Understanding WordPress User Roles and Permissions
Learn about WordPress user roles, what each level of access allows, and best practices for managing users on your website.
Managing user roles is an important part of keeping your WordPress site organized and secure. Each role gives users specific capabilities—from writing posts to managing plugins or editing pages.
Understanding which role to assign ensures your team can access what they need without risking accidental changes to your site’s structure or settings.
Step 1: Access User Settings
To view or manage users:
-
From your WordPress dashboard, go to Users > All Users.
-
You’ll see a list of everyone who has access to your website.
-
To edit a user, hover over their name and click Edit.
-
To add a new user, click Add New at the top of the screen.
Step 2: Understanding Each WordPress User Role
WordPress has several built-in user roles, each with different levels of access and control.
| Role | Permissions and Capabilities | Recommended Use |
|---|---|---|
| Administrator | Full access to the entire website — can add, edit, or delete any content, users, themes, and plugins. | Reserved for the Design Shop team or site owners. |
| Editor | Can create, edit, publish, and delete any pages or posts (including others’). Can manage categories, tags, and comments. | Great for staff who manage website content. |
| Author | Can create, edit, publish, and delete their own posts only. Cannot edit others’ content or manage plugins. | Ideal for coaches, team reps, or program leaders writing blog updates. |
| Contributor | Can write and edit their own posts, but cannot publish them. Submissions must be reviewed by an Editor or Administrator. | Best for guest writers or volunteers. |
| Subscriber | Can log in, manage their profile, and read content if the site has member-only sections. Cannot write or edit posts. | Use for general members or parents if login access is needed. |
Step 3: Changing a User’s Role
-
From Users > All Users, hover over the person’s name and click Edit.
-
Scroll to the Role dropdown menu.
-
Select the new role (e.g., Editor, Author, etc.).
-
Click Update User to save your changes.
🔒 Important: Only Administrators can change other users’ roles.
Step 4: Adding a New User
-
Go to Users > Add New.
-
Enter the user’s name, email, and username.
-
Choose a strong password or let WordPress generate one.
-
Select the appropriate role from the dropdown menu.
-
Check the box to Send the new user an email about their account (optional).
-
Click Add New User.
Step 5: Best Practices for Managing User Access
Limit Administrator Access
-
Keep admin access restricted to one or two key team members or your Design Shop support team.
Use Editor and Author Roles for Staff
-
Editors manage main content (pages, updates, news).
-
Authors and Contributors can write posts without risking design or plugin changes.
Remove Unused Accounts
-
If a user no longer needs access, delete their account or change their role to Subscriber.
Encourage Strong Passwords
-
Require users to create secure passwords and never share login credentials.
-
You can reference our guide on Protecting Your WordPress Site: The Importance of a Secure Password.
Best Practices Summary
-
Assign the lowest level of access needed for each user.
-
Restrict admin rights to prevent accidental errors.
-
Review user roles every season or when staff changes occur.
-
Encourage secure passwords and regular updates.
