How To Control WordPress User Permissions Effectively Using The User Role Editor

Posted on January 27, 2014 by in Tips & Tricks | 58 comments

How To Control WordPress User Permissions Effectively Using The User Role Editor

When you register an account on a WordPress site, you are assigned a user role. Those WordPress user roles are basically sets of permissions for what you can and can’t do on that site. Some roles can handle administrative tasks, others write and edit content, while yet others can only write. Then you get into plugin updates, theme management, and so much more. It is a very robust system, which can be expanded a great deal with various plugins and themes.

Subscribe To Our Youtube Channel

Default User Roles

By default, WordPress comes with five user roles for admins to assign. You are probably aware of these roles, but let’s briefly review them anyway.

  • Administrator – Has access to all administrative options and features.
  • Editor – Can write, edit, and publish posts, even those written by other users. Traditionally, editors review and schedule posts submitted by Contributors.
  • Author – Can write, edit, and publish their own posts.
  • Contributor – Can write and edit their own posts, but cannot publish them. Instead, they need to submit their posts for review by an Editor.
  • Subscriber – Has basic functionality such as changing their profile and leaving comments. Some plugins may grant this role special permissions.

Unfortunately, the default version of WordPress does not allow you to alter what permissions these roles have. Nor does it allow you to create your own custom user roles.

This can be restrictive when running a multi-author website. Take the Contributor user role, for example. This role allows post deletion. That can wreak havoc if a writer deletes an article from a site after being paid for it. (Obviously this is a rare situation, but possible and does happen.)Β Contributors are not permitted to upload files either. Therefore, they cannot upload images to their articles.

Due to these kinds of issues, I always manually change the permissions of the Contributor user role so that they can upload images and cannot delete published posts. The plugin I use to do that is User Role Editor.

User Role Editor

User Role Editor is a plugin, so hit the repo or find it in your own WP dashboard. Once it’s installed and activated, you will have a new option atΒ Users – User Role Editor in your dash. The plugin is straight forward to use. You can select the user role to be edited at the top of the page. The lis list includes all default user roles, as well as any custom user roles you may have created.

Once you have loaded a user role profile, you will see a list of what a user assigned to that user role can and cannot do. To change permissions for a user role, check or uncheck the field for that capability. All capabilities can be enabled or disabled using the “Select All” and “Unselect All” buttons at the right hand side of the page.

WordPress User Role Permissions

User Role Editor does not only support core capabilities. The plugin also lists capabilities for any additional functions you have defined through your theme or through plugins. Below, you can see capabilities for WooCommerce and Nonprofit Board Management.

WordPress User Role Permissions

New roles and capabilities can be added and deleted through this page, too. If you are basing a new user role on an existing user role (e.g. Contributor), you can choose to copy permissions from that role. This saves you from having to enable all capabilities again.

WordPress User Role Permissions

Capabilities can also be defined on an individual user level. You will see a link to the user capabilities page in the WordPress user list.Β If you need to change or assign rolesΒ en masse, you can do that here as well.

WordPress User Role Permissions

Controlling user permissions on a user level is useful when you want to change the capabilities of a specific user.

For example, say you have a group of ten authors writing for your blog. Each author sticks to the publishing schedule that you have developed for your writing team, except one. That particular author does not understand WordPress correctly and frequently publishes articles on the wrong day or time. Rather than remove them from the author role or create a completely new user role for them, you can simply remove the permission that allows them to publish posts.

WordPress User Role Permissions

That’s all their is to it. This is an incredibly powerful tool, and you should exercise care when pruning user capabilities. There’s a very thin margin between giving users too much control and being too restrictive that it hampers productivity.

Settings for the Plugin

A basic settings page can be found at Settings – User Role Editor. Settings include displaying the administrator user role within User Role Editor (kinda dangerous), showing capabilities in a more readable form (rather than the PHP function names), and showing capabilities that have been deprecated (i.e. capabilities that have been superseded by more relevant capabilities).

WordPress User Role Permissions

The default roles settings page lets you define what user role users are assigned when they sign up to your website. This can be useful if you are using a forum plugin such as bbPress, but be careful about changing the default user role from subscriber on normal blogs and websites. These will give that role’s permissions to anyone who signs up for your site. In general, it is safer to manually upgrade users to the desired user role instead.

WordPress User Role Permissions

With all of those options, you should be in a good place to have perfect control over your WordPress website.

Final Thoughts

If you have ever felt the need to expand your site’s functionality, there’s a good chance you’ll feel restricted by the default capabilities of WordPress user roles. Bringing on new people and responsibilities can be a bit difficult within the standard bounds. So I encourage you to give User Role Editor a try. It gives you complete control of the WordPress user system and will help you manage your users in whatever way you see fit. It’s really made a difference for me, and I think if you tinker with it a bit, you’ll find that your site can flow just a little more smoothly than it already does.

What kinds of issues have you run into with WordPress user roles in the past?

Article featured image by VectorKnight / shutterstock.com

58 Comments

  1. Great post and info, this plugin unlocks the possibilities of WordPress in a big way. Very easy to create a user backend with this, and a few other plugins, specifically BAW Login-Logout menu, Peter’s Login Redirect and more.

    • Kevin Muldoon

      Thanks Mitch. There are a few similar plugins available but I’ve always found User Role Editor to be the best.

      • I have using download monitor plugin to download some apps.

        I have created one user with role capability manager plugin. That user activity is add and edit apps.

        So that user panel shows only own apps which is added by new user.

        I want show admin apps to new user panel.

        If admin add one apps, it shows in that user panel and vice versa

  2. Thanks for this post.
    I want to say at this plugin is the best on the world.
    and the person that created this plugin is very kind and very helpful person. he is really good person and he help me very much. He is a great.
    I want to say to this person : God bless you and thank you so much.

    Best wishes
    Ashraf

    • Kevin Muldoon

      Thanks Ashraf. Glad you found the post useful πŸ™‚

      • Hey Kevin, this is a superb plugin and article. The community appreciates it. It will be very useful.

  3. One of the huge issues we have and something I have either missed or for some reason an obvious thing missed by wordpress, is the ability to allow editors access to say the Menu, we hand over sites to clients and they happily create their new pages etc, but always come back to us to make amends on the menu, its not as if it’s rocket science to move things around on the menu, but I don’t have the time or the inclination to be spending time moving categories or pages around a menu layout

    • @ Neil Thomas I second that regarding the menu’s

    • Agree! An Editor should be able to edit menus – and widgets. I’ve used the plugin the post talks about, and it works great, but I don’t want to install it on every single site.

    • Kevin Muldoon

      Hi Neil,

      I actually touched upon a similar subject on my blog recently at http://www.kevinmuldoon.com/annoying-things-wordpress-developers-do/. It focused on the fact that plugin developers keep adding their menus to the top level of the admin menu – even when it is a relatively small plugin that is rarely configured beyond the initial setup.

      I’m not sure this is exactly what you are looking for Neil, but have you tried Admin Menu Editor http://wordpress.org/plugins/admin-menu-editor/. That lets you reorder menu items, hide them etc.

      I imagine that for some clients, it could be in your interest to hide some aspects of your website (particularly if you will be helping them long term).

      Kevin

  4. Not heard of Role Editor plugin but it looks pretty useful.

    Love the direction the ET blog is going with these more general WordPress posts.

    More of them please.

    • Kevin Muldoon

      Thanks Keith. If there is anything specific you want covered, please let us know and we will do our best to accomodate you πŸ™‚

  5. Thanks for the post, Kevin πŸ™‚

    Ever heard of Edit Flow? It has some nice functionalities oriented to Editorial management.

    Keep it up!

    • Kevin Muldoon

      Hi Fran,

      Yes I reviewed Edit Flow a few years ago. I’ve actually included it in a few top lists I have written in the past about WordPress.

      I’ll make a note of it to review that soon as it’s a great plugin and I am sure Elegant Themes members would love to know more about it.

      πŸ™‚

      Kevin

  6. Sounds great!! Usefull and easy, thanks for the post and the plugin too

  7. Kevin,

    Great stuff. You had me after your first blog post here. =)

    Any chance you could cover topics like security (how to lock down WordPress) and managing multiple WordPress sites (not WordPress Multisite)?

    Thanks!

    • Kevin Muldoon

      Thanks exeleys. I’ll try and cover some posts like that over the next few weeks πŸ™‚

  8. Thanks Kevin. Love all these nifty tips!

  9. Well, being an advanced WordPress developer, I already know about that. But it’s a useful guide for the newbies πŸ™‚

    • Kevin Muldoon

      Thanks Mayur.

      Nick can correct me on this, but I believe that most of our guides will probably focus on beginner to intermediate level tutorials as those are the members who need to the most help.

      But if there is anything you would like to see covered, please let me know πŸ™‚

  10. Nice article for beginner, best guild-line post regarding control the role of User in WordPress.Nice step by step information and very easy to understand.

  11. Thanks a lot for the great direction. Look, if Elegant Themes were to say its themes are absolutely free-of-charge, one could say yes – these articles make that happen.

    • Kevin Muldoon

      Glad you found the article useful πŸ™‚

  12. I have this wp site as a test environment and want to know how to create a role that is allowed to create new users, but it is not allowed to assign the “Administrator” role.
    Can you tell me how can I do that?
    Thanks in advance

    • Kevin Muldoon

      I am not sure if any plugin that helps you do that. If someone has permission to create new users, they would be allowed to create administrators too.

      You would have to hire a developer to a suitable solution developed.

      • Thanks Kevin.

        I was hoping to have a plugin that do this because it will be very useful to have a “subadmin” that can do everything, but not creating a new administrator.

        Thanks anyway,

        Danilo

  13. I’m going to install this plugin, before that Kevin you explain the newly added role “employer” ?

  14. Hi,
    I have created a vendor & assigned capabilities using User Role Editor. Vendor is able to post product & he has permission to edit his own product only. The vendor should view only his product orders but the panel displays product orders from all vendors. How to restrict this?

    Any help would be appreciated….

  15. Great post and info, this plugin unlocks the possibilities of WordPress in a big way. Very easy to create a user backend with this, and a few other plugins,

  16. This info is really helpful. I actually found that a lot of your articles are preventing me from making time-consuming blunders when setting up my new WordPress site!

    I was looking into user role permissions, and wanted to know whether (from a security standpoint) it’s possible for me to change the display name of my editor/author/contributor to something other than their username? Because if, say, I register my new writer with a username like “Emily F” and her posts are labeled “Emily F” (just an example), then wouldn’t a hacker be able to guess that her login username would therefore be “Emily F” too, making ‘security by obscurity’ impossible here? Or is there a workaround? Please tell me if I’m missing something! I was hoping I could specify a display username for posts that’s different from the login username, but I’m guessing that may not be possible?

  17. Great article. It is very helpful since I’m working on a big project with many Contributors.

  18. I’m trying to figure out if editors can post as other users, or if this plugin would allow for that.

  19. Thanks for the info! i’m only about a year and half into WordPress so my expectations are still a little juvenile so im glad to find these things that may be common sense to some of the vets so well laid out to the rookies. Thank again guys!!!

  20. Thanks, Kevin. Is there a way how to allow one user to edit one concrete page?
    Thanks, Petr

  21. This is really what I was looking for.
    Truly helpful in managing my authors. Now no more extra work of getting their work and posting myself.

  22. I’m worried that a user editing a DIVI page that was made using ET’s Page Builder is accidentally switched to the Default Editor all the layout is lost. Is there a way we can prevent editors switching to the Default Editor or hide the button to do so?

  23. I want my users to be able to submit changes to existing pages for review, when I give them the “Edit Pages” role and then “Edit Others Pages” role it allows them to make changes to the page without moderation. The problem we have is teachers want to edit their programs page, but we don’t want them just posting anything so we want moderation. So far I have been unsuccessful in this, everything either makes everything inaccessible to my “contributor” role, or they have access to edit and make changes to published pages.

    • You probably already found a solution, but just in case:

      I think you might just have to un-check the “publish pages” role.

  24. How can I edit a role to give a user access to just one page only?

    • HI Michele,

      im also looking for this answer. Did you get anywhere with this?

  25. How can I use the editor to control access to wp-admin for users?

  26. I have a user that is a contributor and I review their articles, but lately they have been doing more news, which I don’t need to review. Do you know how I can limit to submit for review in every category except news? Thanks I’ve researched, but can’t find this exact thing.

  27. Hey Kevin,
    First of all I want to say that it is really a nice post which would definitely clarify all the doubts in the mind of a newbie regarding the User roles permission.
    I think author is the best role which a beginner must assign to a new user.
    Hope, I am correct regarding this.

  28. This is a super useful post, thank you! Exactly what I was looking for, especially the fact that a contributor can delete posts. I’d rather not. I was hoping for roles to have access to use some plugins while writing their posts, that would have saved me some time, thankfully you’ve given me the solution. Thanks again!

  29. This was exactly what I needed for my guest authors to upload their own images to posts. Thanks!

  30. HI,

    I need to give edit rights to one person on one page only.

    Im really struggling to see how this can be done. If you can show me how, you would indeed be amongst the WP Gods.

    Thanks.

    • Hi Gary have you found an answer to your question yet? I too am looking for this.

  31. Do you happen to know a way that I can set up a role so the editor can have access to certain pages and not view the entire admin dashboard? I used this plugin User Role Editor and I don’t see how someone can edit pages…they can view them but not edit pages or one page. Any ideas?

500,591 Customers Are Already Building Amazing Websites With Divi. Join The Most Empowered WordPress Community On The Web

We offer a 30 Day Money Back Guarantee, so joining is Risk-Free!

Sign Up Today

Pin It on Pinterest