WordPress has gained popularity as both a blogging platform and website creation tool, leading everyone from users and content marketing companies to make use of it. Depending on the scenario, you may find that multiple people need to access the website or blog in different ways. Limited access to certain users while granting others more freedom can be a valuable ability in ensuring security on a WordPress site. The key to controlling this access is by assigning user roles.
To view current users on your site and the roles they’ve been assigned, just click Users from the left navigation. You can change a user’s role by selecting the box next to the account, clicking the “Change role to…” option from the menu, and selecting the new role. Keep in mind that only Administrators can change these roles.
WordPress provides 5 options for user roles, granting each one different abilities within the website or blog:
For WordPress sites, an administrator carries full control over the website. They can make any changes to posts, plugins, and users within the site. This includes changing passwords, deleting users, editing posts, and installing plugins. Because of the overarching abilities of this role, it’s important to be careful who is granted this access.
Editors are granted complete control over content areas of a WordPress site. This means they can create, edit, or delete posts written by any user. However, unlike the administrator, they cannot make changes to users or the site itself in the form of plug-ins. This role can be very useful for writers or marketing team members on staff to monitor and change the written parts of a blog or site without being able to make more substantial changes to the framework of the site itself.
Each author can create, edit, and delete only their own posts. These users can create new tags for their posts, but they cannot add new categories. In addition, they can view comments on their own posts, but they cannot approve or delete any comments.
Contributors can create new posts and edit their posts that have been published, but they cannot actually publish their posts. This means that a user with more access has to approve a post and publish it before it will appear on the website. Additionally, they cannot upload files, which means that they cannot add images into their posts. This role can be very useful for a website with individuals outside the company who want to write and submit items to a blog. With reviewing required on every post, you can ensure that nothing gets posted to the site that you don’t want to.
For visitors to your website or blog, the subscriber role is the most common. These users can update their profiles and passwords, but cannot make any changes to the site itself or access the admin area.
While these user roles are designed to fulfill the needs of most website’s scenarios, some site owners may find a need to change them up a bit or create a completely new role. The good news is that WordPress allows you to edit user roles and customize them. For instance, if you wanted your contributors to be able to delete their posts, you could add that capability.
Understanding these users roles and applying them properly can allow you to grant access to certain areas of your website without risking damage to other areas. You can assign roles to employees in a business, guest content providers, and even IT professionals. This can provide security for your website without the stress and headache of changing passwords and such. As a tool, user roles in WordPress can be a valuable asset for security and ease of use.