Everything you need to know about WordPress user roles

There are many reasons why you might want other people to be able to log in to your WordPress website and you need to know what type of account is best for each person. This guide reveals all.

Who needs a user account?

If you accept guest posts on your website, you may have discovered that it is actually quite a lot of work posting someone else’s article. It saves you the effort of writing it yourself, but still have plenty to do.

A guest post may arrive as an email attachment, which could need unzipping. That isn’t hard, but the post may be a Word document, which you then have to open. It may contain images, which you have to save separately and then upload to WordPress media library.

The text then needs to be copied into a new WordPress post. Formatting must be applied, images must be inserted and meta information added like titles and descriptions.

Just think how much easier it would be if the guest poster could log in and write their post directly into WordPress. They could even upload the images too.

All you would need to do is to check it and publish it.

If you employ a virtual assistant (VA) who performs tasks on your website, such as editing posts, proofreading posts, or perhaps even publishing them, they need to have a user account that lets them do this. They need editing and publishing permissions.

You might also want to limit posting of comments to people that are logged into your website. This is a great way to reduce spam and junk comments without limiting your regular readers’ ability to comment.

If you have the Jetpack plugin, it enables widgets to be shown or hidden to people logged in. You could, for example, hide widgets with adverts to registered visitors that are logged in.

Create a user account in WordPress

You can create a user account for people or they can create their own. If you want people to create their own account:

Go to Settings > General.

Tick the box next to Membership – Anyone can register.

Set the New User Default Role to Subscriber.

WordPress membership settings

Click Save at the bottom of the page.

Create a link or menu where people can find it so they can create an account: www.mysite.com//wp-login.php?action=register

You can simply link to www.mysite.com/wp-login.php but the Register link is in quite small text and is easily missed.

If you want to create an account for someone yourself:

Go to Users.

Click the Add New button

Fill in the form with the name, username, and email.

Set the role to whatever you want.

Tick the option to send the person an email notification.

Click Add New User

The user will receive an email informing them of their new account, log in details and so on.

WordPress user account roles

A user account can be one of five different types. Go to Users, select a user and in the drop down list are five roles that can be assigned. Which should you choose?

Change the role for a user in WordPress

Subscriber: This lets people log in, but does not let them do anything else. This makes it safe for public use. Your site will recognise who is logged in and who isn’t, and in Settings > Discussion is a setting Users must be registered and logged in to comment.

Contributor: A user with the contributor role is able to create a new post and write and edit it. They cannot edit your posts or anyone else’s, they cannot publish posts, and cannot upload images. They can write a post and that’s it. No access to admin features.

This makes the contributor role useful for guest posters and they can save you a lot of work by writing the post in the WordPress post editor. Only you can publish it, after you have checked it of course.

The post may not quite be complete, because contributors cannot upload files, such as images. They would have to send you the image, such as by email, and you would have to insert them before publishing the article. It can still save you time and effort though.

Author: This is one step up from a contributor and the role gives them more power. For example, they can upload files like images, and publish posts. For this reason you should only assign people to author roles if you really trust them.

Authors cannot edit, delete or publish other people’s posts and their activities are limited to their own posts.

Editor: An editor has complete power over creating, publishing and deleting posts and pages – both their own and everyone else’s. For this reason you should only make someone an editor if you really trust them because they have the power to delete all posts and pages on your site. They cannot access admin functions like installing plugins and themes.

Administrator: This role is the most powerful role and an administrator can do anything, including install themes and plugins, customise templates and so on. No-one else should be an administrator because it gives them too much power.

The only exception is when you have a problem with your site and you need help fixing it. Sometimes you have to give someone admin access. Be aware that they could, in theory, delete your account so you cannot log in, so only assign an admin role to someone you trust.

Customise user roles in WordPress

Suppose you want to give a writer an account so they can write a post for your site. Making them a contributor enables them to write it, but they cannot upload images, so their post would be incomplete.

Making them an author gives them the ability to upload images, but it also gives them the ability to publish the post without your permission. They have too much power.

The ideal role would be a contributor, but with the ability to upload and insert images into posts. Is this possible? Yes, with a clever plugin.

User Role Editor is plugin that shows the permissions each WordPress role has and gives you the ability to customise them.

Go to Plugins in the WordPress sidebar.

Click Add New.

Enter User Role Editor into the search box.

WordPress User Role Editor

Click Install Now and then click Activate.

Click Users > User Role Editor.

WordPress User Role Editor

At the top you can select each of four roles – subscriber, contributor, author and editor (you cannot edit the admin role). Select a role and the capabilities are listed below with checkboxes.

Here is the contributor role. Don’t worry, delete_posts and edit_posts refers to the user’s own posts, delete_others_posts and edit_others_posts are disabled.

WordPress User Role Editor

Here is the editor role:

WordPress User Role Editor

It is easy to see the differences between roles and how they differ with the User Role Editor plugin. Select each role and look at the capabilities.

Select the contributor role at the top and customise it by ticking upload_files. Click the Update button. Now a contributor can write a post and upload images, but they do not have the ability to publish posts. Only you can do that. The role is now more useful to a writer, but without given them too much power.

Customising roles in WordPress User Role Editor

Don’t get too carried away with User Role Editor. The default settings are almost perfect anyway and you could make them worse if you don’t know what you are doing. Take care.

The best way to see how roles work is to create test accounts for each role. Open an incognito or private browser window and log in with it. See if you can create posts, upload images, delete posts and so on. Try to access admin features and see what happens (not a lot, because users are locked out).