Understanding User Roles in WordPress

Getting the user roles right makes wordpress safer and easierHaving lots of people to help can be a blessing and a curse.

How do you give people access to your website to let them help and contribute, but keep the more sensitive or complex parts of your site out of harms way? The answer is to give each user the correct Role.

User Roles in WordPress

WordPress allows you to assign a role to each user that controls what they can see and do on the website. This ranges from Administrator, who can do anything (and break anything), through to subscriber, who can just read (and can’t break anything). One role is not necessarily ‘better’ than the other, it is more about having the access to do what you need to do, without worrying about things you don’t need to.

The two things that visitors to your site see are Pages and Posts, and these are the things your team of people will want to update. Posts are the Articles that are written and show up under your blog (or whatever you have called it on your site), Pages change a lot less often and represent the rest of the pages on your website

The most common type of activity on a site is to create new articles of content via posts – the user role for this activity is the Author. The Author can create and publish their own posts, including uploading new images and other content for the post, without the assistance of others. An Author can not change the posts of others or edit pages.

Contributor is the role for someone when you want to have an approval process for what they write before it is published. They can write an article / post and use images that are already in your media library but they can not post the article by themselves. They mark it as ready for review and then an Editor or Administrator can publish it on their behalf.

The next most privileged role is the Editor, this person can change pages as well as posts and they can edit posts created by anyone else. If you have someone as a contributor then you would need an editor or administrator to approve and publish their work (there is a ‘Pending Review’ status for posts that assists in this process). Editors can also make changes to Pages on your site – it is not common to change pages and it is often worth protecting these from accidental editing.

You will need at least one Administrator who has the ability to do all functions on the site as well as create other users and set their roles. (multi user sites also have a Super Admin which is like an Administrator but across multiple sites)

Finally there is the Subscriber, this type of user can update their own profile and read posts and pages from the front end of the site. You may use this role for visitors to you site who want to be able to register but it is not necessary and in fact the ability to register yourself is turned off by default.

You can read the specifics of the roles in the WordPress Codex article on Roles and Capabilities

Suggested Roles for your website

It is easy for an administrator to set a user role in WordPressYou can set the role when you create a user or any time afterwards in the Users Menu.

I would suggest that it is much easier to coordinate things like upgrades and major changes if you only have a very small number of Administrators and that they talk regularly. For many sites there will only be one Administrator.

A newspaper only has one Editor per department, you may not need any editors if the Administrator has time to do all the publishing of articles.

Set all of the article writers in your team up as Author so that they can create and post to your blog as needed

If you invite someone else to write directly on your blog, or you have someone very inexperienced and you want to check that their work meets any requirements for your blog then set them up as a Contributor

Here’s to your team running smoothly and your website getting all the benefits of a collaborative team, without any of the issues of management from too many Chiefs and not enough Indians.

you ‘Peoples Geek’