WordPress User Roles: What They Are & How Best to Manage Them
Home > Resources > WordPress User Roles: What They Are & How Best to Manage Them
If you have an editorial team for your WordPress blog or collaborate with a group of writers, it’s essential that you understand and properly manage user roles. WordPress user roles ensure that users have the right permissions to do their work smoothly. Proper management of WordPress user roles means that you get the right balance between user roles and access level.
Failure to properly manage user roles increases the risk of mistakes or accidents that can have potentially catastrophic consequences for your blog.
There are five default user roles in WordPress – Administrator, Editor, Author, Contributor, and Subscriber. Each of these roles has access levels and functionality.
Brief description of default roles and access rights:
Administrator: Has unlimited access to all features and admin functions.
Editor: Can create and publish posts. Can also manage posts created by other users.
Author: Access rights limited to creation and management of own posts.
Contributor: Same rights as Author but has no publishing rights.
Subscriber: Only has access to their profile.
You can view and manage default user profiles under Users menu on the dashboard.
Manage Roles With a Plugin
WordPress user roles are best managed using a capable plugin. Some plugins add new user roles while others simply manage the existing roles.
For our example, we’ll use the popular User Role Editor plugin to edit existing user role permissions from the dashboard.
Start by installing and activating the plugin via the dashboard. Once installed, you can access the plugin dashboard via Users > User Role Edit.
Select a role to edit via the drop down menu and check or uncheck the appropriate permissions. There is a bunch of core capabilities as well as seven more custom capabilities to choose from.
To assign a capability to a user role, simply check the box next to the capability option. The basic free version of this plugin doesn’t allow custom user creation. You might want to try another plugin to get that functionality.
The beauty with this plugin (and similar ones) is that you can have users with the same role (such as Author) but with unique capabilities. For instance if you have 5 authors and only want one of them to have publishing rights, you simply enable that capability for that user and disable it for the rest, which isn’t possible with the default predefined permissions for the Author role.
For most basic blogs, the default roles are perfectly sufficient. However, there are situations where the default roles don’t fit with a specific role you want to assign. For instance, if you build and maintain WordPress blogs for various clients, you’d want them to have access to all features they need while ensuring that their access rights do not permit them to make changes that could bring the site down or mess up some critical functionality. Creating custom roles is absolutely handy in this situation.
As we saw in the previous section, there are plenty of plugins you can use to manage default user roles as well as create custom roles. However, you can also create new users via the functions.php file.
There are five functions that manage the different user roles and capabilities. If you’re going to be making custom user roles, these are the functions you’ll be working with most:
add_role(): adds a custom role.
remove_role(): removes a custom role.
add_cap(): adds a custom capability to a role.
remove_cap(): removes a custom capability from a role.
get_role (): returns details about a role and its associated capabilities.
You only need to use the add_role() function to create a new user role.
Define The Role and Its Capabilities
Before creating the role, you need to have a plan because without one, your code may be messy. Mostly though, your plan should contain a name for the role and its defined capabilities.
Let’s create ours:
Role Name: UserX
Roles: Create and edit own posts, edit others posts, edit pages, and manage categories.
Role limitations (What UserX cannot do): Edit themes, install or uninstall plugins, update the WordPress core.
In your active theme’s functions.php file, create the new custom user role using the following piece of code (obviously you should be working with a child theme):
At this point, you should have a new user role called UserX and it should be visible in the dropdown list under Add New User menu in the dashboard. However, the new role has no capabilities at all so you need to assign them – the ones we defined in the plan above. You’re basically going to populate the array in the above piece of code with the functionalities defined in the plan as array values. Modify the code like this:
Once that’s done, the new role will now have capabilities but you also need to set limitations as defined in the plan. Here is the complete code including the limitations.
They are all pretty self-explanatory.
Check New User Role Permission Levels
Now that you’ve added the necessary code in the back end, it’s time to check if everything works as we intended it. This simply requires you to create a new user and assign them the new custom role then log out of your system and log in as the newly created user.
When you log into the dashboard, the first thing you should notice is a change in the available menus. Specifically, the new role should have significantly reduced options on the dashboard.
WordPress user roles are the lifeblood of blog accessibility and usage. They enable users access your blog’s backend and accomplish tasks but also limit their access. Privileged overall access is reserved for the Administrator role by default.
Be cautious when assigning user roles. Irresponsible users with privileged access may mess up your blog’s core functionality, which can ultimately lead to a crash.
Use plugins to extend permissions and access rights of the default users. You can also create custom users using plugins or directly via code.
Over to you now; how do you manage users on your blog?
We never spam. Subscribe to receive inspiration, news, and ideas in your inbox.
Brenda Barron is a writer from southern California. Her work has appeared on sites like Elegant Themes, WPMU DEV, and VentureBeat. She also blogs at Digital Inkwell about the life of a freelance blogger.