The Quick Guide to WordPress User Roles & Permissions

WordPress user roles and permissions may seem like a minor detail, but they are incredibly important. Whether you’re looking to enable content creators to add their own content while safeguarding your site, monetize your site with gated content only certain users can access, or looking to create email campaigns for your web-driven contact lists, you need to get to know the five main WordPress user roles: administrator, editor, author, contributor, and subscriber.

Let’s take a look at the main types of WordPress user roles commonly used by small business websites, what permissions are available to each role, and when to use them.

5 Types of WordPress User Roles (Plus a Bonus)

First off, there are five primary types of user roles: administrator, editor, author, contributor, and subscriber. These roles are hierarchical based on the amount of access and permissions each has over the website and its content, with administrator at the top with the most control and subscriber at the bottom with the least control and no access beyond reading the content.

Here are the five types of WordPress user roles and their permissions:

Administrator: Total site control and access
Editor: Total post access
Author: Total post access over their own posts
Contributor: Ability to create, edit, and delete their own posts, but cannot publish
Subscriber: Ability to access and read content only

Note: You may have heard of other types of WordPress users, as there are more than the five listed above. However, these are specific to certain industries or businesses and are not widely used across business websites. For example, there is a role called the Super Administrator, which is only used in the instances of multisites.

Let’s look more closely at each type of WordPress user role and their permissions:

WordPress User Role: Administrator

The WordPress administrator is the ultimate user role with maximum permissions. It’s at the top of the user role hierarchy and it provides complete control over a website, its content, and its design. In short, there’s nothing a WordPress administrator cannot do. Any possible action on a site can be completed by the site administrator. Because of this, there should only be one admin, and the admin’s login credentials should be kept safe.

Here’s what a WordPress administrator is capable of doing:

Complete site access
Change any appearance elements (e.g., theme, menu, logo)
Add, update, and remove any content
Manage users and add new ones

Note that hackers are actively seeking WordPress admin login information given that it provides the utmost access to a site—including sensitive information such as any credit card numbers used for payments or purchase records. Even with a great password, hackers are great at what they do, so be sure to take additional security measures, such as changing your WordPress login URL.

Get the comprehensive list of the permissions of the WordPress administrator.

WordPress User Role: Editor

The site editor has the second-most site permissions behind the administrator. However, a WordPress editor only has access to posts and customizations related to the posts, such as comments, tags, links, and taxonomies. In other words, the editor can do anything within the posts section of the site, but cannot access other sections, such as, say, appearance or plugins.

Here’s what a WordPress editor is capable of doing:

Create, edit, and publish their own posts
Edit other users’ posts
Customize post categories, comments, tags, and links

What a WordPress editor cannot do: customize website design elements (e.g., theme) and web pages.

Learn more about the role of the WordPress editor.

WordPress User Role: Author

The WordPress author can create new posts, edit, delete, and publish any of their own articles, but is different from an editor because an author cannot edit other user’s posts. However, an author is a step above a contributor as they are able to publish their own posts without approval from an admin or editor.

Here’s what a WordPress author is capable of doing:

Create new posts
Edit and delete their own posts
Publish their own posts

What a WordPress author cannot do: edit or delete other users’ posts.

Get an in-depth description of the role of the WordPress author.

WordPress User Role: Contributor

The WordPress contributor is very similar to the author (so much so that the two are often confused), in that a contributor can create, edit and delete their own posts. However, the major difference is that the contributor cannot actually publish their posts. Instead, the contributor needs to get approval from an admin or editor before their content can be published.

Here’s what a WordPress contributor is capable of doing:

Create new posts
Edit posts they created
Delete posts they created

What a contributor cannot do: publish their own posts.

Want more insight? Get the full breakdown of the WordPress contributor role.

WordPress User Role: Subscriber

At the bottom of the WordPress user roles hierarchy is the subscriber. The subscriber is unlike all of the other roles in that the subscriber is not looking to add to your site’s content, but simply read it. For example, subscribers are those users who want to receive email updates when new content is published or gain access to gated content in the case of sites that require membership to access its content.

Here’s what a WordPress subscriber is capable of doing:

Viewing gated content
Receiving email marketing content
In some cases, add comments on posts

What a subscriber cannot do: edit any portion of the website content.

Get more information about the role of the WordPress subscriber.

However, while a subscriber cannot edit the content of a post or page, they do have the ability to leave comments on enabled posts. These then appear beneath the post or page’s content.

WordPress gives you the option to allow subscriber comments to be published on your site without you seeing them first. However, you can also set up your site so that comments must be manually reviewed by a moderator. This is typically a better strategy as it protects your site from threats such as bad links, which can hurt your search engine optimization, or comments that are nothing more than spam.

Depending on your post frequency and number of subscribers, moderating comments can quickly become overwhelming. Luckily, if you don’t have the time to moderate every comment, you can find budget-friendly professionals willing to do this service for you on Fiverr.

Visit Fiverr

How to Manage User Roles in WordPress

Now that you know exactly what each WordPress user role is and what it’s capable of, how do you manage users? First, you’ll need to be an administrator to access, change, and delete users. Assuming you are an admin, log in to the WordPress dashboard. Then, find “Users” from the left-hand navigation and select “All Users” to view all current users. Hover over a user to edit or delete it, or use the “Add New” button at the top to create a new user.

Here are the direct paths to managing WordPress users:

View all existing users: WordPress > Users > All Users
Add a user: WordPress > Users > Add New
Change user roles: WordPress > Users > All Users > Hover over user > Edit
Delete a user: WordPress > Users > All Users > Hover over user > Delete

Note that depending on the type of site you have, including which theme and plugins you have activated, you may see additional user roles and permissions available. For example, a site with gate content may also have membership packages as another menu item listed under the “Users” tab.

Frequently Asked Questions

How do you create a customized user role in WordPress?

You can create custom user roles in WordPress by either adding custom code to your theme’s functions.php file. If you’re not a web developer and not confident in your coding abilities, you can simply use a plugin, such a User Role Editor. Of course, most will find the plugin option to be a sufficient way of creating new, custom roles.

What’s the difference between a contributor & an author in WordPress?

The WordPress contributor and author roles are often confused as they’re both roles geared toward those who are writing and submitting blog content. The difference between the two is that an author is one level above the contributor in the WordPress user hierarchy, as the author is able to publish content, whereas the contributor can do everything the author can except publish content. Instead, the contributor will need post approval from an admin or editor.

How do you build a forum website?

Building a forum website is a big undertaking. However, that doesn’t mean it’s actually all that different from learning how to build a WordPress website of any sort. You will follow the same process of building a WordPress website, such as getting web hosting, connecting a domain, choosing and customizing a theme, building out content, and installing plugins. The difference is that with a forum, you should choose a forum theme and forum-specific plugins.

Get the step-by-step instructions on how to build a forum website.

Bottom Line

WordPress roles each come with their own set of unique permissions, enabling businesses to give users certain capabilities and access to the website. User roles help businesses run their site more efficiently, while also helping to safeguard a site by minimizing what each user can do while logged into WordPress. It’s worth taking the time to understand the five main user roles to protect your site and ensure the integrity of your business website.