Many startups and new businesses start off as a small team. And when you’re running a website alone, or with two or three other people, user roles and permissions are the last thing on your mind.
But for larger businesses, and especially those operating on an international basis, setting appropriate WordPress user roles & permissions should be a top priority. Careful management of these roles plays a vital role in the security and integrity of any website, and can help to define each member’s role within a team.
User Roles Explained
So what are user roles and permissions? Well, simply put they are the capabilities that each user has to add content and make changes to a website. WordPress comes with six user roles built-in by default:
This role is only available when running a WordPress Multisite. In addition to all of the powers granted to a single site admin, super admins can affect high-level changes to the entire network, including adding or removing network users, creating and deleting sites, and installing or removing themes and plugins across the entire network.
On a regular WordPress website, this is the most powerful user role – allowing full access to all features, including installing and removing themes and plugins, creating content, and editing and publishing other users’ content. These users also have access to all administrator functions; they can add or remove users, change passwords, and edit code files.
As the name implies, editors are generally in charge of managing content. They can create, edit, delete, and publish their own pages and posts, as well as those created by other users. They can also moderate comments and manage categories and links.
Authors are generally team members in charge of creating content. They cannot access pages, and instead can only create, edit and publish their own posts – not those of others. They can also upload media files, allowing them to create content independently.
This role is a more restricted version of the author role. They can edit and delete their own posts, and read all posts. However, as they do not have publishing permissions, they will have to wait for an editor to review and publish their content.
Subscribers can access their profile, change their password, read all posts and leave comments.
Permissions and Security
WordPress Admins control all aspects of security and functionality. This presents a huge security risk, as anyone with administrator access can install third-party plugins, lock other users out, or even inject malicious code. Even less powerful roles still have the ability to seriously harm the integrity of a website’s content and appearance.
Careful management of permissions is therefore essential for securing any website, and safeguarding customer data. Poorly assigned user roles can lead to anything from unedited content being published, to inexperienced users irreversibly breaking entire pages.
On the less sinister side of things, user roles and permissions can be extremely helpful in assigning specific roles and tasks for staff members, freelancers and contributors.
According to WordPress, one particular role shouldn’t be considered more senior than any other. Instead, roles should be seen as defining each user’s responsibilities within the site, and therefore the team as a whole.
This is particularly relevant when using a plugin to extend the standard user role functionalities, allowing permissions to be tailored to each individual team member. Assigning custom user roles in this manner cuts down on distractions and unneeded functionality, allowing each team member to focus on their specific tasks and reducing the risk of costly mistakes.
Plugins to Manage User Roles
You cannot directly edit the default user roles, or their assigned permissions, without a certain amount of programming knowledge. However, there are plenty of easy-to-use plugins that will allow you to do this. Here are three of our favourites:
#1User Role Editor
This is one of the most popular user role plugins on WordPress. It gives users full control over roles and permissions, and allows new roles to be created. Permissions can be assigned on a per user basis, or edited for all existing roles. It also features multisite compatibility, including one-click synchronisation for the whole network.
This powerful user role plugin provides a user interface to put you in control of your website’s permissions. It allows administrators to create, edit and assign user roles, as well as controlling permissions for specific users, and includes shortcodes and widgets for added control and functionality.
#3WPFront User Role Editor
This plugin also allows admins to create, edit or delete user roles, and manage each role’s permissions. Standard features include role cloning, widget permissions and the ability to restore roles, with more advanced features and functionalities such as multisite support and advanced widget permissions in the PRO version.
User roles and permissions are a powerful tool for controlling who has access to various elements of your website; as such, they play a vital role in both security and efficient team management.
While WordPress comes with default user roles built-in, there are several great plugins that can allow you to take full control of your website’s permissions – allowing administrators to create roles that are fully reflective of their team.
Effective management of user roles allows team members to work independently and can improve productivity while keeping your website, and data, safe from harm.