How to Edit & Customize User Roles in WordPress

From creating pages to publishing a blog to perfecting your website’s appearance and functionality with themes and plugins, there are few limits to what you can accomplish on this CMS. Things get even more complex on a team where each person has different site-related jobs.

If you have multiple people in charge of running your WordPress website and/or contributing content, you’ll need a way to control what each of these users can (and can’t) do. This is why WordPress user roles are a must. User roles help you, the webmaster, manage everyone involved in building and maintaining your WordPress website.

In this article, I’ll explain what makes up a user role, the default user roles that come with your WordPress installation, and how to create custom user roles with a WordPress plugin.

WordPress User Roles

In WordPress, a user role is a collection of allowed actions, or “capabilities,” assigned to specific WordPress users. Capabilities include lower-level permissions, like creating an account on a site or leaving a comment on a post, to higher-level ones, like modifying plugins, themes, and users.

Any WordPress site can implement user roles, but they’re most effective on sites with many contributors. User roles help you keep track of these contributors and ensure everyone stays in their own lane. This is an essential component of proper website security — users should only be able to access what they need to.

WordPress comes with a number of default roles, and also allows users to edit user roles and create custom new ones with plugins. We’ll get into custom user roles soon, but let’s first cover the pre-made ones.

WordPress Default User Roles

A single-site installation of WordPress includes five default user roles: Subscriber, Contributor, Author, Editor, and Administrator. Multisite WordPress installations require a sixth pre-made role, the Super Admin.

Each default user role has the capabilities of all roles below it, plus its own added capabilities. Let’s take a look at each default role in order of fewest to most capabilities:

Subscriber

The subscriber role has the least power of the default roles. Subscribers can create and edit their own password-protected accounts on your WordPress site, and that’s about it. They can’t create posts, edit existing content, or modify any of your site’s settings.

This role works well for WordPress websites that require accounts to view restricted content, like membership sites. You might also assign the Subscriber role to visitors who sign up for a content offer or email list. Otherwise, your site likely won’t need this role.

Contributor

Contributors can create posts, but they can’t publish. An Administrator or Editor must publish their posts for them, and Contributors cannot edit or delete their posts once live. They also aren’t allowed to upload images or other files to their pieces, and they can’t change any site settings.

This role works best for content creators who need closer monitoring than Authors, such as one-time or infrequent writers, or creators from outside of your main content team.

Author

Authors are similar to Contributors, but with more autonomy. They have full control over their own content, including the ability to create, publish, edit, and delete their own posts. Unlike Contributors, Authors can also add files to their content, and edit comments left on their posts. However, they cannot modify or delete posts by other users, or change site settings.

This role is ideal for team members whose primary job is content creation. Authors are trusted to publish their own content and change or delete it if necessary, so it’s best not to assign the role to creators outside your team or organization.

Editor

The Editor role manages content produced by contributors and authors. They may create, publish, modify, or delete any post or page on your site. Editors can also fully moderate comment sections and manage tags and categories for posts. While Editors have significantly more control than to lower roles, they also cannot make any larger changes to your site.

Administrator

Administrators are in charge of the entire WordPress website. They have complete control over the site’s content, theme, plugins, updates, and backend code. The Administrator is also able to add, modify, and delete users, even other Administrators.

WordPress automatically assigns the Administrator role to the user who creates the website. It’s most common to have just one Administrator per website, possibly more if your business is larger.

Assigning the role to others should be done with a high level of caution — all Administrators need a solid understanding of your site’s functionality, as well as WordPress security best practices. If an Administrator account gets hacked, that’s bad news.

Super Admin

The Super Admin role only exists on WordPress multisite networks, and oversees all sites within the network. Along with Administrator-level permissions for each site, the Super Admin makes network-wide changes including adding or removing sites from the network and changing themes and plugins across sites.

For a full list of capabilities for each role, see the WordPress Roles and Capabilities page.

WordPress Custom User Roles

If the default WordPress options don’t quite fit the needs of your site, the Administrator can modify the capabilities of existing user roles, create new roles, and delete unnecessary roles. This allows for tighter control over user permissions and a better system to match your own team structure.

WordPress User Roles Plugins

Any capability can be added or removed from an existing user role. For example, you might want to prevent authors from deleting their posts once published, or allow Editors to change or modify the current theme.

To enable customization of user roles, you’ll need to use a plugin. There are a handful of plugin options built specifically for customizing roles, and many security plugins also include a feature for this purpose.

Here, I’ll explain how to customize, create, and delete your own user roles with the free and popular User Role Editor plugin. Installing and activating the plugin adds a new option under the Users menu called User Role Editor.

How to Edit an Existing User Role in WordPress

To modify the capabilities of an existing WordPress user role:

1. In the left panel, select Users > User Role Editor. You’ll be taken to the plugin’s main interface.
2. Select the user role you want to modify from the top dropdown menu. You’ll see a list of all capabilities currently allowed for this role. Check the box next to Show capabilities in human readable form to list these functions more clearly.
3. Select/deselect the capabilities you want to add to/remove from the role.
4. Click Update, then Yes in the Confirm window. The list will refresh with updated permissions.

How to Create a Custom User Role in WordPress

To create a new user role with the User Role Editor plugin:

1. Select Users > User Role Editor in the left panel.
2. In the right-side button pane, choose Add Role.
3. Create an ID and Display Role Name.
   • The Display Role Name is what appears for users in the WordPress dashboard. Administrators can change the Display Role Name by selecting Rename Role from the main interface.
   • The ID only shows in the User Role Editor plugin. It can be the same as the Display Role Name, or different for systematic labeling purposes. You cannot rename the ID once the new role is created.
4. If you want to clone an existing role, select it from the Make copy of dropdown.
5. Click Add Role.
6. Select the capabilities you want to add to the new role.
7. Click Update, then Yes in the Confirm window. The list will refresh with updated permissions.

It’s your job as an Administrator to keep your site permissions secure, organized, and updated — not even a plugin can change that responsibility. By fitting the capabilities of each user role to match your team, you can rest assured that your users are contributing where they need to be.