How to Create and Manage Users Roles in WordPress (Step-by-Step Guide)

If you run a website using WordPress as your CMS, you probably know it offers six pre-defined user roles for managing access. But did you know you can also create custom user roles and assign specific permissions to each one?

By limiting access to the dashboard and specific admin panel areas you can ensure that only authorized users have control over critical website functions. This can help prevent accidents or malicious actions that could compromise your entire site.

In this guide, we’ll take a look at different types of user roles in WordPress and cover a few ways to Create, Edit, or Delete new WordPress roles.

Let’s get started…

What Are Default WordPress User Roles and Capabilities?

If you use WordPress, you’ve probably seen the term “user role” before. But what exactly is a user role, and how does it work?

Put simply, a user role is a collection of capabilities that determine what a user can and can’t do on your website. Each role has a name that appears in your WordPress Admin Panel and has its own privileges that admins can enable or disable.

WordPress provides six pre-defined user roles: Super Admin, Administrator, Editor, Author, Contributor, and Subscriber.

Each of these roles has a set of capabilities—such as publishing posts, moderating comments, or managing themes and plugins. While some roles have broad control over the site, others are more restricted.

For example, the Super Admin role has full access to all capabilities, particularly in multisite networks, while a Subscriber is limited to reading content.

If needed, site owners can customize roles further by adding or removing capabilities using functions like add_cap() and remove_cap(). Additionally, developers can introduce new roles or remove existing ones using add_role() and remove_role(), making WordPress user management highly flexible.

Secure Hosting for Multi-User WordPress Sites

Easily manage team roles knowing your hosting is secure, our LAMP+NGINX stack handles permissions while you control access.

Start Developer-Free Trial

Types of Default User Roles in WordPress

	User Role	Description	Access Level
1	Super Admin	Has access to the entire website, including network administrative features.	Highest level of access. Can perform any action on the website.
2	Administrator	Has all administrative privileges, including the ability to add and manage users, install and activate plugins and themes, and modify site settings.	High level of access. Can manage users, plugins, themes, and site settings.
3	Editor	Can create, edit, and publish their own posts, as well as manage other users’ posts.	Can manage posts of all users. Can publish and edit their own and others’ posts.
4	Author	Can create, edit, and publish their own posts, but not posts from other users.	Can publish and edit their own posts but not those of other users.
5	Contributor	Can create and edit their own posts but cannot publish them. Contributors can, however, submit their posts for review by an editor or administrator.	Can create and edit posts but not publish them. Can submit posts for review.
6	Subscriber	Has the most limited access and can only manage their own profiles and leave comments on posts.	The lowest level of access. Can manage their profile and leave comments on posts.

Additional User Roles Created by Plugins

While WordPress comes with default user roles, many plugins introduce their own roles to help manage specific functionalities.

Here are a few examples:

WooCommerce (For Adding eCommerce Functionality)

Customer – Automatically assigned to users who create an account on your store. Customers can update their account details, track orders, and manage their billing information but don’t have backend access.

Shop Manager – Designed for store administrators who need to manage products, orders, and reports without full admin privileges. Shop managers can edit WooCommerce settings but can’t modify core site configurations.

MemberPress (For Managing Membership Sites)

Member – Assigned to users who purchase a membership. Their access depends on the plan they choose, controlling which content they can view.

Membership Manager – A role that allows users to create and manage membership tiers, handle subscriptions, and oversee transactions—without interfering with the website’s core settings.

Tutor LMS (For Online Course Management)

Instructor – Enables users to create, edit, and manage their own courses, lessons, and quizzes while keeping administrative controls separate.

Student – Assigned to users who enroll in courses, allowing them to access lessons, submit assignments, and track their progress.

Rank Math SEO (For Search Engine Optimization)

SEO Editor – Grants users access to optimize content by managing SEO metadata, focus keywords, and schema markup, while restricting global SEO settings.

SEO Manager – A step above the SEO Editor, this role allows full control over all SEO settings, including sitemaps, redirects, and analytics integration.

AffiliateWP (For Managing an Affiliate Program)

Affiliate – Assigned to users who sign up as affiliates, giving them access to a dedicated dashboard where they can track their referrals, commissions, and payouts.

Affiliate Manager – Allows users to approve or reject affiliates, adjust commission structures, and monitor affiliate performance reports.

Note: If you’re using any of these plugins, make sure to assign roles carefully.

How to Assign/Change User Roles in WordPress?

Now that we have a basic understanding of all the default WordPress roles and additional roles introduced by plugins, here’s how to assign/change a role to a user in WordPress:

To assign a new user role:

• Log in to your WordPress Admin Panel.
• Navigate to Users → Add New Users.
• Enter the user’s details in the required fields.
• (Optional) Set a password for the user, or let them create one later.
• Choose the appropriate role from the drop-down menu.

• Click Add New User to complete the process.

To change an existing user role:

• Navigate to Users → All Users.
• Here you will see all the users on your site and their roles.

• Hover over the user profile whose role you want to change and click Edit.

• In the Name section, locate the Role option.

• Select the new role from the drop-down menu.

• Click Update User to save the changes.

How to Create, Edit, or Delete WordPress Custom Roles (2 Methods)

In this section, we’ll explore two easy methods to create, edit, or delete user roles in WordPress: using a WordPress plugin or taking the manual approach. These methods will help you easily manage user access and permissions on your WordPress site.

Method#1. Create, Edit, or Delete WordPress User Roles Using a Plugin

If managing WordPress user permissions becomes overwhelming, using a plugin can simplify the process. There are several plugins available that allow you to add, modify, and delete WordPress user roles.

One popular option is the WordPress User Role Editor plugin, which I’ll cover in this section. This user-friendly plugin offers many features for efficiently managing WordPress user roles.

Let’s start with how to modify the capabilities of a user role with this plugin.

How to Edit an Existing WordPress User Role Using a Plugin?

• Install and activate the WordPress User Role Editor plugin from the WordPress repository.

• Once activated, navigate to Users → User Role Editor on the left pane.

• You’ll see a list of WordPress roles on your site. Select the role you want to modify from the drop-down list.

• The plugin will show you the existing capabilities assigned to that role. For example, if you choose the WordPress Editor role and filter by Granted Only, you’ll see a list of all capabilities currently assigned to Editors.

• If you look at the screenshot above, the capabilities being displayed don’t make much sense. If you’re unfamiliar with WordPress access levels and capabilities, read the WordPress Codex guide to understand them in detail.
• Or…you can click on the “Show capabilities in human readable form” option, and the plugin will display them in a human-readable format.

• To add capabilities to a role, go to the respective group on the left pane, e.g., Plugins. For this example, I’ll update the capabilities of the Subscriber user role.
• Check the capabilities you want to add, such as Install Plugins and Activate Plugins, and update the user by clicking the Update button.

• Now, the Granted Only section will display the updated capabilities assigned to the role.

• To remove capabilities, uncheck the boxes in the respective group.

And that’s how you can easily update the capabilities assigned to a user role using the plugin.

Client Role Management Made Simple

Safely grant client access while maintaining full control, our managed hosting keeps sites secure at every permission level.

Try Agency Hosting

How to Create a New WordPress User Role Using a Plugin?

The user Role Editor plugin also allows you to create new WordPress Roles besides the Administrator, Author, Editor, etc. Follow the steps below:

• Click on the “Add Role” button on the right menu.

• A popup will appear asking for the Role Name (ID), Display Role Name, and the role to copy from.

• • Role Name (ID): A unique ID for each user role.
  • Display Role Name: The name of the role that will be displayed.
  • Make Copy of: Select the current role that would form the basis of the new role.

• Enter a unique ID for each user role and the role’s name to be displayed.
• Select the current role that will serve as the basis for the new role.

• In my case, after copying the Editor role, I named the new role “Cloudways Webmaster“. As you can see, the new role inherits all the capabilities of the original Editor role.

• To add/remove capabilities for this new role, modify it just like we did earlier.

How to Delete an Existing WordPress User Role Using a Plugin?

• To delete an existing role, click on the “Delete Role” option.

• For this example, I’ll delete the new role we created earlier.
• Select the role you want to delete from the drop-down menu and click Delete Role.

• Confirm that you want to delete the role, and you’ll be all done.

So far, we’ve covered how to modify existing user roles by adding or removing capabilities, creating new roles, and even deleting them. Next, I’ll walk you through how to create custom WordPress user roles using code.

Method#2. Create, Edit, or Delete WordPress User Roles Manually

Manually managing WordPress user roles gives you full control over permissions, allowing you to create custom roles, modify existing ones, or remove default roles based on your site’s needs. Below, I’ll guide you through the process step by step.

The CMS provides five functions for managing WordPress roles and capabilities:

• add_role(): For adding a custom role.
• remove_role(): For removing a custom role.
• add_cap(): For adding a custom capability to a role.
• remove_cap(): For removing a custom capability from a role.
• get_role (): Gets information about the role and its capabilities.

How to Remove Default User Roles (Manually)

If you want to remove some of the default WordPress roles, you can do so using the remove_role() function. By default, WordPress includes six roles:

• Super Admin
• Administrator
• Editor
• Author
• Contributor
• Subscriber

For this tutorial, I’ll remove all user roles except the Administrator.

• Go to WordPress Admin → Appearance → Theme File Editor.

• Open the functions.php file of your active theme. I’m using Astra.

• Add the following code snippet at the end of the file:

remove_role( 'subscriber' );
remove_role( 'editor' );
remove_role( 'contributor' );
remove_role( 'author' );

• If you can’t find the Theme File Editor for your theme from the WordPress dashboard, you can access the functions.php file using SFTP.

• To verify that all the mentioned WordPress user roles have been deleted, navigate to Users → All Users.
• You should see that, except for Administrator, all default WordPress roles have been removed.

How to Add New User Roles WordPress (Manually)

Now, let’s create a new user role with specific capabilities using the add_role() function. The function follows this structure:

add_role( $role, $display_name, $capabilities );

• $role: A unique identifier for the role.
• $display_name: The name displayed in the WordPress Admin Panel.
• $capabilities: An array of permissions assigned to the role.

Here is a list of all the capabilities.

Suppose we want to create a Moderator role with limited privileges.

Here’s what I’ll do:

• Open the functions.php file of your active theme.

• Add the following code at the end:

add_role('moderator', 'Moderator', array(
'read' => true,
'create_posts' => true,
'edit_posts' => true,
'edit_others_posts' => true,
'publish_posts' => true,
'manage_categories' => true,
));

• This code creates a new Moderator role with permissions to read content, create and edit posts (including those of others), publish posts, and manage categories.
• Click Update File to save the changes.
• Navigate to Users → All Users, and you should see the new Moderator role added. Now, we can assign the newly created Moderator role to a user.

Assign the “Moderator” Role to a User

For this example, let’s assign this Moderator role to a user named Abdul Rehman:

• Go to Users → All Users.
• Check mark the username Abdul Rehman.
• Under Change role to…drop-down list, select Moderator.
• Then click on Change next to it.

• Now, when Abdul Rehman logs in, his access will be limited to the capabilities assigned to the Moderator role.

How to Edit an Existing WordPress User Role (Manually)

If you need to modify an existing user role by adding or removing capabilities, you can use the add_cap() and remove_cap() functions.

Here’s how to do this:

• Open the functions.php file of your active theme. You already know how to do this. 😉
• Use the following code snippet to modify the Editor role by adding the capability to install plugins. Keep in mind the Editor doesn’t currently have access to plugins.

function modify_editor_capabilities() {$role = get_role('editor');
if ($role)
$role->add_cap('install_plugins');
}
}
add_action('init', 'modify_editor_capabilities');;

• After adding the code, click Update File to save changes.

Now when I log in as an Editor, I can see that the Plugins section is now accessible.

Here’s how to remove a capability from a role:

If you want to remove a capability, use remove_cap():

function remove_editor_capability() {
$role = get_role('editor');
if ($role) {
$role->remove_cap('install_plugins');
}
add_action('init', 'remove_editor_capability');

This will revoke the install plugin’s capability from the Editor role.

Understanding WordPress User Roles in Detail

Let’s check out these roles in more detail.

1. Super Admin

The Super Admin role in WordPress multisite networks has complete administrative authority over the entire network. They can add or delete websites, install themes and plugins, organize content, and manage various settings. Additionally, the Super Admin exercises full control over the network’s users, determining their roles and permissions across all sites.

Just as a Bank Manager has the power to make important decisions that affect all branches under their jurisdiction, a Super Admin can perform critical administrative tasks that impact the entire network.

This includes adding or removing websites (equivalent to opening or closing branches), installing and managing themes or plugins (similar to introducing new services or features), and organizing content and settings across all subsites.

2. Administrator

The administrator role holds the highest level of authority in a standard WordPress website. Administrators can perform various crucial tasks, such as creating new posts, editing other users’ posts, and deleting posts.

Moreover, administrators can install, modify, and remove plugins and themes, granting them significant control over the website’s functionality and appearance.

Perhaps most importantly, admin users have the privilege to add and remove other users and update user information, including passwords.

Typically, this role is meant to be assigned to site owners, as it gives full control over the WordPress blog. That said, you must be careful about who you assign the administrator role to in a multi-user WordPress site, as it grants extensive powers that could impact the website’s integrity and security.

3. Editor

This role is a bit restrictive compared to the previous two we looked at. The Editor role in WordPress grants users complete control over the website’s content sections. They can add, edit, publish, and delete any posts, including those authored by others. Editors also have the ability to moderate, edit, and delete comments.

However, they do not have access to site settings, plugin installation, theme customization, or user management. Their authority is focused on managing content-related tasks like posts, pages, and comments.

4. Author

The Author role in WordPress is more limited than the Editor role. Authors can write, edit, and publish their own posts but do not have the ability to manage other users’ posts, approve or delete comments, or manage pages.

When writing posts, authors can choose from existing categories and add tags to their content. Authors can view comments but not moderate, approve, or delete them. This role does not provide access to site settings, plugins, or themes, except for the ability to delete their own published posts.

5. Contributor

The Contributor role in WordPress allows users to create, edit, and delete their own content, but they cannot publish or manage their posts after publishing. They have the ability to add new posts and edit their own posts but are restricted from publishing any content. Contributors can select from existing categories and create tags for their posts.

However, the biggest limitation of this role is that contributors cannot upload files, meaning they cannot add images to their posts. While they can view all website comments, they do not have the authority to approve or delete comments.

Additionally, contributors lack access to website settings, plugins, and themes, so they cannot change the site’s configurations.

6. Subscriber

Subscribers in WordPress have limited access and can only view published posts and comments on the website.

They can manage their own profile section on the dashboard. This user role benefits membership sites, online stores, or any website where users must register and log in to access content and interact with the community.

By understanding the different user roles in WordPress, you can assign appropriate access levels to your team members and maintain your website’s security and functionality.

Grow Your Team Without Slowing Down

Add unlimited users without performance worries, our servers scale automatically with your growing team.

Scale My Hosting

5 Best WordPress User Roles Plugins

1. User Role Editor

First in line is User Role Editor by Vladimir Garagulya, a widely-used plugin with over 700,000 active installations. Impressively, it has earned a stellar 4.6-star rating based on feedback from 283 users.

This plugin makes modifying user roles simple with an easy checkbox system. Users love its intuitive design for adding roles and customizing permissions effortlessly.

It’s worth noting that while this plugin is free, it also offers a premium plan with pricing starting from $29 for the Pro Personal subscription, which includes one year of access to new versions, downloads, and automatic updates for one live copy.

Other subscription plans, including Pro Business and Pro Unlimited, cater to varying needs with lifetime access options. Additionally, all subscription plans come with premium support, and there’s a 30-day money-back guarantee for added assurance.

Pricing:

• Pro Personal – $29 (1 year access, 1 live copy)
• Pro Business – $79 (1 year access, up to 5 copies)
• Pro Unlimited – $159 (1 year access, unlimited copies)
• Pro Personal Lifetime – $87 (Lifetime access, 1 live copy)
• Pro Business Lifetime – $198 (Lifetime access, up to 5 copies)
• Pro Unlimited Lifetime – $318 (Lifetime access, unlimited copies)

Downloads:

• 700,000+

Reviews:

2. PublishPress Capabilities

Next in line is PublishPress Capabilities, a powerful user role editor plugin designed to give you complete control over capabilities and permissions on your WordPress site. With over 100,000 active installations and a solid 4.7-star rating from satisfied users, this plugin offers an easy and efficient way to manage user roles.

This plugin allows you to fine-tune user roles, from Administrators to custom roles, ensuring each role has precise capabilities tailored to your site’s needs. Notably, PublishPress Capabilities simplifies the post editing screen, admin area, and Profile screen, giving you the flexibility to customize what authors see while writing posts.

For those seeking advanced features and faster support, there’s the option to upgrade to PublishPress Capabilities Pro. The Pro version takes it a step further, preventing users from accessing specific admin and frontend menu links.

Pricing:

• One Site – $69.00
• Five Sites – $129.00
• Unlimited Sites – $199.00

Downloads:

• 100,000+

Reviews:

3. Advanced Access Manager

On the 3rd spot is Advanced Access Manager (AAM), a WordPress plugin that empowers you with comprehensive control over your website’s aspects. Boasting over 100,000 active installations and a robust 4.2-star rating, AAM is a reliable solution with well-tested features.

AAM stands out as the only plugin offering absolute freedom to define granular access to every element of your website. It excels in managing access for roles, individual users, and visitors, even allowing configuration of default access for various content types.

AAM’s free version provides essential features such as backend menu management, role and capability control, and secure login options. Premium add-ons unlock even more capabilities, making AAM a versatile solution for user role management, content access, and website security.

Pricing:

• Basic – $99 / year
• Developer – $149 / year

Downloads:

• 100,000+

Reviews:

4. WP User Manager

Securing the 4th spot is WP User Manager, a robust WordPress plugin for creating customizable user profiles and managing community interactions. It simplifies user registration, login, password recovery, and account customization forms.

The premium version adds advanced features like custom fields, WooCommerce integration, enhanced Stripe functionality, user verification, group creation, and more. Free extensions, such as Newsletter and Username Length, offer additional functionalities.

The plugin supports translations and provides support through its forum and premium support platform. With 10,000+ installations, WP User Manager has an impressive 4.8-star rating on WordPress.

Pricing:

• Agency – $599 USD / year (1 year of support and updates for 25 websites)
• Pro – $299 USD / year (1 year of support and updates for 10 websites) – Most Popular
• Plus – $199 USD / year (1 year of support and updates for 5 websites)
• Starter – $149 USD / year

Downloads:

• 10,000+

Reviews:

5. User Registration

Last but not least, the User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin offers a seamless solution for WordPress users seeking robust control over user roles.

This plugin stands out by allowing administrators to effortlessly assign default WordPress user roles, such as Editor, Author, Subscriber, and more, during the registration process. By providing this functionality, administrators gain the power to finely tune access levels across their websites, determining which sections users can access and the actions they can perform.

With features like email notifications, customizable user profile account pages, and advanced spam protection, the plugin provides a comprehensive solution for enhancing user registration and management on WordPress websites.

Pricing:

• ThemeGrill Agency – $299 / year (Save $966, Unlimited License)
• Professional – $399 / year (Save $100, 10 websites, additional features)
• Plus – $199 / year (Save $50, 5 websites, additional features)
• Personal – $79 / year (Save $20)

Downloads:

• 60,000+

Reviews:

Focus on Users, Not Servers

While you perfect user roles, we handle security patches, backups, and performance optimization automatically.

Optimize My Site

Summary

Creating and managing user roles in WordPress is essential to improving your website’s security, organization, and functionality.

By assigning different types of users with different permissions and capabilities, you can tailor your site’s user experience and ensure that only authorized individuals can access sensitive data or features.

I hope this guide on WordPress user roles has been helpful to you. If you have any questions, let me know in the comments.