Understanding WordPress: Roles

Have a WordPress site? Good for you!

Is it only you, or do you have others on your site helping as well?
If it’s only you, or you started the site yourself – is your username “admin”?
Lucky guess on my part (not). 😉
Now all I need to hack your site would be to guess your password over at http://yoursite.com/wp-admin (that’s probably where your login is located too). Scary, eh? Truth is that those are just typical WordPress functions and locations. There’s are ways to move them or rename them but that’s another post.

Here’s the thing

You can create different users roles (even for yourself). Each level dictates what that person can see or do.

Real Life Scenario: Just days ago, I just completed rebuilding the REBarCamp Website from the ground up. The site isn’t my site or my voice, it’s the voice of the community. I started manually adding new voices. I have a few “admins” and I’ve started adding “editors”, we’ll have quite a few of them when we’re done. Once we get going, we’ll add “authors” and “contributors”.

For most sites there are 5 different levels of roles starting with Admin. These levels are set by the Admin. From the WordPress Codex, here’s a breakdown of each.

Summary of Roles

Administrator – Somebody who has access to all the administration features

Editor – Somebody who can publish and manage posts and pages as well as manage other users’ posts, etc.

Author – Somebody who can publish and manage their own posts

Contributor – Somebody who can write and manage their posts but not publish them

Subscriber – Somebody who can only manage their profile

Note: There’s a higher level called Super Admins but they are only on Multisites or WPMU (chances are your site is NOT one)

You’ll see in my graphic I have two admins. There’s a reason for that. What would happen if I had an accident? Or what if there was a database error and my login was deleted? There wouldn’t be another way in to the dashboard.

You’ll also see that I’ve added 20 Editors. The reason? These people can edit any other page or post. That’s important for Pages like a FAQ.

Where would I use an Author? If I had someone I fully trusted to write posts without my having to worry about them. When they push the PUBLISH button, that post is LIVE on the site. Hence the full trust part.

A Contributor is like an Author except I want the ability to proofread, check links, and choose the time and date when the post will publish. When someone wants to guest post here, I make them a Contributor first. Later I may move them up to Author or even Editor. There’s only a few people I’ve made Admins – they are truly special.

As for the lowly subscriber, it’s used primarily when you require someone to have a profile on the site before leaving a comment. With all the great comment management systems out there, that seems like a great way to kill comments on your site. 🙁

How to Stop Brute Force Attacks on WordPress(bloggingot.com)
In-Depth WordPress Security(resources.infosecinstitute.com)
5 Ways To Limit Login Attempts in WordPress(wpjedi.com)

About
Latest Posts

Connected?

Mike Mueller

A former professional hand model, Mike now builds Custom WordPress Blogs that rock!

He's an avid hockey fan, rides a mountain bike, a few motorcycles (he had a really fast one,bought a cool orange one, and still rides a really slow one), he loves strong beer and good red wine.