How Users and Roles Work in WordPress

WordPress users allow you to give others access to your website to help shoulder some of the content creation burden.

Our journey through the WordPress Administration Screens continues to the Users Screen.

Users in WordPress can take on a great many roles. A user can be the site administrator, an editor, or someone that simply subscribes to the blog. The Users screen is only going to deal with people that have registered for your site.

Exactly what a User is allowed to do on the site is determined by roles and capabilities. By default WordPress comes with several roles with varying capabilities. Ranging from the most capable to the least capable are: Administrator, Editor, Author, Contributor, Subscriber. There’s also a Super Administrator role once you dig into multisite setups, but we won’t get into that today. Let’s break the roles down a bit.

WordPress usersAdministrator

The Administrator role has capabilities to do everything within WordPress. An Admin can edit all posts on a site regardless of the author. They can add and delete plugins, change themes, and manage theme options. Typically it’s good to try to keep only 1 administrator on a site. As there is less chance for someone malicious to gain access.

Editor

Editors can publish and edit posts including those written by other users. They lack the access to edit things like plugins and themes. This is a great role for someone that is only needing to be able to edit posts, but shouldn’t need to change site options.

Author

The Author role can publish and edit their own posts, but not those written by other users. This role is useful if you’re going to have users that can write their own posts and you would also like them to be able to publish the posts on their own.

Contributor

The Contributor role can write posts, but they cannot publish them. When a contributor writes a post instead of “Publish” they’ll see a button to “Submit for Review”. This allows you to give users the ability to create new posts, but to have them only be published by an Administrator or an Editor.

Subscriber

This role only has the ability to manage their profile. They don’t have access to do any editing on the site.

Other Roles

Many plugins include their own roles and capabilities. WooCommerce for example creates a Customer role to store account information for users that make purchases on your site.

You can also create your own roles within WordPress using plugins like User Role Editor, or using the add_role function. Before you dig into that, you’ll want to know a little more about capabilities.

Capabilities

Capabilities are the powers that make up a user role. There are different capabilities for creating posts, editing posts, editing others posts, and much more. This allows you to create unique user roles that provide each role with specific access to the different features of WordPress. You could create a moderator role that only has access to moderate and edit comments. The possibilities are endless.

You can also create custom capabilities. Lots of plugins have their own capabilities as well, or you can make them with the add_cap function. You can then check if the current user can perform that capability in order to return specific functionality to the user on the frontend or backend.

Registering Users

By default WordPress has the setting for anyone to register for the site deactivated. You can turn it on via Settings > General in the Administration Screen by checking the box next to “Anyone can register”. Users are then able to register at yourdomain.com/wp-login.php?action=register. The wp_register function allows you to place a link on the page that returns a “Site Admin” link to logged in users or a “Register” link to non-logged in users.

Again, plugins can also offer their own user registration options. Not beating the WooCommerce horse again, but it provides it own options for registering users as Customers with a custom login and register page.

WordPress register user

User Options

All users will need to provide an email, username, and password. Users also have options for including their website, Twitter, Google+, and Facebook profiles. As well as biographical information.

As far as profile pictures, WordPress makes use of Gravatars to display an avatar when users comment on your site or within their profile. Gravatars are images tied to the user’s email address that can be used across the internet anywhere that Gravatar is used. Since it’s included in WordPress, that’s about 27% of the web at this point.

That’s a brief introduction to users, roles, and capabilities within WordPress. Like many other features of WordPress this is just the tip of the iceberg as far as user management and creation is concerned.