WordPress User Roles: Who is Who7 min read
Maybe you allow anyone from your audience to register to your website. Or maybe you don’t. And the people that register to your website should meet specific requirements. Maybe you insist to personally know them. Or the registration is paid. Whatever the case is, you should know what a user role is. You should know what type of rights you give to any registered person.
WordPress User Roles: What are They?
The role of a user in WordPress is representing the user’s hierarchy level. By default, a user could be Subscriber, Contributor, Author, Editor and, of course, Administrator. Every one of the roles has it’s predefined capabilities. These predefined capabilities could be, of course, changed, like pretty much everything in WordPress. But to do so, you’ll need the proper plugin. With the right plugin, you’ll be able not only to change the rights of the default user roles but also to create entirely new user roles.
The user roles, are what enables us to have a hierarchy built-in to our website. Thanks to this feature we are able to allow anyone to register to our website. We can set roles to anyone that is working with us on the website, and by giving them the proper role, we won’t be constrained in what he could do to the website.
But let’s dive deeper, in order to examine the mystical ‘predefined capabilities’ of the user, that we told you about!
The subscriber is the lowest level of the user role hierarchy. As you can imagine, a subscriber would have few rights, if any at all. If nothing is changed the subscriber will be able to only change their profile’s information. Nothing less. Nothing more. This is the only right that they have regarding the backend of the website. Of course, they’ll be able to comment on your content. If you didn’t disable the comments.
Having contributors is a great choice if your site is new, but there are people that are eager to help. Why is that? Contributors are almost as limited as the Subscribers. But guess what! They can create posts! They could only create, edit and delete their content. Before it was published. So, if you don’t know and don’t pay to the people that are writing for your website, maybe you should consider this option.
The users that you assigned the author role will be able to write, edit, publish and delete their own content. Also, they’ll be able to upload files. Authors also have the right to edit their profile and change their password.
Knowing that an author is able to delete or edit their posts you may consider assigning contributor role to people that are working for you. Or, you can disable the abilities of the author role to edit or delete published content by using a plugin. This way, if you have to separate ways with one of the authors, they won’t be able to delete their articles.
Speaking of WordPress user role, Editor is the one with most rights. Excluding the Administrator user role, of course. Editors are capable of writing, editing, publishing and deleting posts. Much like the Author, you may note. Well, not exactly. While the Author is able to only manipulate in such a way only its own content, the Editor is able to do all of this to any post on the site. It doesn’t matter if he is the one that created the content in the first place. You may or may not need an Editor. But if you decide to have one, bear in mind that even he is not a decent person and decides to delete all the posts on the site, you’ll be able to restore them by using the backup.
The administrator is usually just one. This user is automatically created in the WordPress installation process. While installing the CMS, you’ll be asked for a username and password. As you probably already know, the user you are creating along with the installation is the Administrator. Of course, you can give someone else the same rights, by creating another Administrator profile. But that will allow them to have full access to everything on your website. The users that are assigned the role of Administrator are able to install, delete and edit themes and plugins. The same goes for posts, pages, categories, tags, even other users.
While most of the people won’t try to harm you or your website, some may want to do it. In order to eliminate the risk or make it as low as possible, first, you should really trust the people to whom you assign the user roles. Second, you may consider using a plugin to change the capabilities of the different roles in such a manner, so the risk is lowered as much as possible.
Last, but not least you should not allow anyone else to the Control Panel of your Hosting Account. That way, even if the content is deleted, you’ll still have a backup.