Hosting Tutorial & Guide

How to Control WordPress User Roles and Permissions Easily

updated on Feb 28, 2017
How to Control WordPress User Roles and Permissions Easily The user system is an important feature built in WordPress that allows you to control what a user can do on your website and what he/she cannot. In such a system, there are five default user roles which come with different permissions such as publishing posts, managing themes and plugins, moderating comments, performing administrative tasks, etc.

The default user roles include:
  • Administrator – Have full privileges of all the administrative features.
  • Editor – Upload files, edit, schedule, publish and delete posts and pages.
  • Author – Upload files, edit and delete posts and pages.
  • Contributor – Edit and delete posts.
  • Subscriber – Read the website content.
When a user on your website is assigned to a specific user role, he/she will only be capable of doing what he/she is allowed. Therefore, the proper user role with restricted permissions is important for keeping your website safe.

The default user roles and permissions are reasonable. However, you may want to make a change depending on your needs. For example, you may need a user to moderate the comments on a magazine website without being able to publish or delete other content.

The limitation here is that WordPress doesn't allow you to do so by default. So in below, we will show you how to add new user roles and control the permissions of any user role or single user as you want.

Control WordPress User Roles

The possibilities of customizing WordPress are endless since there are thousands of plugins available that enable you to do this. If you want to take control of the user roles instead of being limited by the default ones, you can make use of a plugin named User Role Editor, a popular choice of over 400,000 WordPress users'.

User Role Editor

After dealing with the plugin installation, you can find the plugin in Users > User Role Editor. In the plugin's interface, you will be able to see all the available user roles on your website, including those created by plugins. By selecting a user role from the dropdown, you can have a view of all the capabilities that have been assigned to it.

View User Roles and Permissions

Besides, the plugin provides some options for customization, so you are able to do the following things now.

Create a new user role in WordPress

If you prefer to keep the built-in user roles to the default, you may want to add new user roles to meet other needs. To get started, click on the "Add Role" button on the right side of the page.

Add Role

In the popup, enter a role name as you like, and then choose whether to copy permissions from an existing user role. If you would like to create a completely new user role, you will not need to copy permissions from others. After making the decision, click on "Add Role".

Create New Role

In the case that you haven't assigned any permissions to the new user role, select the user role from the dropdown, and then check the permissions that you want to give to it. At last, update the user role profile.

Assign Permissions

Up to now, you have created a new user role that meets your need completely.

Define the default user role for new registrations

If you allow user registrations on your WordPress site, new users will be assigned a default user role with the permissions that you want them to have. Of course, you can change the default user role as you like. This can be done in Settings > User Role Editor.

There are some settings on the page that you can change according to your requirements. Opening the "Default Roles" tab, then, you can easily select any user role as the default role of new users. For the sake of your website security, we'd suggest you use a role that keeps the permissions to the minimum. NEVER give excessive permissions to those who should not have them.

Define Default User Role

Customize the User Permissions as You Wish

In the section above, we have already mentioned how to change user permissions. But you should know that you have the freedom to customize the permissions based on both the user role and single user.

Change the capabilities of a user role

With User Role Editor, you can customize the permissions assigned to any user role in a super easy way. After selecting a user role, you only need to tick the checkbox of any unselected capability or uncheck any selected to meet your demands. The capabilities are categorized, so you can view them clearly. After making your change, simply click on the "Update" button to make it effective.

Change the Capabilities of User Role

Change the capabilities of a single user

When you want to change the capabilities of a single user, there are two solutions. One is to create an individual user role for that user, and the other is to keep the user in the existing user group while customizing his/her own capabilities. Here we'd like to discuss the latter method.

With the activation of User Role Editor, you can find a "Capabilities" link under each user's name in the user list. You now need to click on this link.

Capabilities

In the next step, you are able to view all the capabilities of that user. Simply select some new capabilities or remove the capabilities that the user doesn't need. Don't forget to update the change.

Change Capabilities of User