5 WordPress User Roles and What They *Really* Mean

Why is it important to know about, pay attention to, and moderate the use of User Roles on your WordPress website? Not everyone needs carte blanc access to all of the administration area of your site. Some of your content managers may only need to write their own articles. Maybe you have a Junior Copy Writer and you're training them to learn the writing style of your organization. The role you assign to each user can help them, and in turn, help you. Let's dig in!

1. Subscriber

This role is only relevant for websites with commenting turned on because it is most commonly assigned to a user who registered in order to leave a comment. This should also be the New User Default Role for new site users if you are allowing anyone to register.

2. Contributor

This role is for your Copy Writing Intern (or anyone charged with basic copywriting or editing tasks). They can write and manage their own posts but won't be able to publish them. The button becomes "Submit for Review" and puts the post in a pending state for someone with a different role to review and publish. It's also important to note that a user with this role does not have access to the Media Library; they cannot upload nor select media to input into their content.

3. Author

This role can manage media and write and publish their own posts. Authors cannot access posts written by other users, but they can "Duplicate as Draft" if they are charged with editing another user's copy.

4. Editor

The Editor role is for your verbal Creative Director or head of the content department. They can view, manage, edit, and publish their own posts as well as posts of others. They can also view and edit pages on the site; these are different types of content from posts.

5. Administrator

Everybody wants to be an admin! Administrators have access to install and remove plugins, site-wide settings (including updating WordPress on production—more on that at another time), theme customization and settings, and users! It is common for site owners to default to assigning the Administrator role to anyone that contributes to the website, but that may not be the best choice for your team. Consider the job role of your team and whether or not they need access to everything. Also, consider whether or not their account could be compromised, giving someone else access to everything.

Determining the appropriate user role requires a lot of detailed thinking about how you want to manage the site (which is probably why "Administrator" is often the default). But, by considering these details, you should be able to make an informed decision for your team and website. If you want help with an audit of your users and roles, or want to learn more about the potential risks of "Everyone's an Admin!", drop us a note!