WordPress User Roles and Capabilities – Beginners Guide
WordPress User Roles is a feature that’s been around for quite some time now. User roles and many capabilities have been introduced as early as version 2.0. In this guide, we will cover everything that a beginner needs to know about user roles and capabilities.
WordPress User Roles and Capabilities
WordPress User Roles are a named collection of capabilities. A capability defines what a user is allowed to do and what he can’t do. For example, a user with publish_posts capability is allowed to publish posts. Without this capability, he might be able to create a post but won’t be able to publish the post. Each role can have multiple capabilities. They simplify the process of granting capabilities. Let’s say you want to add two additional admin users. You don’t have to grant all the capabilities of an admin user to each of them. Simply grant them the admin role instead.
By default, WordPress comes with six built-in roles. There are many capabilities. Each role comes with its own set of capabilities. A role represents the purpose of the user within the site. For example, an author can only edit, publish and delete his own posts but not someone else’s. That’s because he lacks the rights and privileges to do so. Here’s a list of the default WordPress roles
- Super Administrator
The most powerful of all WordPress user roles available in WordPress. This role is only available in WordPress multi-site setup. They have all the capabilities available including access to the multi-site capabilities. So they can add sites on a multi-site network. They look after the network management in a multi-site WordPress setup.
They can create, edit, publish and delete any post and pages. They are authorized to install, active and remove plugins and themes. They can also create new users, edit details of existing users (also change password) and delete other users including other administrators.
The most powerful user role in a single-site WordPress installation. They can do everything that a super admin can do except network management. Simply put, this user role is only for meant for site owners. It gives you everything you need to control a single WordPress site. Don’t grant this to any other user.
This role is for users who control the content of a WordPress site. Users with editor role can create, edit, publish and delete any content on your site. That means also have full control over private posts. They can create new categories. They can also moderate comments, i.e. approve, edit and delete comments. They are not allowed to change site settings. They also can’t do anything related to plugins, themes, and users.
Users with author role can create, edit, publish and delete posts. They can view unapproved comments. But they are not permitted to moderate comments. They can’t create any new category but they can create tags.
Author’s can’t change any site settings. They also can’t install, activate and remove any plugins and themes. One thing to look out for is that an author can edit and delete published posts which the author created.
Users with contributor role can only create posts. They can edit posts and delete their own posts as long as they are not published. They can’t even publish their own posts. To make matters worse, they can’t even upload files. So they can’t attach their own post thumbnails.They can see unapproved comments but they can’t moderate them. Just like authors, they can’t create any category but can create tags. They can’t do anything related to site settings, plugins, and themes.
They can see unapproved comments but they can’t moderate them. Just like authors, they can’t create any category but can create tags. They can’t do anything related to site settings, plugins, and themes.
A user with this role can log in to your site and update his or her profile and password. They can’t do anything else in the admin area.t’s only meant to be used when you publish private posts and want your users to log in before they can view them. Another case when you need this role is when you want your user’s to log in before they can post comments.
It’s only meant to be used when you publish private posts and want your users to log in before they can view them or when you want your user’s to log in before they can post comments.
Creating new roles
The default setup of WordPress user roles is well planned. They should never be modified because you might get unexpected results later on. For example, an author might end up with the ability to change site settings. You should only add custom user roles and edit them instead of editing any default roles.
Now let’s create a new user role. We will use the Capability Manager Enhanced plugin. Install and activate it. Then go to Dashboard > Users > Capabilities
Type name of the role you want to create in the box under Create New Role. Next click the Create button. Next check all the capabilities you want this role to have and click Save Changes. You can also delete this role by clicking on Delete Role button.
If you want to edit any of the default WordPress user roles, then select the role in the combo box under Select Role to View / Edit. Then simply check or uncheck any of the capabilities that you want to give or take from the role. Save your changes by clicking on the Save Changes button.
We hope this tutorial helped you in understanding WordPress user roles and capabilities. Leave your feedback in the comments section below.