When you register an account on a WordPress site, you are assigned a user role. Those WordPress user roles are basically sets of permissions for what you can and can’t do on that site. Some roles can handle administrative tasks, others write and edit content, while yet others can only write. Then you get into plugin updates, theme management, and so much more. It is a very robust system, which can be expanded a great deal with various plugins and themes.
Default User Roles
By default, WordPress comes with five user roles for admins to assign. You are probably aware of these roles, but let’s briefly review them anyway.
- Administrator – Has access to all administrative options and features.
- Editor – Can write, edit, and publish posts, even those written by other users. Traditionally, editors review and schedule posts submitted by Contributors.
- Author – Can write, edit, and publish their own posts.
- Contributor – Can write and edit their own posts, but cannot publish them. Instead, they need to submit their posts for review by an Editor.
- Subscriber – Has basic functionality such as changing their profile and leaving comments. Some plugins may grant this role special permissions.
Unfortunately, the default version of WordPress does not allow you to alter what permissions these roles have. Nor does it allow you to create your own custom user roles.
This can be restrictive when running a multi-author website. Take the Contributor user role, for example. This role allows post deletion. That can wreak havoc if a writer deletes an article from a site after being paid for it. (Obviously this is a rare situation, but possible and does happen.) Contributors are not permitted to upload files either. Therefore, they cannot upload images to their articles.
Due to these kinds of issues, I always manually change the permissions of the Contributor user role so that they can upload images and cannot delete published posts. The plugin I use to do that is User Role Editor.
User Role Editor
User Role Editor is a plugin, so hit the repo or find it in your own WP dashboard. Once it’s installed and activated, you will have a new option at Users – User Role Editor in your dash. The plugin is straight forward to use. You can select the user role to be edited at the top of the page. The lis list includes all default user roles, as well as any custom user roles you may have created.
Once you have loaded a user role profile, you will see a list of what a user assigned to that user role can and cannot do. To change permissions for a user role, check or uncheck the field for that capability. All capabilities can be enabled or disabled using the “Select All” and “Unselect All” buttons at the right hand side of the page.
User Role Editor does not only support core capabilities. The plugin also lists capabilities for any additional functions you have defined through your theme or through plugins. Below, you can see capabilities for WooCommerce and Nonprofit Board Management.
New roles and capabilities can be added and deleted through this page, too. If you are basing a new user role on an existing user role (e.g. Contributor), you can choose to copy permissions from that role. This saves you from having to enable all capabilities again.
Capabilities can also be defined on an individual user level. You will see a link to the user capabilities page in the WordPress user list. If you need to change or assign roles en masse, you can do that here as well.
Controlling user permissions on a user level is useful when you want to change the capabilities of a specific user.
For example, say you have a group of ten authors writing for your blog. Each author sticks to the publishing schedule that you have developed for your writing team, except one. That particular author does not understand WordPress correctly and frequently publishes articles on the wrong day or time. Rather than remove them from the author role or create a completely new user role for them, you can simply remove the permission that allows them to publish posts.
That’s all their is to it. This is an incredibly powerful tool, and you should exercise care when pruning user capabilities. There’s a very thin margin between giving users too much control and being too restrictive that it hampers productivity.
Settings for the Plugin
A basic settings page can be found at Settings – User Role Editor. Settings include displaying the administrator user role within User Role Editor (kinda dangerous), showing capabilities in a more readable form (rather than the PHP function names), and showing capabilities that have been deprecated (i.e. capabilities that have been superseded by more relevant capabilities).
The default roles settings page lets you define what user role users are assigned when they sign up to your website. This can be useful if you are using a forum plugin such as bbPress, but be careful about changing the default user role from subscriber on normal blogs and websites. These will give that role’s permissions to anyone who signs up for your site. In general, it is safer to manually upgrade users to the desired user role instead.
With all of those options, you should be in a good place to have perfect control over your WordPress website.
If you have ever felt the need to expand your site’s functionality, there’s a good chance you’ll feel restricted by the default capabilities of WordPress user roles. Bringing on new people and responsibilities can be a bit difficult within the standard bounds. So I encourage you to give User Role Editor a try. It gives you complete control of the WordPress user system and will help you manage your users in whatever way you see fit. It’s really made a difference for me, and I think if you tinker with it a bit, you’ll find that your site can flow just a little more smoothly than it already does.
What kinds of issues have you run into with WordPress user roles in the past?
Article featured image by VectorKnight / shutterstock.com