What Are WordPress User Roles ?

Sharing your personal admin login details has its security risks. In WordPress, you can assign different user roles to control what people can and cannot do on your WordPress site. Such as a contractor, freelancer, consultant, or agency. Only the Site Owner (the person that created the site) can transfer the site ownership to another administrator.

User Roles Explained:

Administrator

An Administrator (or Admin for short) has full power over the site and can do everything related to site administration. Administrators can create more Administrators, invite new users, remove users, and change user roles. They have complete control over posts, pages, uploaded files, comments, settings, themes, plugins, imports, and exports. Nothing related to site administration is off-limits for Administrators, including deleting the entire site*.

* Some Limits on Administrators that apply:

  • Only the Site Owner (the person that created the site) can transfer the site ownership to another administrator.
  • Administrators cannot access the purchases and stored payment details added by the site owner or other administrators.
  • Administrators cannot delete domains unless they are the domain’s owner.

You might add an additional administrator to WordPress for a group project or class where multiple people need to contribute to a website. However, it’s recommended to only have as many administrators as you need because more admins increase the risk of someone’s login being compromised. You should also regularly review your admin users.

Editor

An Editor can create, edit, publish, and delete any post or page (not just their own), as well as moderate comments, upload to the media library, and manage categories, tags, and links.

Author

An Author can create, edit, publish, and delete only their own posts only, as well as upload files and images. Authors do not have access to create, modify, or delete pages, nor can they modify posts by other users. Authors can edit comments made on their posts.

Contributor

A Contributor can create and edit only their own posts but cannot publish them. When one of their posts is ready to be published or has been revised, the site owner or another administrator can review it. Contributors cannot upload files or images.

Once a Contributor’s post is approved and published by an Administrator, it can no longer be edited by the Contributor. However, the post author will still be the Contributor instead of the Administrator who publishes the post.

Summary

  • Administrator: The highest level of permission. Admins have the power to access almost everything.
  • Editor: Has access to all posts, pages, comments, categories, and tags, and can upload media.
  • Author: Can write, upload media, edit, and publish their own posts.
  • Contributor: Has no publishing or uploading capability but can write and edit their own posts until they are published.
  • Subscriber: People who subscribe to your site’s updates.

Other Roles

Other plugins may create additional user roles or modify what a role has permission to do. For example, when you install WooCommerce, two additional user roles are created: Customer and Shop Manager. Information about these can be found in the WooCommerce documentation.

Different plugins can add different user roles , check the plugin’s documentation for more information on roles added by a particular plugin.

There are also plugins that you can use that offer alternate methods of giving someone access to your site such as Temporary Login Without Password plugin and others you can search WordPress.org for more plugins.