Understanding WordPress User Roles and Restricting Access

If you’re the only on handling administration for your WordPress website, you probably haven’t had to stop and think about WordPress user roles or how they work. But if you ever need to give someone else access to some or all of your site, it’s important to understand how WordPress user roles work.

By understanding how user roles work in WordPress, you’ll be able to limit the parts of your WordPress blog that you want to limit, while making sure that no one has access that you don’t want them to have. Let’s take a closer look at what WordPress user roles are and why they matter, plus how to use each one effectively.

What Are WordPress User Roles?

WordPress user roles break down each possible set of actions that every user on your site is allowed to do. This can range from simply being able to read your blog to editing, to managing all aspects as an administrator.  As you might expect, different user roles have different capabilities.

You want to be sure that users don’t have access to areas of your site that they don’t need to have. For instance, you don’t want to let just anyone edit your theme, for example. But if you have, for instance, writers or editors helping you create content, you do want to let them be able to add, edit and manage posts.

By default, WordPress comes with six different user roles. Let’s look at each one and the capabilities it gives the user:

Administrator User Role

Administrators can do anything and everything on their WordPress blog. That includes creating, editing and deleting content, managing themes and plugins, editing code directly and even deleting other user accounts.

Editor User Role

An editor can do almost anything an administrator can. They’re generally responsible for managing content. They can also create, edit, publish and delete posts, including those written by other users. They can also moderate comments and manage categories, links and other aspects of the site.

They cannot add themes, plugins or install updates. They’re normally confined to areas within the site that have to do with content management.

Author User Role 

Authors can add, edit, delete and publish their own content, but they cannot access or handle the administration of other users’ content. They can also upload media files, like images or videos, into their own content.


A contributor is similar to an author, except they can only add, manage, and delete their own content without being able to upload their own media files. They also cannot publish their own files. If you have a first-time writer for your blog and you want to take them for a test run, a contributor role is a good start.


A subscriber can only read posts on the site and manage their own profile. Since by default, all users, whether they’re subscribers or not, can read your posts, this user role really only comes into play if you have a membership site and you want to give access to certain parts of content to subscribers.

Super Admin

This role only applies to users who are running WordPress Multisite. It’s the mode that allows an administrator to make high-level changes to all WordPress sites within a Multisite network, including adding and deleting entire sites. If you are using WordPress Multisite capabilities, the administrator role gets changed a bit. Admins will not be able to modify user details, nor can they install, upload or delete themes or plugins – those capabilities are only allowed for the super admin in this case.

Getting the Most Out of WordPress User Roles

In order to get the most benefit out of understanding WordPress user roles, it’s important to think about how you want to use each role. You don’t want to give your users too much freedom but you also don’t want to be terribly restrictive. It’s important to think about what kinds of access you want your users to have and not have, and then assign roles accordingly. Only give users top-level access to those you truly trust and know well, otherwise you could be opening your site up to a whole host of problems.

Can I Customize and Create My Own User Roles?

Absolutely! A plugin known as the User Role Editor is the fastest and easiest way to get started creating your own user roles and access levels with different capabilities. One of the first steps in growing your WordPress blog into a more complete and fully functional content management system is assigning roles properly. That’s why it’s so important to understand what each role does before you begin creating your own.

It’s always better to err on the side of caution in this case and assign too few capabilities rather than too many. The last thing you want is for someone to have too much access to things they shouldn’t and then create all kinds of problems in your site!

Need Help with User Permissions or Creating Your Own Roles?

Although this guide outlines the basics about WordPress user roles, it’s understandable if it’s confusing in terms of what each role does and is capable of. Fortunately, WPDandy is here to help! With our comprehensive experience in managing and maintaining all aspects of WordPress, including defining and creating user roles, we can help you better take control of your blog and ensure that user access is exactly how you want it to be.

If you need help with user roles or any other aspect of WordPress, it’s easy to work with us. Through our innovative administrative area plugin, you can correspond one on one with your personal developer and assign tasks, exchange files, discuss and clarify your needs and much more. Plus, we can handle it all for one affordable monthly fee. To learn more simply contact us and let us know how we can help you! Take control of your WordPress and make your website flourish with competent, experienced help from WPDandy.