The 2022 Guide to WordPress User Roles and Permissions
WANT TO SEE MORE LIKE THIS?
Sign up to receive an alert for our latest articles on design and stuff that makes you go "Hmmm?"
Take your team’s productivity to the stratosphere!
Your website might be big as the Starship Enterprise or small but mighty like an X-Wing starfighter. Either way, WordPress user roles and permissions are essential to bring your site into the stratosphere.
Like the crew of a well-oiled spaceship, every team managing a web site needs clear roles and duties to perform well. When responsibilities are clearly defined, team members are more productive. There is less duplication of effort, less confusion, and, importantly, less risk. That means more time to focus on your business and the goals of your site.
User Roles and Permissions
The WordPress documentation for roles and permissions is exhaustive, but the heart of permission management in WordPress is roles and capabilities. A role is a set of permissions that you can assign to a team member managing your website. A capability is a specific action that a team member is permitted to complete, such as updating a page or writing a blog post. WordPress comes out of the box with six predefined roles, each with a different set of capabilities.
Here’s a quick rundown of each user role and how to use it to best serve your team and keep your website as tightly secured as the Star Destroyer.
Admin: The Captain
Users with the Admin role are able to access all the functions of the WordPress backend. Those functions include: creating, editing and deleting content, plugins, themes, and user accounts.
Meant for the Captain Kirk of your web team, this role is for the leader of your web team and there should really only be one. If you give another user the Admin role, you’re giving them the keys to the Starship Enterprise. As you might guess, a captain–or admin–has the ability to actually take a site down. We emphasize the power and risks associated with this role.
The Admin of Garrett Theological Seminary’s site has access to WordPress plugins that add extra functionality to the site. Some of our most-used plug-ins on client sites include Gravity Forms and Yoast SEO.
Editor: The Pilot
An Editor is generally responsible for managing content and thus has the highest level of access after the Admin. They can create, edit, delete, and publish pages and posts on your website. Most importantly, they can edit and delete content created by other users.
Like the pilot of your ship navigating the skies, the Editor role is meant for the team member who maps out and directs the content of your site. This role is responsible for guiding the direction of your site and the users who add content day-to-day. It’s a good idea to keep to just one or a few trusted users with Editor privileges.
An Editor on Keshet’s website can add and edit entire pages about Keshet’s programs to meet the individual needs of people with disabilities.
Author: The Flight Crew
Your flight crew is doing the day-to-day work of keeping your spaceship running smoothly and safely in orbit. They make up the majority of your team, and might be responsible for a range of duties on the flight. Similarly, Authors are writing posts, adding media, uploading files, and keeping your site updated. While they lack the ability to edit the content of other users, they are performing the important day-to-day functions of your site.
An Author on Museum of the Courageous’s site can add to the Press page by adding new posts about the latest press the Museum is receiving.
Contributor: The Interstellar Visitor
You wouldn’t let an alien walk right on and have free rein of your rocket ship, just as you wouldn’t allow a guest contributor to edit your site’s theme or plugins.The Contributor role is ideal for allowing someone outside of your usual web team to create a one-time post. Contributors can edit and delete posts, but they cannot hit “publish” or upload any media files. Because they are a great option for guest contributors, you should aim to use Contributors sparingly and temporarily.
Over at Hewn’s website, a guest Contributor could add to the News section by writing a post about Hewn’s latest lovely baked offerings.
Subscribers: The Passengers
No, most spaceships don’t carry passengers. Similarly, most WordPress sites don’t utilize the Subscriber role. Why? The Subscriber role has only one capability: read all posts. Typically, anyone visiting your site can read all posts. This role is mostly utilized on subscription-based sites that provide subscriber-only content. Think of it as a ride on Blue Origin: meant for William Shatner and very few others.
…and last but not least…
Super Admin: That’s us!
That’s right – we’re mission control here at Glantz HQ! Super Admins have the ability to make highest-level changes to sites, including managing themes and plugins. Glantz hosts client sites on secure WPEngine servers, along with performing monthly maintenance. That includes updating plugins and making backups of your site. We ensure our hosted sites are optimized to run smoothly and maintain a great experience for your visitors.
We also have the power to work with both staging sites and live production sites. A staging site is a clone of your website used to test changes and new features. We use staging sites to fix bugs and do a quality assurance check before pushing them live for your site’s visitors.
You can read more about our approach to website maintenance on our Glantz FAQ page.
Now that your cosmonaut crew is now assembled, here are some best practices we recommend for assigning WordPress user roles and permissions:
Give each user only the least amount of access needed. No one should be able to make unapproved changes or delete your site’s content accidentally.
Keep the number of user roles at the top limited. The Admin and Editor roles should be limited to as few users as needed. This will keep your content and keep the role of Authors and Contributors clearly defined.
Regularly review user roles and permissions. As your web team changes, so should the permissions on your website. You should delete old user accounts and remove Contributor accounts after a guest post is published.
In conclusion, optimizing user roles and permissions on your site is a simple way to improve your team’s workflow. It can keep your site safe from unintended blog deletions, breaking plug-ins, and alien invasion.
There’s even a potential added benefit of making your site more efficient by cleaning up old user accounts. A more efficient site means faster load times for users and a better score on the search algorithm. Please reach out to us if we can give your WordPress ship a user permission tune up.