If you run a website using WordPress as your CMS, you probably know it offers predefined user roles for managing your team’s access.
But did you know you can also create custom user roles and assign specific permissions to each one?
By limiting access to the dashboard and specific admin panel areas, you can ensure that only authorized users have control over critical website functions. This can help prevent accidents or malicious actions that could compromise your entire site.
Creating custom WordPress user roles is a powerful way to maintain internal efficiency and keep your website manageable, even with many users. And to ensure your website is safe from external threats, choosing a reliable WordPress hosting service is always a good idea.
This guide will help explore two ways (manually or using a plugin) to create new user roles in WordPress. Whether you’re a website administrator, manager, or developer, these tips will help you take control of your WordPress site and streamline your user management process.
- Understanding WordPress User Roles
- Default vs Custom User Roles
- How to Create, Edit, or Delete New WordPress Roles (2 Methods)
- Understanding WordPress User Roles in Detail
Supercharge Your WordPress Website with Cloudways Hosting – Starting From $11/Month
Experience Cloudways optimized hosting and get instant speed & performance boosts for your WordPress website.
Understanding WordPress User Roles
If you use WordPress, you’ve probably seen the term “user role” before. But what exactly is a user role, and how does it work?
Put simply, a user role is a collection of capabilities that determine what a user can and can’t do on your website.
Each role has a name that appears in your WordPress Admin Panel and has its own privileges that admins can enable or disable.
WordPress has six primary user roles, each with its own set of capabilities and privileges:
|User Role||Description||Access Level|
|Super Admin||Has access to the entire website, including network administrative features.||Highest level of access. Can perform any action on the website.|
|Administrator||Has all administrative privileges, including the ability to add and manage users, install and activate plugins and themes, and modify site settings.||High level of access. Can manage users, plugins, themes, and site settings.|
|Editor||Can create, edit, and publish their own posts, as well as manage other users’ posts.||Can manage posts of all users. Can publish and edit their own and others’ posts.|
|Author||Can create, edit, and publish their own posts, but not posts from other users.||Can publish and edit their own posts but not those of other users.|
|Contributor||Can create and edit their own posts but cannot publish them. Contributors can, however, submit their posts for review by an editor or administrator.||Can create and edit posts but not publish them. Can submit posts for review.|
|Subscriber||Has the most limited access and can only manage their own profiles and leave comments on posts.||Lowest level of access. Can manage their profile and leave comments on posts.|
Now that we have a basic understanding of all the default WordPress roles, here’s how to assign a role to a user in WordPress:
- Log in to your WordPress Admin Panel.
- Navigate to Users → All Users.
- And you will see the current WordPress roles on your site.
Default vs Custom User Roles
Now, let’s understand the core difference between Default and Custom user roles.
Default User Roles:
Default user roles come pre-defined in WordPress and provide increasing levels of access and capabilities. Each role inherits the permissions of all roles below it, with the Administrator having the highest authority.
Just a refresher, the default roles are mentioned below:
- Administrator (Super Admin for multisite installations)
Custom User Roles:
WordPress allows you to create custom user roles to match your website’s specific needs. With custom user roles, you have the flexibility to define precise sets of permissions and access levels for different user groups.
|Aspect||Default User Roles||Custom User Roles|
|Definition||Pre-defined roles in WordPress||User roles tailored to your needs|
|Number of Roles||5 (6 for multisite installations)||Customizable based on requirements|
|Inheritance of Capabilities||Yes, each role includes lower roles’ capabilities||Customizable capabilities per role|
|Level of Flexibility||Limited, fixed set of permissions||Highly flexible, granular control|
|Use Cases||Good for standard user management||Ideal for custom site structures|
|Examples||Subscriber, Editor, Administrator||Member, Moderator, Contributor|
Compared to Default, Custom user roles offer a more tailored user experience, allowing you to fine-tune access for different user groups based on your website’s unique demands.
How to Create, Edit, or Delete New WordPress Roles (2 Methods)
In this section, we’ll explore two easy methods to create, edit, or delete user roles in WordPress: using a WordPress plugin or taking the manual approach. These methods will help you easily manage user access and permissions on your WordPress site.
1. How to Add, Edit, or Delete WordPress User Roles (Using a Plugin)
If managing WordPress user permissions becomes overwhelming, using a plugin can simplify the process. There are several plugins available that allow you to add, modify, and delete WordPress user roles.
One popular option is the “PublishPress Capabilities” plugin from PublishPress, but I’d recommend trying the “WordPress User Role Editor plugin” plugin, which I’ll cover in this section. This user-friendly plugin offers many features for efficiently managing WordPress user roles.
Follow these pointers to start:
- Install and activate the WordPress User Role Editor plugin from the WordPress repository.
- Once activated, navigate to Users → User Role Editor on the left pane.
- You’ll see a list of WordPress roles on your site. Select the role you want to modify.
- The plugin will show you the existing capabilities assigned to that role.
- In my case, I have chosen the WordPress Editor role and marked where it says Granted Only you can see the existing capabilities assigned to the Editor.
- If you’re unfamiliar with WordPress access levels and capabilities, read the WordPress Codex guide to understand them in detail.
- To rename a capability, check the box next to it.
- The plugin will display it in a human-readable format.
- Go to the respective group on the left pane, e.g., Plugins, to add capabilities to a role.
- Check the capabilities you want to add, such as Install Plugins and Activate Plugins, and update the user by clicking the Update button.
- The Granted Only section will display the updated capabilities assigned to the role.
- To remove capabilities, uncheck the boxes in the respective group.
And that’s how easily you can update the user rights, and this seamlessness makes the User Role Editor plugin one of the best WordPress plugins for user management.
How to Create a New WordPress User Role
The user Role Editor plugin also allows you to create new WordPress Roles besides the Administrator, Author, Editor, etc. Follow the steps below:
- Click on the “Add Role” button on the right menu.
- A popup will appear asking for the Role Name (ID), Display Role Name, and the role to copy from.
- Role Name (ID): A unique ID for each user role.
- Display Role Name: The name of the role that will be displayed.
- Make Copy of: Select the current role that would form the basis of the new role.
- Enter a unique ID for each user role and the role’s name to be displayed.
- Select the current role that will serve as the basis for the new role.
- In my case, after copying the Editor role, I named the new role “Editor Limited Access.” As you can see, the new role inherits all the capabilities of the original Editor role.
- To add/remove capabilities for this new role, modify it just like any other role.
- You can also create new capabilities and assign them to any WordPress user role.
Next, I will demonstrate how to create custom WordPress user roles via code.
Stay Relaxed with Cloudways Managed WordPress Hosting
Experience seamless website management, enhanced security, and top-notch performance with Cloudways Managed WordPress Hosting.
2. How to Create, Edit, or Delete WordPress User Roles (Manually)
Custom WordPress user roles can be created by assigning limited privileges or capabilities to specific user groups, allowing you to remove default user roles and tailor roles to fit your needs.
The CMS provides five functions for managing WordPress roles and capabilities:
- add_role(): For adding a custom role.
- remove_role(): For removing a custom role.
- add_cap(): For adding a custom capability to a role.
- remove_cap(): For removing a custom capability from a role.
- get_role (): Gets information about the role and its capabilities.
How to Remove Default User Roles (Manually)
I will start by removing the existing roles. Remember that WordPress, by default, has the following five roles:
For this tutorial, I will remove all user roles except the Administrator.
- Go to WordPress Admin → Appearance → Theme File Editor
- Use the remove_role() function to remove the roles.
- Copy the following code snippet and paste it at the end of the Theme Functions file:
remove_role( 'subscriber' ); remove_role( 'editor' ); remove_role( 'contributor' ); remove_role( 'author' );
- Click the Update File button.
- To verify that all the mentioned WordPress user roles have been deleted, navigate to Users → All Users.
- You should see that, except for Administrator, all default WordPress roles have been removed.
How to Create New User Roles (Manually)
For this tutorial, I will create three new user roles with the below WordPress user permissions.
- Administrator: Complete administrative access.
- Moderator: Can create, edit, and publish theirs and other WordPress users’ posts.
- Newbie: Can only edit their profile and create new posts.
- Use the native add_role() function with the following syntax to create new roles:
add_role( $role, $display_name, $capabilities );
- $role: A unique name for the role.
- $display_name: The name to be displayed in the WordPress Admin Panel.
- $capabilities: The privileges of the role.
Here is a list of all capabilities.
- Add the code snippet with the required parameters to the end of the Theme Functions file.
- Click the Update File button to save changes.
As the default administrator role was not deleted, all of its capabilities and privileges remain intact.
The Moderator role will have the ability to create, edit, and publish their own posts, as well as the posts of other WordPress users.
- To create this role, copy the following code and paste it at the end of the Theme Functions file:
add_role('moderator', 'Moderator', array( 'read' => true, 'create_posts' => true, 'edit_posts' => true, 'edit_others_posts' => true, 'publish_posts' => true, 'manage_categories' => true, ));
- Click Update File.
Assign the “Moderator” Role to a User
Next, I will assign this role to a user.
- Navigate to WordPress Dashboard → Users → All Users.
- I have assigned the Moderator role to the user “sarim2.”
Upon logging in and accessing the “Dashboard,” sarim2’s WordPress access will be limited based on the capabilities of his new role.
The Newbie role is limited to editing their profile and creating new posts.
- To add this role, copy and paste the following code at the end of the Theme Functions file.
add_role( 'newbie', __( 'Newbie' ), array( 'read' => true, // Allows a user to read 'create_posts' => true, // Allows user to create new posts 'edit_posts' => true, // Allows user to edit their own posts ) );
- After pasting the code, click the Update File button.
Assign “Newbie” Role to a User
For assigning a new role to a user, navigate to WordPress Dashboard → Users → All Users.
- I have assigned the “Newbie” role to the user “sarim3.”
- As shown in the image below, he will have limited privileges upon logging in and accessing the Dashboard.
- Moving forward, I have assigned the “Newbie” role to all visitors who register on my website.
Think Your Hosting Provider Is Charging Extra?
Use the Web Hosting Pricing Calculator to find out what leading hosting providers charge.
Understanding WordPress User Roles in Detail
Let’s check out these roles in more detail.
1. Super Admin
The Super Admin role in WordPress multisite networks has complete administrative authority over the entire network. They can add or delete websites, install themes and plugins, organize content, and manage various settings. Additionally, the Super Admin exercises full control over the network’s users, determining their roles and permissions across all sites.
Just as a Bank Manager has the power to make important decisions that affect all branches under their jurisdiction, a Super Admin can perform critical administrative tasks that impact the entire network.
This includes adding or removing websites (equivalent to opening or closing branches), installing and managing themes or plugins (similar to introducing new services or features), and organizing content and settings across all subsites.
In a standard WordPress website, the administrator role holds the highest level of authority. Administrators can perform various crucial tasks, such as creating new posts, editing any user’s posts, and deleting posts.
Moreover, administrators have the capability to install, modify, and remove plugins and themes, granting them significant control over the website’s functionality and appearance.
Perhaps most importantly, admin users have the privilege to add and remove other users, and they can also update user information, including passwords.
Typically, this role is meant to be assigned to site owners as it gives full control over the WordPress blog. With that said, you must be careful about who you assign the administrator role to in a multi-user WordPress site, as it grants extensive powers that could impact the website’s integrity and security.
This role is a bit restrictive compared to the previous two we looked at. The Editor role in WordPress grants users complete control over the website’s content sections. They can add, edit, publish, and delete any posts, including those authored by others. Editors also have the ability to moderate, edit, and delete comments.
However, they do not have access to site settings, plugin installation, theme customization, or user management. Their authority is focused on managing content-related tasks like posts, pages, and comments.
The Author role in WordPress is more limited than the Editor role. Authors can write, edit, and publish their own posts but do not have the ability to manage other users’ posts, approve or delete comments, or manage pages.
They can choose from existing categories when writing posts and can add tags to their content. Authors can view comments but not moderate, approve, or delete them. This role does not provide access to site settings, plugins, or themes, except for the ability to delete their own published posts.
The Contributor role in WordPress allows users to create, edit, and delete their own content, but they cannot publish or manage their posts after publishing. They have the ability to add new posts and edit their own posts but are restricted from publishing any content. Contributors can select from existing categories and create tags for their posts.
However, the biggest limitation of this role is that contributors cannot upload files, meaning they cannot add images to their posts. While they can view all website comments, they do not have the authority to approve or delete comments.
Additionally, contributors lack access to website settings, plugins, and themes, so they cannot change the site’s configurations.
Subscribers in WordPress have limited access and can only view published posts and comments on the website.
They can manage their own profile section on the dashboard. This user role benefits membership sites, online stores, or any website where users must register and log in to access content and interact with the community.
By understanding the different user roles in WordPress, you can assign appropriate access levels to your team members and maintain the security and functionality of your website.
Creating and managing user roles in WordPress is essential to provide your website with better security, organization, and functionality.
By assigning different types of users with different permissions and capabilities, you can tailor your site’s user experience and ensure that only authorized individuals can access sensitive data or features.
With the flexibility and customization options that WordPress provides, you have the power to create a unique and effective user management system that meets your needs. We hope this article has been helpful to you, and we invite you to share your experience with us by leaving a comment below.
Q: What Are User Roles in WordPress?
User roles in WordPress define different levels of access and permissions for users with login credentials for your website. These roles control users’ actions on your website, such as creating and editing content, managing settings, and moderating comments.
By default, WordPress comes with six pre-defined user roles: Super Admin, Administrator, Editor, Author, Contributor, and Subscriber. Each role has a different set of capabilities and access levels.
Q: How do I manage user roles in WordPress?
You can manage user roles on WordPress by following the steps below:
- Log in to your WordPress dashboard.
- Go to the Users section and click on “All Users.”
- Hover over the user whose role you want to change and click “Edit.”
- Scroll down to the “Role” dropdown menu and select the desired role.
- Click “Update User” to save the changes.
You can also use a plugin like “User Role Editor” to manage user roles more comprehensively, such as adding or removing capabilities from roles or creating custom roles.
Q: How do I Set User Roles in WordPress?
You can set user roles in WordPress in two ways:
During user registration: When creating a new user account, you can set the user’s role by selecting it from the dropdown menu in the user registration form.
After user registration: To change a user’s role after registering, follow the steps outlined in this blog for managing user roles. Additionally, you can use a plugin like “User Role Editor” to create custom roles or modify existing roles to fit your website’s needs better.
Q: What are the different user roles available in WordPress?
WordPress offers various user roles for assigning different permissions to team members. These roles include:
- Super Admin
Each role has specific limitations, which the Super Admin can set. The Super Admin holds complete authority over all operations.
Q: Can I create custom user roles in WordPress?
Yes, you can create custom roles in WordPress to control user access based on your requirements.
Q: How do user roles affect content editing and publishing in WordPress?
User roles determine the permissions for editing and publishing content in WordPress. For example, Super Admin or even Administrators have unrestricted control over the content. Other roles have limitations based on the permissions granted to them.
Q: Are there any plugins or tools available to extend or modify user roles in WordPress?
Yes, several plugins are available to customize and modify user roles in WordPress. Some of them are:
- User Roles Editor
- Advanced Access Manager
- Capability Manager Enhanced
- WPFront User Role Editor
- PublishPress Capabilities
Q: How can I audit user activities and track changes made by different user roles in WordPress?
To audit user activities and track changes, you can install plugins specifically designed for this purpose. Keep in mind that such tracking is typically available to admin roles or users with granted access. Restricted roles may not have access to track changes made by different user roles in WordPress.
Sarim Javaid is a Digital Content Producer at Cloudways. He has a habit of penning down his random thoughts and giving words and meaning to the clutter of ideas colliding inside his mind. His obsession with Google and his curious mind add to his research-based writing. Other than that, he's a music and art admirer and an overly-excited person.