WordPress user roles and permissions provide access controls and privileges for your website. They give you the ability to control what other users can or cannot do on your website and help you manage user actions such as writing and editing posts, adding new users, moderating comments, etc. In this guide, we’ll help you understand WordPress user roles and permissions, the various capabilities WordPress provides, how to manage users on multisite, and how to create new roles with a fresh set of capabilities. 


WordPress user roles and permissions define the level of access and capabilities that users can utilize to log in, manage, or edit a WordPress website. There are six user roles that you can select from for each user you add to your website. Understanding each role is necessary, regardless of if you are in charge of a magazine, website, or running a personal blog.



The Super Administrator role is only available in WordPress multisite networks. Super Administrators can remove other users, even an Administrator, and also impact many parts of your business including your network and the other users that run your website. Super Administrators can also create new websites, manage or delete content on every website, install themes and plugins across the network, and control all settings and security issues.


The Administrator role has access to every feature within the website. Administrators can create and delete users, they can install and manage plugins and themes, reset passwords, and also edit plugins, themes, files, and code. The Administrator role can update any WordPress plugins and/or themes installed on the website.


The Editor role takes care of managing content on a WordPress website. Editors can delete published posts and pages, they can manage links and categories, edit other users’ posts and pages, and moderate comments. They cannot take website administration actions which include installing plugins and themes. The Editor’s chief responsibility is to supervise the work of other authors and contributors or act as a one-person content team.


The Author role is limited as they have a restricted set of permissions within the WordPress installation. The Author can add, edit, or delete content, but they do not have access to other content or website settings. The Author role has permission to upload content and images, and they can edit reader comments that are left on their post. The Author role cannot add plugins, change website settings, or perform an action that can impact website performance.


The Contributor role is a simple version of the Author role. A user with a Contributor role can create posts and delete drafts, but they cannot publish the posts. They can save drafts or send them to an Editor or an Administrator for review and publishing. This role is ideal for new authors and guest contributors.


The Subscriber role comes with very limited access and permissions. Subscribers can only access their profile, change their password, read all posts, and leave comments.


WordPress Administrators control all aspects of security. So, as you can imagine, this might present a security risk because anyone with Administrator access can install third-party plugins, lock out other users, or even inject malicious code. Careful management of permissions is therefore crucial for securing any website and safeguarding customer data.


You will find that many of the most popular WordPress plugins utilize and manage user roles and permissions. There are plenty of easy-to-use plugins, and they allow you to assign custom user roles and groups.


WooCommerce is a popular WordPress plugin, that can help you to turn your WordPress website into an ecommerce website. WooCommerce offers two user roles that are outside of the standard six. These roles are customer and shop manager.


iThemes Security is a great WordPress security plugin with 50+ ways to secure your WordPress website.


BuddyPress is a WordPress community plugin that enables you to build a social network within your website. With the BuddyPress plugin, you will be able to create private, public, and hidden groups.


User roles and permissions can help you assign specific roles and tasks for staff members, freelancers, and contributors. Assigning custom user roles cuts down on distractions and unnecessary functionality, permitting each team member to focus on their specific tasks.

User roles and permissions are powerful tools that control who has access to various elements of your website. Understanding what user roles and permissions are and learning how to manage them are essential steps toward mastering WordPress websites, so get started using them!

A global team of digerati with offices in Washington, D.C. and Southern California, we provide digital strategy, digital marketing, web design, and creative for brands you know and nonprofits you love.

Stay up to date with our insights by following us on Twitter, Facebook, and LinkedIn.