role setting to Administrator. You’ll then want to provide the support team with the username and password for that account. After they’re done troubleshooting, you should always go back and delete this user!
Here’s the relevant bits you’re looking for in this process, found under Users>New User in the WordPress dashboard:
If you’ve hit each section above, congratulations! You’re a WordPress User Role Expert.
That’s really all there is to it: understanding the WordPress User Roles, being able to change them, and knowing how to grant temporary Administrator access as needed. Once you’ve got that under you’re belt, you’re able to do whatever needs to be done to adjust user roles for your website workers and users.
If you’re really interested in digging into the technical nature of these permissions, you can find technical documentation on them over on the WordPress.org Codex page Roles and Capabilities.
If you just want to master using them for your website, you’ve got all the info you need above. Questions? Feel free to ask them in the comments below!