When you set up your WordPress website, you decide who else can login and what role they play on the site. Each user – WordPress has five standard roles – is provided certain permissions. In other words, you control what they can and cannot do on the site.
When WordPress is installed, it automatically creates an Administrator role based on the user name from your hosting account. An admin role has complete control over the WordPress dashboard.
It’s important to make sure that the hosting account is in your name – never let it be set up by a contractor, web company or agency. If things go south in that relationship, you could lose access to your own website.
WordPress User Roles
The default user roles in WordPress are set up for different people to complete different tasks. There is one head honcho – (that’s you – the administrator) and other users who can only access what they need to do their job. The five standard roles are:
Each user will see a unique dashboard menu that is specific to their role’s requirements. All users can manage their own profiles but otherwise are limited to the menu items needed for their role.
Here’s a brief overview of permissions for each role, then we’ll explain how to set them up. You should be aware that some popular plugins and themes also have user settings. We’ll talk a little bit about them later in this post, including Yoast SEO and Woo Commerce plugins, and the Divi Theme.
The Site Administrator can perform any task in WordPress. Because you’re the site owner, you have access to the hosting account, but any other administrator you set up would not.
They will not have access to the cPanel or your account info, just the WordPress implementation. If you’re having a web professional help set up your site, they would typically need to be an admin to get the job done.
NOTE: When you set up an another administrator account, you are asked to create a user name for that person. NEVER choose “admin” as a username. That’s the first name hackers will use to try and get into your site.
An Administrator can add users, upload and activate or change themes and choose, activate and deactivate plugins. They create menus, choose your home page and can edit code on php files. They make decisions about how comments will be managed and how your permalinks will look. (A permalink is how a page URL is set up – typically, mywebsite.com/name-of-the-page/.)
Admins typically set up the page designs, style standards and can add images and videos to the site. They add and delete from the media library at will. They can write content for pages and posts – It’s faster just to say they can perform every task that any user can do.
An admin is in a position of extreme trust. A word to the wise – if there is any concern with someone who’s been given admin status on your site – either remove them as a user or switch their role.
If you remember, WordPress started as a blogging platform. The Author role gives a user permission to create and publish their own blog posts. They can’t do anything with pages – just posts.
Authors can upload images for their post too and are able to respond to comments. They cannot edit or revise posts by other authors or contributors. They have no real administrative authority, though they can delete their own posts.
Editors are higher up the food chain than authors. They can create content for posts and pages plus they have the authority to revise or delete pages they did not create. They can remove content from any author and on any page.
Editors can also moderate comments – approve or mark them as spam – they can also delete an author’s response to a comment. This role can set up and manage categories and tags for blog posts.
This role isn’t just for proof-reading – an editor has authority over all the content on the site.
This is a minimized version of the author role. A Contributor can write blog posts and that’s pretty much it. They can’t even add images to the media library and they can’t publish their own posts.
When you first start working with a writer, it’s helpful to give them Contributor status. The Editor or Administrator can review their work before it goes public. Once you’re confident in the relationship, you can upgrade them to the Author role.
This is the default role for new users and only allows the user to create a profile. Subscribers cannot post or revise anything. The one advantage of this role is that subscribers can leave comments without having to log in.
How to Set Up WordPress Users
Only an administrator can set up a new user. About midway down the WordPress dashboard menu is a tab for Users/Add New. When you click it, you will see the screen below.