Do you know the difference between the WordPress user roles that are included in your WordPress site? Did you even know that there are different levels of authority built into WordPress?
Let me explain what they are and why you should know about them!
If you are the only person writing content on your site, I bet you are have the role of Admin attached to your account. This is good becuase you need to have access to EVERYTHING on your site – posts, pages, widgets, themes, plugins, configuration, etc. You are the one who will be adding, deleting, modifying, installing, and keeping your website humming along. As the Admin, you will have the necessary authorization to do all this.
But what if there are other folks working on your site with you? What if you have someone that is also responsible for creating posts? Should this other person have the ability to anything and everything to your site? Probably not!
There are 5 user roles:
- Administrator
- Author,
- Editor,
- Contributor, and
- Subscriber
(Technically there is a 6th role that appeared with version 3.1 – the Super Admin. This role is used by someone with access to the blog network administration features. This role will not be discussed at this point.).
Let’s start at the lowest level of user and work our way up to the most ‘powerful.’ The functions that a user can do are referred to as ‘capability’ – the less capabilities you have, the lower your role.
Subscribers are folks that have a user account on your website. The only thing they can do is view your content; they can only read it. They can manage their profile if they wanted to. This is not much different than someone who comes to your site and reads the content (much as you are doing right now!).
The next level up are the Contributors. They can write and manage their posts but not publish them. This is good if you want to have someone writing posts, but they need to be reviewed and published by someone higher up. If you have a regular guest blogger who provides you with content, s/he can be a contributor on your site and create the post directly within your site. To retain full editorial authority, you (as the Admin) would have to approve/publish the contributor’s work.
An Author is somebody who can publish and manage their own posts. It is like a Contributor that can publish his/her own posts. The author cannot change or edit anyone else’s work, just their own.
On the other hand, the Editor who can publish and manage posts and pages as well as manage other users’ posts, etc. Clearly this is more authority over the author since the editor can change and delete someone else’s work. Editors can also manage categories and moderate comments.
So far, all these roles are strictly content based. Once you hit the Administrator role you can then start to affect the entire site. As an Administrator you would聽 have access to all the administration features of the site. Changes are if you are the only person on the site, you do it all – change themes, add plugins, create users, moderate comments,
Here is a chart from the WordPress Codex that has some of the more techie functional items listed out to see the difference.
Capability vs. Role Table
| Capability | Super Admin | Administrator | Editor | Author | Contributor | Subscriber |
|---|---|---|---|---|---|---|
| manage_network | Y | |||||
| manage_sites | Y | |||||
| manage_network_users | Y | |||||
| manage_network_themes | Y | |||||
| manage_network_options | Y | |||||
| unfiltered_html | Y | |||||
| activate_plugins | Y | Y | ||||
| add_users | Y | Y | ||||
| create_users | Y | Y | ||||
| delete_plugins | Y | Y | ||||
| delete_themes | Y | Y | ||||
| delete_users | Y | Y | ||||
| edit_files | Y | Y | ||||
| edit_plugins | Y | Y | ||||
| edit_theme_options | Y | Y | ||||
| edit_themes | Y | Y | ||||
| edit_users | Y | Y | ||||
| export | Y | Y | ||||
| import | Y | Y | ||||
| install_plugins | Y | Y | ||||
| install_themes | Y | Y | ||||
| list_users | Y | Y | ||||
| manage_options | Y | Y | ||||
| promote_users | Y | Y | ||||
| remove_users | Y | Y | ||||
| switch_themes | Y | Y | ||||
| unfiltered_upload | Y | Y | ||||
| update_core | Y | Y | ||||
| update_plugins | Y | Y | ||||
| update_themes | Y | Y | ||||
| edit_dashboard | Y | Y | ||||
| moderate_comments | Y | Y | Y | |||
| manage_categories | Y | Y | Y | |||
| manage_links | Y | Y | Y | |||
| unfiltered_html | Y | Y | Y | |||
| edit_others_posts | Y | Y | Y | |||
| edit_pages | Y | Y | Y | |||
| edit_others_pages | Y | Y | Y | |||
| edit_published_pages | Y | Y | Y | |||
| publish_pages | Y | Y | Y | |||
| delete_pages | Y | Y | Y | |||
| delete_others_pages | Y | Y | Y | |||
| delete_published_pages | Y | Y | Y | |||
| delete_others_posts | Y | Y | Y | |||
| delete_private_posts | Y | Y | Y | |||
| edit_private_posts | Y | Y | Y | |||
| read_private_posts | Y | Y | Y | |||
| delete_private_pages | Y | Y | Y | |||
| edit_private_pages | Y | Y | Y | |||
| read_private_pages | Y | Y | Y | |||
| edit_published_posts | Y | Y | Y | Y | ||
| upload_files | Y | Y | Y | Y | ||
| publish_posts | Y | Y | Y | Y | ||
| delete_published_posts | Y | Y | Y | Y | ||
| edit_posts | Y | Y | Y | Y | Y | |
| delete_posts | Y | Y | Y | Y | Y | |
| read | Y | Y | Y | Y | Y | Y |
| Capability | Super Admin | Administrator | Editor | Author | Contributor | Subscriber |
great article – this is a big wordpress feature that few of us know about since most of us don’t work on our website with multiple web developers – nice job
Yup! If you are not at this point with your site, file it under, “Good To Know For Later” – this is helpful esp. when working with clients on their site; that is a perfect example of multi-users of a site.
When the client is new to WordPress, they are not ready (or may not want) to have all the rights, privileges, and responsibilities of an Admin.
I have had a wordpress site for several months now. In the last few days subscribers seem to be adding themselves…these are people I do not know…they appear to be spam…yet I can not see that they have left any spam comments. (I have deleted the comments in the spam area). Why are they doing this, and can I do something to prevent it? You mention that they are only readers, but have I been added as a USER to your site? It is very weird.
Thank-you for your informative article
Hi Heather –
In your Dashboard, check under Settings -> General and look for the Membership option. If you don’t want people signing up with a role (i.e., you want to control who is an official user on your site), make sure option of “Anyone Can Register” is NOT checked. By the way, I am sending you an email 馃槈
Paul,
Thank-you so much for visiting my site and checking that out for me. I have just started receiving a few of your emails and am really impressed with the content you are sharing.
What plugin do you use for “Sign up for Other WordPress news”…btw I did not get a separate email? At least I don’t think I did.
Thank-you again.
Heather
BRISBANE AUSTRALIA
I did get a separate email – I found/saw it later on.
Cheers
Heather
BRISBANE AUSTRALIA