How to Create and Manage Users Roles in WordPress (Step-by-Step Guide)

If you run a website using WordPress as your CMS, you probably know it offers predefined user roles for managing your team’s access.

But did you know you can also create custom user roles and assign specific permissions to each one?

By limiting access to the dashboard and specific admin panel areas, you can ensure that only authorized users have control over critical website functions. This can help prevent accidents or malicious actions that could compromise your entire site.

Creating custom WordPress user roles is a powerful way to maintain internal efficiency and keep your website manageable, even with many users. And to ensure your website is safe from external threats, choosing a reliable WordPress hosting service is always a good idea.

This guide will help explore two ways (manually or using a plugin) to create new user roles in WordPress. Whether you’re a website administrator, manager, or developer, these tips will help you take control of your WordPress site and streamline your user management process.

Supercharge Your WordPress Website with Cloudways Hosting – Starting From $11/Month

Experience Cloudways optimized hosting and get instant speed & performance boosts for your WordPress website.

Try Free

Understanding WordPress User Roles

If you use WordPress, you’ve probably seen the term “user role” before. But what exactly is a user role, and how does it work?

Put simply, a user role is a collection of capabilities that determine what a user can and can’t do on your website.

Each role has a name that appears in your WordPress Admin Panel and has its own privileges that admins can enable or disable.

WordPress has six primary user roles, each with its own set of capabilities and privileges:

Now that we have a basic understanding of all the default WordPress roles, here’s how to assign a role to a user in WordPress:

• Log in to your WordPress Admin Panel.
• Navigate to Users → All Users.
• And you will see the current WordPress roles on your site.

Default vs Custom User Roles

Now, let’s understand the core difference between Default and Custom user roles.

Default User Roles:

Default user roles come pre-defined in WordPress and provide increasing levels of access and capabilities. Each role inherits the permissions of all roles below it, with the Administrator having the highest authority.

Just a refresher, the default roles are mentioned below:

• Subscriber
• Contributor
• Author
• Editor
• Administrator (Super Admin for multisite installations)

Custom User Roles:

WordPress allows you to create custom user roles to match your website’s specific needs. With custom user roles, you have the flexibility to define precise sets of permissions and access levels for different user groups.

Comparison:

Compared to Default, Custom user roles offer a more tailored user experience, allowing you to fine-tune access for different user groups based on your website’s unique demands.

How to Create, Edit, or Delete New WordPress Roles (2 Methods)

In this section, we’ll explore two easy methods to create, edit, or delete user roles in WordPress: using a WordPress plugin or taking the manual approach. These methods will help you easily manage user access and permissions on your WordPress site.

1. How to Add, Edit, or Delete WordPress User Roles (Using a Plugin)

If managing WordPress user permissions becomes overwhelming, using a plugin can simplify the process. There are several plugins available that allow you to add, modify, and delete WordPress user roles.

One popular option is the “PublishPress Capabilities” plugin from PublishPress, but I’d recommend trying the “WordPress User Role Editor plugin” plugin, which I’ll cover in this section. This user-friendly plugin offers many features for efficiently managing WordPress user roles.

Follow these pointers to start:

• Install and activate the WordPress User Role Editor plugin from the WordPress repository.
• Once activated, navigate to Users → User Role Editor on the left pane.

• You’ll see a list of WordPress roles on your site. Select the role you want to modify.

• The plugin will show you the existing capabilities assigned to that role.
• In my case, I have chosen the WordPress Editor role and marked where it says Granted Only you can see the existing capabilities assigned to the Editor.

• If you’re unfamiliar with WordPress access levels and capabilities, read the WordPress Codex guide to understand them in detail.
• To rename a capability, check the box next to it.

• The plugin will display it in a human-readable format.

• Go to the respective group on the left pane, e.g., Plugins, to add capabilities to a role.
• Check the capabilities you want to add, such as Install Plugins and Activate Plugins, and update the user by clicking the Update button.

• The Granted Only section will display the updated capabilities assigned to the role.
• To remove capabilities, uncheck the boxes in the respective group.

And that’s how easily you can update the user rights, and this seamlessness makes the User Role Editor plugin one of the best WordPress plugins for user management.

How to Create a New WordPress User Role

The user Role Editor plugin also allows you to create new WordPress Roles besides the Administrator, Author, Editor, etc. Follow the steps below:

• Click on the “Add Role” button on the right menu.
• A popup will appear asking for the Role Name (ID), Display Role Name, and the role to copy from.
  • Role Name (ID): A unique ID for each user role.
  • Display Role Name: The name of the role that will be displayed.
  • Make Copy of: Select the current role that would form the basis of the new role.
• Enter a unique ID for each user role and the role’s name to be displayed.
• Select the current role that will serve as the basis for the new role.

• In my case, after copying the Editor role, I named the new role “Editor Limited Access.” As you can see, the new role inherits all the capabilities of the original Editor role.

• To add/remove capabilities for this new role, modify it just like any other role.
• You can also create new capabilities and assign them to any WordPress user role.

Next, I will demonstrate how to create custom WordPress user roles via code.

Stay Relaxed with Cloudways Managed WordPress Hosting

Experience seamless website management, enhanced security, and top-notch performance with Cloudways Managed WordPress Hosting.

Try Free

2. How to Create, Edit, or Delete WordPress User Roles (Manually)

Custom WordPress user roles can be created by assigning limited privileges or capabilities to specific user groups, allowing you to remove default user roles and tailor roles to fit your needs.

The CMS provides five functions for managing WordPress roles and capabilities:

• add_role(): For adding a custom role.
• remove_role(): For removing a custom role.
• add_cap(): For adding a custom capability to a role.
• remove_cap(): For removing a custom capability from a role.
• get_role (): Gets information about the role and its capabilities.

How to Remove Default User Roles (Manually)

I will start by removing the existing roles. Remember that WordPress, by default, has the following five roles:

1. Subscriber
2. Editor
3. Contributor
4. Author
5. Administrator

For this tutorial, I will remove all user roles except the Administrator.

• Go to WordPress Admin → Appearance → Theme File Editor

• Use the remove_role() function to remove the roles.
• Copy the following code snippet and paste it at the end of the Theme Functions file:

remove_role( 'subscriber' );
remove_role( 'editor' );
remove_role( 'contributor' );
remove_role( 'author' );

• Click the Update File button.

• To verify that all the mentioned WordPress user roles have been deleted, navigate to Users → All Users.
• You should see that, except for Administrator, all default WordPress roles have been removed.

How to Create New User Roles (Manually)

For this tutorial, I will create three new user roles with the below WordPress user permissions.

1. Administrator: Complete administrative access.
2. Moderator: Can create, edit, and publish theirs and other WordPress users’ posts.
3. Newbie: Can only edit their profile and create new posts.

• Use the native add_role() function with the following syntax to create new roles:

add_role( $role, $display_name, $capabilities );

where:

• $role: A unique name for the role.
• $display_name: The name to be displayed in the WordPress Admin Panel.
• $capabilities: The privileges of the role.

Here is a list of all capabilities.

• Add the code snippet with the required parameters to the end of the Theme Functions file.
• Click the Update File button to save changes.

Administrator

As the default administrator role was not deleted, all of its capabilities and privileges remain intact.

Moderator

The Moderator role will have the ability to create, edit, and publish their own posts, as well as the posts of other WordPress users.

• To create this role, copy the following code and paste it at the end of the Theme Functions file:

add_role('moderator', 'Moderator', array(
'read' => true,
'create_posts' => true,
'edit_posts' => true,
'edit_others_posts' => true,
'publish_posts' => true,
'manage_categories' => true,
));

• Click Update File.

Assign the “Moderator” Role to a User

Next, I will assign this role to a user.

• Navigate to WordPress Dashboard → Users → All Users.

• I have assigned the Moderator role to the user “sarim2.”

Upon logging in and accessing the “Dashboard,” sarim2’s WordPress access will be limited based on the capabilities of his new role.

Newbie

The Newbie role is limited to editing their profile and creating new posts.

• To add this role, copy and paste the following code at the end of the Theme Functions file.

add_role( 'newbie', __( 'Newbie' ), array(
'read' => true, // Allows a user to read
'create_posts' => true, // Allows user to create new posts
'edit_posts' => true, // Allows user to edit their own posts
) );

• After pasting the code, click the Update File button.

Assign “Newbie” Role to a User

For assigning a new role to a user, navigate to WordPress Dashboard → Users → All Users.

• I have assigned the “Newbie” role to the user “sarim3.”
• As shown in the image below, he will have limited privileges upon logging in and accessing the Dashboard.

• Moving forward, I have assigned the “Newbie” role to all visitors who register on my website.

Think Your Hosting Provider Is Charging Extra?

Use the Web Hosting Pricing Calculator to find out what leading hosting providers charge.

Calculate Now

Understanding WordPress User Roles in Detail

Let’s check out these roles in more detail.

1. Super Admin

The Super Admin role in WordPress multisite networks has complete administrative authority over the entire network. They can add or delete websites, install themes and plugins, organize content, and manage various settings. Additionally, the Super Admin exercises full control over the network’s users, determining their roles and permissions across all sites.

Just as a Bank Manager has the power to make important decisions that affect all branches under their jurisdiction, a Super Admin can perform critical administrative tasks that impact the entire network.

This includes adding or removing websites (equivalent to opening or closing branches), installing and managing themes or plugins (similar to introducing new services or features), and organizing content and settings across all subsites.

2. Administrator

In a standard WordPress website, the administrator role holds the highest level of authority. Administrators can perform various crucial tasks, such as creating new posts, editing any user’s posts, and deleting posts.

Moreover, administrators have the capability to install, modify, and remove plugins and themes, granting them significant control over the website’s functionality and appearance.

Perhaps most importantly, admin users have the privilege to add and remove other users, and they can also update user information, including passwords.

Typically, this role is meant to be assigned to site owners as it gives full control over the WordPress blog. With that said, you must be careful about who you assign the administrator role to in a multi-user WordPress site, as it grants extensive powers that could impact the website’s integrity and security.

3. Editor

This role is a bit restrictive compared to the previous two we looked at. The Editor role in WordPress grants users complete control over the website’s content sections. They can add, edit, publish, and delete any posts, including those authored by others. Editors also have the ability to moderate, edit, and delete comments.

However, they do not have access to site settings, plugin installation, theme customization, or user management. Their authority is focused on managing content-related tasks like posts, pages, and comments.

4. Author

The Author role in WordPress is more limited than the Editor role. Authors can write, edit, and publish their own posts but do not have the ability to manage other users’ posts, approve or delete comments, or manage pages.

They can choose from existing categories when writing posts and can add tags to their content. Authors can view comments but not moderate, approve, or delete them. This role does not provide access to site settings, plugins, or themes, except for the ability to delete their own published posts.

5. Contributor

The Contributor role in WordPress allows users to create, edit, and delete their own content, but they cannot publish or manage their posts after publishing. They have the ability to add new posts and edit their own posts but are restricted from publishing any content. Contributors can select from existing categories and create tags for their posts.

However, the biggest limitation of this role is that contributors cannot upload files, meaning they cannot add images to their posts. While they can view all website comments, they do not have the authority to approve or delete comments.

Additionally, contributors lack access to website settings, plugins, and themes, so they cannot change the site’s configurations.

6. Subscriber

Subscribers in WordPress have limited access and can only view published posts and comments on the website.

They can manage their own profile section on the dashboard. This user role benefits membership sites, online stores, or any website where users must register and log in to access content and interact with the community.

By understanding the different user roles in WordPress, you can assign appropriate access levels to your team members and maintain the security and functionality of your website.

Summary

Creating and managing user roles in WordPress is essential to provide your website with better security, organization, and functionality.

By assigning different types of users with different permissions and capabilities, you can tailor your site’s user experience and ensure that only authorized individuals can access sensitive data or features.

With the flexibility and customization options that WordPress provides, you have the power to create a unique and effective user management system that meets your needs. We hope this article has been helpful to you, and we invite you to share your experience with us by leaving a comment below.

Frequently Asked Questions