Beginner’s Guide to WordPress User Roles & Permissions: How to Control Them?


WordPress is the most popular CMS (Content Management System) and it comes with high-scalable, and user-friendly tools and functionalities which allows users to create professional WordPress websites from scratch with just one click.

Unlike other CMS platforms, WordPress gives users full self-control on their websites and they can develop a stunning website without any restriction. There are many popular websites like New York Times, CNN, and TechCrunch etc. which are using WordPress. Most of them are tech and news sites where hundreds of thousands of writers apply there to be a contributor. It is not easy to maintain and add capabilities individually. If you are running a multi-author blog or a news portal site, then you should know the basics of WordPress user roles, how to add capabilities and how to control them.

WordPress User Roles and Capabilities

Every WordPress website has a User Role Management System which is also known as “WordPress User Roles and Capabilities”. WordPress User Role defines the particular task that a user can perform and cannot perform on a website. Having the knowledge of these user roles are essential in order to enhance the growth of a business. WordPress User Role is centered on two main key concepts which are the user Roles and Capabilities.

In this article, I will share each of WordPress user roles, permissions and also show you how to customize their capability.


Role: This shows the ability of multiple users who have the access to perform the same task on a website.

Capability: It refers to the permission or access to perform a task(s) that is assigned to a particular role.

Out of the box, WordPress comes with 6 different user roles. Each user role has its own roles and permission. For example, an Administrator has the full power of a website and a subscriber has the lowest power in a website. Here’s the list of the default WordPress roles:

  • Super Admin
  • Administrator
  • Editor
  • Author
  • Contributor
  • Subscriber

Now, let’s see what user permissions are granted to these WordPress roles.

1. Super Administrator:

  • Super Admin is one of the WordPress user roles that have the highest level of access and is available only on a multi-site network. It sounds like Administrator but it has more power than the normal Administrator.
  • A Super Administrator can not only change or control a single website but also has the capability to manage who can access to a specific site in a network.
  • This user role works only on a multisite network.

2. Administrator:

  • The Administrator has the most controlling user role. WordPress Users with the administrator role have the permission to add new users to the website, change existing users’ information like their passwords and can also delete any user or other administrators account.
  • They have the power to add new posts, edit any posts written by any other users on the website, and can even delete those posts.
  • They also have the permission to install, edit, and delete plugins and themes.

3. Editor:

  • WordPress Users with an editor role have full control over the content sections of the website.
  • They have the power to add, edit, publish, and delete any posts ones written by other users.
  • An editor has control over the moderation, editing, and deleting of comments also.
  • They do not have the access to change the website settings, add new users, and install plugins or themes.

4. Author:

  • WordPress Users with the role of an author have the access to write, edit, and publish their posts. It is a low-risk WordPress user role on a website with the exception of the access to delete posts written by them, even if they have published it already.
  • Authors do not have the access to create categories when writing their posts but they are allowed to choose from existing categories.
  • They are allowed to add tags to their posts
  • Authors are allowed to view comments even if they are pending review, but they do not have the access to moderate, approve, or delete a comment of any form.
  • They do not have access to settings, plugins, or themes.

5. Contributor:

  • WordPress Users with the role of a Contributor are allowed to add new posts and edit their own posts, but they are not allowed to publish any posts.
  • Contributors are not allowed to create new categories when writing a post but they can choose from the existing categories.
  • They are allowed to add tags to their posts.
  • The contributors are not allowed to upload files that is they cannot add images to their articles.
  • They are allowed to view comments but they are not allowed to approve or delete comments.
  • Also, they do not have access to settings, plugins, or themes.

6. Subscriber:

  • This WordPress user role is very useful especially if there is a need for users to login before they can have access to a post or comment on a post.
  • WordPress Users with the role of a subscriber have the access to log into a WordPress website and update their profiles. 
  • They have the access to update their passwords.
  • They are not allowed to make posts, view comments, or perform any task in WordPress admin area.

Assigning a New WordPress User

If you want to create a new user and assign a particular role to the user, then follow the steps below.

  1. Create a New User

If you disabled user registration on your site, then you can add a new user to your WordPress admin dashboard. But for that, you need to login as an Admin. Then hover to Users and click on Add New.


  1. Fill User Details

Here, you need to fill the user details. Then you need to specify a specific user role for the user. But be careful while assigning any role. For example, I am assigning the user as Contributor. Now click on Add New User to create the user.


After that, provide the login details to the user i.e. username, password. Then when the user will login to your WordPress website, s/he will see a dashboard like this.


As a Contributor, the user has limited capabilities and permissions to your website. So based upon the role, the Contributor can only publish a new post and edit their post.

How to Customize User Roles and Control Them?

As I already mentioned, by default WordPress provides 6 different user roles that fit user’s requirements. If you run a news site or magazine site, you can easily assign user’s roles. When a user first registers on your site, by default the user is assigned as a subscriber. You can promote the user to guest author or senior member.

But, what if you want to change a user’s role or want to create a new user role.

As an editor, they can create a create post, edit post and even they can also delete posts. But sometimes many authors leave and delete their entire written posts on your site. This can be a nightmare to you as a site owner because you once paid them and trusted them, but they can undermine your whole publication work process.

In this case, you can modify user’s role. So, the authors can’t delete a post once the post is published.

First, you need to install and activate Capability Manager Enhanced. Then from your WordPress dashboard, go to Users> Capabilities to customize user roles.


Now, select a user role that you want to view or edit from the right-top corner box. Choose any user role and click on load. For instance, you want to change Author’s capabilities. So you need to load Author and you will see some options have appeared below in this image.

From there, you can add or remove capabilities from that user role. For example, I want to remove “delete published post from author” capability, then I just need to uncheck the capability from options. Then Scroll below and click on save to save the settings.

How to Create New WordPress Custom User Roles?

If you want to create a new user role with a new name, then you can do it by using the Capability Manager Enhanced plugin that I have mentioned before. Upon activating the plugin, go to Users> Capabilities and from there enter a new user role name and click on create.


For example, I want to create a new user role “Moderator” that can manage all blog comments. So I will check the “moderate comments” option from the plugin option and click on save changes.


This way you can create a new user role and assign any particular access to your WordPress site. But be careful to add capabilities to a user.  We recommend you to not make any secondary admin on your site. If you make anyone admin, he will have the power to do anything and even the 2nd admin remove your power. In case this happened, you need to change WordPress salt keys. This way all the users will be automatically logged out from your website and then you can manually remove the user.

Wrapping Up

WordPress is doubtlessly the lion of the CMS forest. The simplicity and power it offers are unbeatable. Further, it comes with highly customizable options so that both newbie and advanced users can customize their site as they want. There are plenty of WordPress themes and plugins available with which you can take your site to the next level. In addition, the user management system and user-friendliness is also a great feature worth flaunting.

I hope, this tutorial helped you to understand the basics of WordPress user roles, permissions and how to control them. If you have any question or suggestion, please leave a comment below.

Author Bio:

jyoti-guest-bloggerJyoti Ray is the founder of WPMyWeb. He writes about Blogging, WordPress tutorials, Hosting, Keyword researching tool, Affiliate marketing etc. He mostly spends times on blogging, reading books and cooking.

(This is a guest post. View guest posting guidelines.) 


ThemeGrill Author

We are a team of SEO copywriters and editors who work both individually and in the team. ThemeGrill author is where one of the editors here is working on one project personally. Write to us @themegrill_blog in Twitter.

Leave a Reply

Your email address will not be published. Required fields are marked *

2 thoughts on “Beginner’s Guide to WordPress User Roles & Permissions: How to Control Them?

  1. Hi Ray,
    Thank You for this.
    Just a quick question though.
    Can we enable Super Administrator in a single site?
    Or it has to be a network of sites to enable Super Admin?

Scroll to top

Pin It on Pinterest