Elegant Themes Blog

Stay up to date with our most recent news and updates

How To Control WordPress User Permissions Effectively Using The User Role Editor

Posted on January 27 by in Tips & Tricks | 47 comments

How To Control WordPress User Permissions Effectively Using The User Role Editor

The WordPress user system controls what users can and cannot do on your website. This includes administrative tasks, writing content, approving content, plugin and theme management, and more.

Out of the box, there are five user roles available with WordPress. I am sure you are all aware of these roles; however let us review them quickly before moving on.

The five default user roles are:

  • Administrator – Has access to all administrative options and features.
  • Editor – Can manage and publish posts. Traditionally, editors review posts submitted by contributors and then schedule them for review.
  • Author – Can publish their own posts when they wish.
  • Contributor – Can write posts but cannot publish them. Instead, they need to submit their posts for review.
  • Subscriber – Has basic functionality such as changing their profile and leaving comments.

Unfortunately, the default version of WordPress does not allow you to change what particular user roles can and cannot do. Nor does it allow you to create your own custom user groups.

This can be restrictive when running a multi author website. Take the contributor user role, for example. The contributor user role allows users to delete posts. This is not always ideal as a situation could arise where a writer deletes their article after being paid for it (rare, but still possible).

Contributors are not permitted to upload files either. Therefore, they cannot upload images to their articles. Due to this, I always manually change the permissions of the contributor user role so that they can upload images. The plugin I use to do that is User Role Editor.

User Role Editor

User Role Editor can be installed directly through your WordPress admin area. Alternatively, you can download the plugin from the official WordPress plugin directory and then upload the files manually using file transfer protocol.

You will find User Role Editor under the Users menu once you have activated the plugin.

The plugin is straight forward to use. The user role can be selected at the top of the page. This list includes all default user roles and any custom user roles you have created.

Once you have loaded a user role profile, you will see a list of what a user assigned to that user role can and cannot do. To change permissions for a user role, check or uncheck the field for that capability. All capabilities can be enabled or disabled using the “Select All” and “Unselect All” buttons at the right hand side of the page.

User Role Core Capabilities

All core WordPress capabilities are displayed for each user role.

User Role Editor does not only support core capabilities. The plugin also lists capabilities for any additional functions you have defined through your theme or through plugins.

User Role Custom Capabilities

Custom capabilities are listed in the bottom half of the User Role Editor.

New roles and capabilities can be added and deleted through the main User Role Editor page too. If you are basing a new user role on an existing user role (e.g. author), you can choose to copy permissions from that role. This saves you from having to enable all capabilities again.

Add New User Role

New user roles can easily be created through the plugin.

Capabilities can also be defined on a user level. You will see a link to the user capabilities page in the WordPress user list page.

User Role Capabilities Link

The capabilities of every user can be modified.

Controlling user permissions on a user level is useful when you want to change the capabilities of a specific user.

For example, say you have a group of ten authors writing for your blog. Each author sticks to the publishing schedule that you have developed for your writing team, except one. That particular author does not understand WordPress correctly and frequently publishes articles on the wrong day or time. Rather than remove them from the author role or create a completely new user role for them, you can simply remove the permission that allows them to publish posts.

User Role User Capabilities

A basic settings page can be found within the settings area for User Role Editor. Settings include displaying the administrator user role within User Role Editor, showing capabilities in a more readable form and showing capabilities that have since been deprecated (i.e. capabilities that have been superseded by more relevant capabilities).

User Role Editor General Options

A few basic configuration options are available.

The default roles settings page lets you define what user role users are assigned when they sign up to your website. This can be useful if you are using a forum plugin such as bbPress, but be careful about changing the default user role from subscriber on normal blogs and websites, as you will give permissions to anyone who signs up. On most setups, it is safer to manually upgrade users to the desired user role instead.

User Role Editor Default Roles

The default role that new users are assigned can also be defined.

If you have ever felt restricted by the default capabilities of WordPress user roles, I encourage you to give User Role Editor a try. It gives you complete control of the WordPress user system and will help you manage your users in whatever way you see fit.

47 Comments

  1. Great post and info, this plugin unlocks the possibilities of WordPress in a big way. Very easy to create a user backend with this, and a few other plugins, specifically BAW Login-Logout menu, Peter’s Login Redirect and more.

    • Kevin Muldoon

      Thanks Mitch. There are a few similar plugins available but I’ve always found User Role Editor to be the best.

      • I have using download monitor plugin to download some apps.

        I have created one user with role capability manager plugin. That user activity is add and edit apps.

        So that user panel shows only own apps which is added by new user.

        I want show admin apps to new user panel.

        If admin add one apps, it shows in that user panel and vice versa

  2. Thanks for this post.
    I want to say at this plugin is the best on the world.
    and the person that created this plugin is very kind and very helpful person. he is really good person and he help me very much. He is a great.
    I want to say to this person : God bless you and thank you so much.

    Best wishes
    Ashraf

      • Hey Kevin, this is a superb plugin and article. The community appreciates it. It will be very useful.

  3. One of the huge issues we have and something I have either missed or for some reason an obvious thing missed by wordpress, is the ability to allow editors access to say the Menu, we hand over sites to clients and they happily create their new pages etc, but always come back to us to make amends on the menu, its not as if it’s rocket science to move things around on the menu, but I don’t have the time or the inclination to be spending time moving categories or pages around a menu layout

    • @ Neil Thomas I second that regarding the menu’s

    • Agree! An Editor should be able to edit menus – and widgets. I’ve used the plugin the post talks about, and it works great, but I don’t want to install it on every single site.

    • Kevin Muldoon

      Hi Neil,

      I actually touched upon a similar subject on my blog recently at http://www.kevinmuldoon.com/annoying-things-wordpress-developers-do/. It focused on the fact that plugin developers keep adding their menus to the top level of the admin menu – even when it is a relatively small plugin that is rarely configured beyond the initial setup.

      I’m not sure this is exactly what you are looking for Neil, but have you tried Admin Menu Editor http://wordpress.org/plugins/admin-menu-editor/. That lets you reorder menu items, hide them etc.

      I imagine that for some clients, it could be in your interest to hide some aspects of your website (particularly if you will be helping them long term).

      Kevin

  4. Not heard of Role Editor plugin but it looks pretty useful.

    Love the direction the ET blog is going with these more general WordPress posts.

    More of them please.

    • Kevin Muldoon

      Thanks Keith. If there is anything specific you want covered, please let us know and we will do our best to accomodate you :)

  5. Thanks for the post, Kevin :)

    Ever heard of Edit Flow? It has some nice functionalities oriented to Editorial management.

    Keep it up!

    • Kevin Muldoon

      Hi Fran,

      Yes I reviewed Edit Flow a few years ago. I’ve actually included it in a few top lists I have written in the past about WordPress.

      I’ll make a note of it to review that soon as it’s a great plugin and I am sure Elegant Themes members would love to know more about it.

      :)

      Kevin

  6. Sounds great!! Usefull and easy, thanks for the post and the plugin too

  7. Kevin,

    Great stuff. You had me after your first blog post here. =)

    Any chance you could cover topics like security (how to lock down WordPress) and managing multiple WordPress sites (not WordPress Multisite)?

    Thanks!

    • Kevin Muldoon

      Thanks exeleys. I’ll try and cover some posts like that over the next few weeks :)

  8. Thanks Kevin. Love all these nifty tips!

  9. Well, being an advanced WordPress developer, I already know about that. But it’s a useful guide for the newbies :)

    • Kevin Muldoon

      Thanks Mayur.

      Nick can correct me on this, but I believe that most of our guides will probably focus on beginner to intermediate level tutorials as those are the members who need to the most help.

      But if there is anything you would like to see covered, please let me know :)

  10. Nice article for beginner, best guild-line post regarding control the role of User in WordPress.Nice step by step information and very easy to understand.

  11. Thanks a lot for the great direction. Look, if Elegant Themes were to say its themes are absolutely free-of-charge, one could say yes – these articles make that happen.

  12. I have this wp site as a test environment and want to know how to create a role that is allowed to create new users, but it is not allowed to assign the “Administrator” role.
    Can you tell me how can I do that?
    Thanks in advance

    • Kevin Muldoon

      I am not sure if any plugin that helps you do that. If someone has permission to create new users, they would be allowed to create administrators too.

      You would have to hire a developer to a suitable solution developed.

      • Thanks Kevin.

        I was hoping to have a plugin that do this because it will be very useful to have a “subadmin” that can do everything, but not creating a new administrator.

        Thanks anyway,

        Danilo

  13. I’m going to install this plugin, before that Kevin you explain the newly added role “employer” ?

  14. Hi,
    I have created a vendor & assigned capabilities using User Role Editor. Vendor is able to post product & he has permission to edit his own product only. The vendor should view only his product orders but the panel displays product orders from all vendors. How to restrict this?

    Any help would be appreciated….

  15. Great post and info, this plugin unlocks the possibilities of WordPress in a big way. Very easy to create a user backend with this, and a few other plugins,

  16. This info is really helpful. I actually found that a lot of your articles are preventing me from making time-consuming blunders when setting up my new WordPress site!

    I was looking into user role permissions, and wanted to know whether (from a security standpoint) it’s possible for me to change the display name of my editor/author/contributor to something other than their username? Because if, say, I register my new writer with a username like “Emily F” and her posts are labeled “Emily F” (just an example), then wouldn’t a hacker be able to guess that her login username would therefore be “Emily F” too, making ‘security by obscurity’ impossible here? Or is there a workaround? Please tell me if I’m missing something! I was hoping I could specify a display username for posts that’s different from the login username, but I’m guessing that may not be possible?

  17. Great article. It is very helpful since I’m working on a big project with many Contributors.

  18. I’m trying to figure out if editors can post as other users, or if this plugin would allow for that.

  19. Thanks for the info! i’m only about a year and half into WordPress so my expectations are still a little juvenile so im glad to find these things that may be common sense to some of the vets so well laid out to the rookies. Thank again guys!!!

  20. Thanks, Kevin. Is there a way how to allow one user to edit one concrete page?
    Thanks, Petr

  21. This is really what I was looking for.
    Truly helpful in managing my authors. Now no more extra work of getting their work and posting myself.

  22. I’m worried that a user editing a DIVI page that was made using ET’s Page Builder is accidentally switched to the Default Editor all the layout is lost. Is there a way we can prevent editors switching to the Default Editor or hide the button to do so?

  23. I want my users to be able to submit changes to existing pages for review, when I give them the “Edit Pages” role and then “Edit Others Pages” role it allows them to make changes to the page without moderation. The problem we have is teachers want to edit their programs page, but we don’t want them just posting anything so we want moderation. So far I have been unsuccessful in this, everything either makes everything inaccessible to my “contributor” role, or they have access to edit and make changes to published pages.

  24. How can I edit a role to give a user access to just one page only?

  25. How can I use the editor to control access to wp-admin for users?

Leave a Reply

Your email address will not be published. Required fields are marked *

Current ye@r *

Join 261,586 Happy Customers And Get Access To Our Entire Collection Of 87 Beautiful Themes For The Price Of One

We offer a 30 Day Money Back Guarantee, so joining is risk-free!

Sign Up Today

Pin It on Pinterest

Share This