Now that you’ve built your website with WordPress, maybe you allow anyone from your audience to register to your website. Or maybe you don’t. And the people that register on your website should meet specific requirements. Maybe you insist on personally knowing them. Or the registration is paid. Whatever the case is, you should know what a user role is. You should know what type of rights you give to any registered person.
WordPress User Roles: What are They?
The role of a user in WordPress is to represent the user’s hierarchy level. By default, a user could be Subscriber, Contributor, Author, Editor, and, of course, Administrator. Every one of the roles has its predefined capabilities. These predefined capabilities could be, of course, changed, like pretty much everything in WordPress. But to do so, you’ll need the proper plugin. With the right plugin, you’ll be able not only to change the rights of the default user roles but also to create entirely new user roles.
Read: How to Change Author in WordPress
The user roles are what enable us to have a hierarchy built into our website. Thanks to this feature we are able to allow anyone to register on our website. We can set roles for anyone that is working with us on the website, and by giving them the proper role, we won’t be constrained in what they could do to the website.
But let’s dive deeper, in order to examine the mystical ‘predefined capabilities’ of the user, that we told you about!
Subscriber
The subscriber is at the lowest level of the user role hierarchy. As you can imagine, a subscriber would have few rights, if any at all. If nothing is changed the subscriber will be able to only change their profile’s information. Nothing less. Nothing more. This is the only right that they have regarding the backend of the website. Of course, they’ll be able to comment on your content. If you didn’t disable the comments.
Contributor
Having contributors is a great choice if your site is new, but there are people that are eager to help. Why is that? Contributors are almost as limited as the Subscribers. But guess what! They can create posts! They could only create, edit and delete their content. Before it was published. So, if you don’t know and don’t pay the people that are writing for your website, maybe you should consider this option.
Author
The users that you assigned the author role will be able to write, edit, publish and delete their own content. Also, they’ll be able to upload files. Authors also have the right to edit their profiles and change their passwords.
Knowing that an author is able to delete or edit their posts you may consider assigning contributor roles to people that are working for you. Or, you can disable the abilities of the author role to edit or delete published content by using a plugin. This way, if you have to separate ways with one of the authors, they won’t be able to delete their articles.
Editor
Speaking of the WordPress user role, the Editor is the one with the most rights. Excluding the Administrator user role, of course. Editors are capable of writing, editing, publishing, and deleting posts. Much like the Author, you may note. Well, not exactly. While the Author is able to only manipulate in such a way only its own content, the Editor is able to do all of this to any post on the site. It doesn’t matter if he is the one that created the content in the first place. You may or may not need an Editor. But if you decide to have one, bear in mind that even if he is not a decent person and decides to delete all the posts on the site, you’ll be able to restore them by using the backup.
Administrator
The administrator is usually just one. This user is automatically created in the WordPress installation process. While installing the CMS, you’ll be asked for a username and password. As you probably already know, the user you are creating along with the installation is the Administrator. Of course, you can give someone else the same rights, by creating another Administrator profile. But that will allow them to have full access to everything on your website. The users that are assigned the role of Administrator are able to install, delete and edit themes and plugins. The same goes for posts, pages, categories, tags, and even other users.
In conclusion
While most people won’t try to harm you or your website, some may want to do it. In order to eliminate the risk or make it as low as possible, first, you should really trust the people to whom you assign the user roles. Second, you may consider using a plugin to change the capabilities of the different roles in such a manner, so the risk is lowered as much as possible.
Last, but not least you should not allow anyone else to the Control Panel of your Hosting Account. That way, even if the content is deleted, you’ll still have a backup.