Don't be fooled by the
Posted: Wed Dec 18, 2024 8:41 am
As WordPress has grown in popularity, application, and complexity, we've all discovered one very important thing - making everyone an admin is not a winning strategy. Luckily, WordPress provides us with a very powerful tool called User Roles and Capabilities that helps us give people the capabilities they need without giving them too much or too little. This helps us keep our sites secure.
In this article we will talk about:
What are WordPress user roles?
What are the different roles that come with WordPress?
How to Create Custom Roles in WordPress to Suit Your Specific Needs
Security consideration with user roles
What are WordPress user roles?
As sites become larger and more complex, more people are needed to manage and maintain them.
Yes, sites still need to:
Authors to write new content that improves people's lives.
Editors to correct all errors in the authors' content.
Administrators to keep everything up to date and running smoothly
Contributors to help editors edit posts
Subscribers who may or may not have paid us money, but have at least registered with us and provided us with an email address. (that has value)
But today sites also need:
Warehouse staff to log in, print labels and ship products.
Accounting staff to ensure we collect all money owed to us.
Social media managers who can see what's going on behind the scenes, but can't necessarily change things.
Community members who have paid a premium subscription to access the really good stuff that authors are writing and editors are editing
And of course… premium community members who can log in and access the really REALLY good stuff we save for those special few who see our vision and subscribe at the premium level.
The list of required WordPress user roles is endless. It changes with each site because each site's needs are different.
The main types of WordPress user roles and their capabilities
A WordPress user role is a collection of “capabilities.” A capability is a permission to do something. The standard WordPress installation comes with around 40 capabilities, as well as 6 default user roles, sorted by level of power over those capabilities:
Administrator:
The default admin role (not to be confused with the admin account… which you shouldn’t have on your site. If you have one, stop and watch this video ) has all the standard capabilities.
What can a WordPress administrator do?
On a normal WordPress site, there is nothing that the administrator role cannot do , such as:
Create or delete users and manage their permissions
Customize the WP Dashboard
Update WP Core, Themes and Plugins
Edit and manage posts and categories
Upload files
Moderate comments
…and much more.
Who should have the administrator role?
The administrator role should be reserved for the person responsible for the technical aspects of the site . If you don't manage site security, update plugins, and handle issues, you probably don't need to be an administrator.
For security reasons, I always create a separate account that I use on my sites as an administrator. My regular account, the one I use to post content and manage users, is an editor. Therefore, I have to make a conscious decision to log in to do admin things.
All of my admin level accounts have two-factor authentication enabled (see below) and have very strong passwords.
Things get a little more complicated if you're running a WordPress multisite, because admin user capabilities are limited for these types of sites. For this, there's an additional WordPress user role in WordPress: the super-admin role.
Editor:
The editor manages things. The account I normally log into my sites with is an editor. I can do everything except manage plugins, themes, and other technical things that require more thoughtful thought before doing. Having my day-to-day account as an editor prevents me from accidentally disabling or deleting a plugin or theme.
Who should have the position of editor?
Anyone who is managing things on your site (content, users, etc.) is a candidate to be an editor.
feature name, the editor is still a very powerful feature and in the wrong hands, it can cause serious damage to your site. Strongly consider enabling two-factor authentication on editors and enforcing strong passwords to keep these accounts safe.
Author:
Next is the author role. The author role is a much more limited role. Basically, an netherlands whatsapp number data author can: upload files and create, edit, publish or delete their own posts.
Who should play the role of author?
The author role is ideal for guest writers on a blog or for regular authors whose only role is to write and edit content.
Subscriber:
A subscriber is a guest who has registered on your site . They have no ability other than to read content and edit their information .
Some sites have content that isn't visible to users unless they register. Subscriber is a good role to use for that. You'll need a plugin to be able to hide content from users who don't have a certain role or higher, but they're easy to find in the WordPress plugin repository .
Many plugins you install like WooCommerce will add new roles and capabilities to WordPress automatically . For example, when you install WooCommerce, you add the “customer” role. A customer has certain capabilities that are primarily concerned with being able to view and change their own data, view their roles, etc. People are put into the customer r
In this article we will talk about:
What are WordPress user roles?
What are the different roles that come with WordPress?
How to Create Custom Roles in WordPress to Suit Your Specific Needs
Security consideration with user roles
What are WordPress user roles?
As sites become larger and more complex, more people are needed to manage and maintain them.
Yes, sites still need to:
Authors to write new content that improves people's lives.
Editors to correct all errors in the authors' content.
Administrators to keep everything up to date and running smoothly
Contributors to help editors edit posts
Subscribers who may or may not have paid us money, but have at least registered with us and provided us with an email address. (that has value)
But today sites also need:
Warehouse staff to log in, print labels and ship products.
Accounting staff to ensure we collect all money owed to us.
Social media managers who can see what's going on behind the scenes, but can't necessarily change things.
Community members who have paid a premium subscription to access the really good stuff that authors are writing and editors are editing
And of course… premium community members who can log in and access the really REALLY good stuff we save for those special few who see our vision and subscribe at the premium level.
The list of required WordPress user roles is endless. It changes with each site because each site's needs are different.
The main types of WordPress user roles and their capabilities
A WordPress user role is a collection of “capabilities.” A capability is a permission to do something. The standard WordPress installation comes with around 40 capabilities, as well as 6 default user roles, sorted by level of power over those capabilities:
Administrator:
The default admin role (not to be confused with the admin account… which you shouldn’t have on your site. If you have one, stop and watch this video ) has all the standard capabilities.
What can a WordPress administrator do?
On a normal WordPress site, there is nothing that the administrator role cannot do , such as:
Create or delete users and manage their permissions
Customize the WP Dashboard
Update WP Core, Themes and Plugins
Edit and manage posts and categories
Upload files
Moderate comments
…and much more.
Who should have the administrator role?
The administrator role should be reserved for the person responsible for the technical aspects of the site . If you don't manage site security, update plugins, and handle issues, you probably don't need to be an administrator.
For security reasons, I always create a separate account that I use on my sites as an administrator. My regular account, the one I use to post content and manage users, is an editor. Therefore, I have to make a conscious decision to log in to do admin things.
All of my admin level accounts have two-factor authentication enabled (see below) and have very strong passwords.
Things get a little more complicated if you're running a WordPress multisite, because admin user capabilities are limited for these types of sites. For this, there's an additional WordPress user role in WordPress: the super-admin role.
Editor:
The editor manages things. The account I normally log into my sites with is an editor. I can do everything except manage plugins, themes, and other technical things that require more thoughtful thought before doing. Having my day-to-day account as an editor prevents me from accidentally disabling or deleting a plugin or theme.
Who should have the position of editor?
Anyone who is managing things on your site (content, users, etc.) is a candidate to be an editor.
feature name, the editor is still a very powerful feature and in the wrong hands, it can cause serious damage to your site. Strongly consider enabling two-factor authentication on editors and enforcing strong passwords to keep these accounts safe.
Author:
Next is the author role. The author role is a much more limited role. Basically, an netherlands whatsapp number data author can: upload files and create, edit, publish or delete their own posts.
Who should play the role of author?
The author role is ideal for guest writers on a blog or for regular authors whose only role is to write and edit content.
Subscriber:
A subscriber is a guest who has registered on your site . They have no ability other than to read content and edit their information .
Some sites have content that isn't visible to users unless they register. Subscriber is a good role to use for that. You'll need a plugin to be able to hide content from users who don't have a certain role or higher, but they're easy to find in the WordPress plugin repository .
Many plugins you install like WooCommerce will add new roles and capabilities to WordPress automatically . For example, when you install WooCommerce, you add the “customer” role. A customer has certain capabilities that are primarily concerned with being able to view and change their own data, view their roles, etc. People are put into the customer r