While not to the level of detail which other CMS options such as Drupal provide, WordPress can be used to effectively identify and set which permissions different users of your site have at their disposal. This is useful when you have a content site where you have multiple authors and editors creating and curating the content which gets published to your site. Let’s talk about user roles in WordPress.
User Roles in WordPress
You likely only want these people to have the most limited access to your site; just enough to where they can perform their role and not enough to where they can make changes or perform tasks out of their clearance level on your site.
To create or change/set a role for a user of your site, simply navigate to the “users” tab on the dashboard sidebar. Locate the user’s name for whom you want to change their role on your site, tick the box next to their name, click the “change role to” field and select the role you want to assign to them, then click the “change” button right next to that field and just like that you’ve set that user’s role.
Starting from the top down, let’s go over the different user roles and permissions which can be designated in WordPress.
Administrator – The administrator is at the top of the chain. They can do everything possible on a WordPress run site, including everything I’ll subsequently mention for each lower role, plus changing the appearance of the site through themes, plugins, etc. Really the majority of what is accessible from the admin bar is exclusively available to the administrator. This role should only be entrusted to the owners of the website or at least those whom the owners implicitly trust with their website.
Editor – The editor is able to publish posts themselves as well as edit and manage posts written by anyone else on the site. In other words, the editor has all the power the administrator has but strictly in a content management role. You’ll notice that the number of options on the dashboard shrinks substantially for the editor, as important sections such as “Plugins”, “Appearance”, and any additional fields created by plugins which aren’t related to content creation are nowhere to be found.
This is really the stripped down content creator’s dashboard, and you should give this permission to none other than your website’s content editor, or the person in charge of the posts and pages which appear on your site.
Author – Authors can publish their own posts on the website without needing permission from anyone. The major distinction here is that they cannot change any content which anyone else on the site has written.
Contributor – Contributors can create their own posts but they cannot publish it to your site directly. They need permission from the editor before their post will go live. This is a great role to assign to aspiring and even proven guest bloggers.
Subscriber – A subscriber is just someone with the ability to manage their own profile on your website.
By default, all new users who sign up for a role are given the role of subscriber. You can set this under the “general” tab from the “settings” section of the dashboard. “New User Default Role” is the section where you can change the default. It’s understandably recommended that you don’t set anything other than subscriber or at most, contributor, to keep just anyone from uploading content to your site without your permission or knowledge.
Make sure that your users who do have access to make content additions or changes to your site have complex passwords, as well, as an added security measure, because if one account is compromised then whoever cracked that password has all of the permissions of that user. Also keep these 4 WordPress security tips in mind to keep your site as secure as possible.