WordPress has a system of Roles and Capabilities which allows the website’s manager to control who can do what in the Admin screens. Using these roles thoughtfully is highly recommended whenever there is more than one person involved. Each Role defines a specific set of tasks which the user is able to perform, so that the heavy responsibilities are reserved for specific people.
For example, a person with the role Administrator is capable of doing serious, irreversible damage to a WordPress site, so it’s best to give that role only to a committed, knowledgeable person. A person with the Editor role can’t destroy the whole site, but could do major damage to any post or page, so that role should be given out to only people who can handle that responsibility.
The Administrator Role
It’s true — we use the term Admin to refer to two separate things. We call the Administration Screens “the Admin”, and we also call a site Administrator “the Admin”. The context should make it clear which we’re talking about!
When WordPress is installed, an Admin is automatically set up, typically the person who performed the installation. The Role of Administrator gives him access to all of the administration features for the site. He then has control over who can become a user and what their role and capabilities will be.
Normally, the Administrator will add Users as needed, giving them the Role which allows them the access they need, but not more. This is done from the Users screen in the Admin.
The Default WordPress User Roles
By default, WordPress offers six Roles. The following is a brief summary of their capabilities.
The Super Admin role applies only to Multisite, a specialized feature which allows multiple sites to share a single WordPress installation.
It’s not clear why WordPress has the Subscriber role, since it has almost no practical purpose. Hopefully this will change in future versions.
- A Super Admin has control over all functions in a network of sites. This applies only to a Multisite WordPress installation.
- An Admin controls everything within a single WordPress site.
- An Editor can write and publish posts, and also edit the posts of others.
- An Author can write, publish and manage his own posts.
- A Contributor can write and edit his own posts, but cannot publish them.
- A Subscriber can only read posts.
By using these roles, an Administrator can allow writers access to the Administration Screens while limiting what they can do.
In addition to the summary above, there are lots of other functions that are allowed or disallowed according to Role. The WordPress Codex provides a detailed list of these capabilities — and a graphical chart which makes it even clearer — in this article, Roles and Capabilities.
The Users screen
The Users screen is reached from the Admin Main Menu, and is the place to add, edit, or delete the site’s Users, which are all listed in a table. Opening Screen Options with its tab near the top right allows you to specify which columns of User information are shown in the table.
The Users screen provides a number of options for viewing and editing User information, including editing several Users at once with Bulk Actions.
Adding a New User
Near the top is the Add New link. Clicking this takes you to the Add New User screen. The fields there are self-explanatory; one of them lets you specify this user’s Role. Be sure to use a strong password, the most basic of WordPress security measures.
Editing a User
From the main Users screen, clicking on any Username, or on the Edit link just below his Username, takes you to that person’s Edit User screen, This screen is very similar to the Add New User screen shown above, and allows you to edit the same fields. It also lets you add some additional information: several Personal Options, Nickname, Display Name, and Biographical Info.
When a User clicks on his own name, the same Edit User screen is instead titled “Profile“.
If you need to alter the default Roles
If you find that you need to make changes to the Roles provided by WordPress, there is a current plugin for that which this author has used with success: User Role Editor. You can even add new roles.
If your website has several contributors — or lots of them — WordPress’ User Roles is a good way to give each person only the amount of responsibility he needs.