Skip to content

An Introduction to WordPress User Permissions (And User Roles)

One of the great things about WordPress is that it lets you collaborate with other users on the back end of your site. You can assign different user roles based on tasks and responsibilities. However, if you’re new to the system, you might wonder what WordPress user permissions come with each role. 🚦

Having a good grasp of all the different user roles and their permissions can help you properly manage them. As a result, you can minimize security risks and maximize your potential for collaboration.

WordPress user permissions.

In this post, we’ll start with a general discussion of WordPress user roles. Then, we’ll do a deep dive into the WordPress user permissions associated with each of the six main roles. 🧩 Let’s get to it!

What are WordPress user roles (and why they exist)

Before we break down WordPress user permissions in depth, let’s go over some background on WordPress user roles and why they exist. In a nutshell, WordPress is a content management system (CMS) that was initially created for bloggers.

Therefore, it’s always included tons of useful features for this purpose. With this in mind, WordPress developers created a collection of WordPress user roles, which have evolved over time. Today, there are six main roles:

The above are in descending order. A super admin has the most privileges and permissions, while a subscriber has the least. When you create a new user, you’ll need to assign them one of these six roles:

Assigning WordPress user permissions/roles in the dashboard.

As you can see, some of these roles are uniquely geared toward blogging needs. More specifically, editors, authors, and contributors all have varying levels of WordPress user permissions that enable them to write or edit blog posts.

The ability to manage users in this way is crucial for a lot of reasons. First of all, it can help ensure that nothing is published on your website without your approval. In this way, you can ensure that you’re publishing only top-quality content and protect your brand’s reputation in the process.

Additionally, user management isn’t just for blogging purposes; it’s also crucial to help prevent any issues with your website’s overall design. Think about it: if you accidentally give a guest blogger permission to edit your core web pages, this could cause problems. For example, if they’re an inexperienced WordPress user, they could unknowingly modify your homepage or break your site.

An introduction to WordPress user permissions (the 6 main roles and what they can do)

Now that you know a bit more about the importance of WordPress user roles, we’re going to teach you everything you need to know about the WordPress user permissions associated with each one!

1. Administrator 🦸

When you’re learning WordPress, the administrator role is probably the first you’ll hear about. That’s because it’s the default role for anyone who creates a new WordPress installation.

👉 To sum it up, a WordPress administrator can do pretty much anything they want on the back end of their site. Here are some of the abilities, which include:

  • Manage plugins
  • Edit and manage themes
  • Moderate comments
  • Publish posts
  • Create pages
  • Manage categories and tags
  • Modify patterns and templates
  • Create and manage users

Essentially, administrators can control every aspect of a website and blog. It’s also important to note that an admin can essentially override all other user roles. Meaning, if someone else authors a blog post, the administrator can still decide to modify or delete it.

An administrator even has the power to delete a site entirely. Since admins get all WordPress user permissions possible, there should only be one per site. Otherwise, this poses a major security risk to your WordPress website.

2. Editor ✍️

👉 Next up, let’s talk about the editor role. As we mentioned, this role was basically designed for bloggers. Here are some of the things a WordPress editor can do:

  • Create and publish pages
  • Create and publish posts
  • Manage other people’s pages and posts (edit, delete, etc.)
  • Create and manage patterns
  • Manage categories and tags
  • Moderate comments
  • Read private pages and posts

The editor role gets a generous number of permissions, and they have the power to oversee other people’s work. Typically, those other people are authors and contributors (which we’ll discuss later).

Therefore, it’s good to assign this role to someone you trust. As the name suggests, an editor should be able to help you manage blog posts, comments, categories, tags, etc.:

Managing categories in WordPress.

Think of the WordPress editor role as similar to that of an editor-in-chief of an online magazine.

However, it’s important to note that editors also get some privileges in terms of web design, since they can create and modify pages and patterns. So, it’s best to use the editor role if you need someone to oversee a group of writers. You may also want them to help out with certain elements of web design, such as creating or maintaining the blog page itself.

If and when you assign this role, it’s essential to debrief the person on what their WordPress user permissions are. This way, they can use them at their discretion and according to their experience level.

3. Author ✒️

Now we’re going to explore the WordPress user permissions associated with the author role, which is a big step down from the editor. A WordPress author cannot create, edit, or manage your site’s pages. Their permissions are limited to blog posts:

The WordPress block editor.

They can create, edit, publish, and delete their own posts. They can also upload media files and read other posts. But they don’t have any privileges over content created by other people.

With this in mind, it’s useful to assign the author role to trusted writers on your team. Since they can publish content without approval, they should be responsible for maintaining a certain quality of work.

4. Contributor 🤝

A step down from the author is the contributor. This role’s WordPress user permissions are even more limited. All they can really do is create, edit, and delete their own posts.

They cannot publish them, and they can’t even upload media files. But they do have the power to read other posts.

The contributor role is great for people like guest bloggers or any other one-off collaborations with writers who are familiar with WordPress. This way, your team won’t have to deal with transferring a post from some other type of document. They can simply edit a contributor’s post after they’ve submitted a draft in WordPress.

5. Subscriber 🙋‍♂️

Now for the last of the default WordPress user roles – the subscriber. As the name suggests, this role is very basic. Subscribers can create a user profile and read the posts on your site – that’s it.

Usually, this role isn’t very useful, but it can come in handy if you run a subscription-based or membership website.

6. Super Admin 🧙🏻‍♂️

Lastly, let’s talk about the WordPress user permissions assigned to the super admin. We’ve saved this one for the end because it actually only exists when you’re dealing with a WordPress multisite network.

👉 Basically, a super admin gets all the powers that a regular administrator gets, plus the following:

  • Create, manage, and delete sites
  • Manage network users
  • Set up and upgrade the network

Additionally, the super admin can manage plugins, themes, and options on a network level. As with a regular admin, there should ideally only be one super admin per multisite network.

How to assign WordPress user roles and permissions

So, to wrap things up, certain WordPress user permissions are tied to each of the six main WordPress user roles. But you might still be wondering how to assign them.

Simply go to UsersAdd New in your dashboard:

Expanded list of WordPress user permissions and roles.

Then, next to Role, you can select your preferred option in the drop-down menu. You can also go to All Users to manage them.

Keep in mind that the main roles are those that we discussed in this article. But if you run an ecommerce website, you will have additional roles for shop manager and customer.

Similarly, if you install other plugins, such as Yoast SEO, you may get even more user roles with different permissions. But, as we mentioned, if you’re not on a WordPress multisite, you won’t see super admin as an option.

Conclusion 🧐

WordPress is a powerful CMS that was specifically designed for collaboration. However, if you’re not careful when managing WordPress user roles and permissions, you could end up providing too much access to the back end of your site, thereby jeopardizing your site’s content quality, security, and functionality.

The good news is that WordPress user permissions are pretty intuitive. First of all, there should only be one administrator per site (or super admin per multisite). Meanwhile, the editor role should be limited to trusted teammates who are qualified to manage both blog posts and WordPress pages. Beyond that, the author role is best for in-house writers, whereas the contributor role is appropriate for a guest blogger.

Do you have any questions about WordPress user permissions and how to manage them? Let us know in the comments section below!

Don’t forget to join our crash course on speeding up your WordPress site. Learn more below:

Yay! 🎉 You made it to the end of the article!
John Hughes

Inline Feedbacks
View all comments

Or start the conversation in our Facebook group for WordPress professionals. Find answers, share tips, and get help from other WordPress experts. Join now (it’s free)!

Would love your thoughts, please comment.x