How to Create and Manage WordPress User Roles and Permissions


How to Create and Manage WordPress User Roles and Permissions

Learning to create and manage WordPress user roles and permissions is important when you’re working with multiple people on one website. Familiarizing yourself with the different accesses lets you control what a user can or cannot do on their site.

From Administrator to Subscriber, each role has a set of pre-assigned default tasks which you can customize. This article will go over six default WordPress user permission roles and how to manage them.

What Are WordPress User Roles?

WordPress is a content management system whose roles are a simple concept used to manage what actions (called Capabilities) every user is able to perform through its dashboard. Every role is organized by a webmaster — who is automatically assigned as an administrator when installing WordPress.

There are six default WordPress roles you can give to your users – administrator, editor, author, contributor, subscriber, and super admin.

No matter what kind of website you operate and the hosting services you use, user role management is an absolute must. For example:

  • Secure access – you can easily limit who can and cannot access or perform administration tasks, like installing updates, themes, plugins, or tweaking your site’s PHP code.
  • Controlled workflow – allows users to focus on their personal tasks, and prevent overlapping duties among them.

Pro Tip

Use Hostinger’s WordPress hosting that includes shared access feature to have even more control over your project. It will let you set different access permissions to your WordPress website hosting control panel.

6 WordPress User Permission Roles

Let’s break down these permissions for every user role in more detail:

Permission Administrator Editor Author Contributor Subscriber Super Admin
Posts Full control Full control Add, edit, publish, delete own Add, edit, delete own No control Full control
Pages Full control Full control No control No control No control Full control
Upload files Full control Full control Full control No control No control Full control
Moderate comments Full control Full control No control No control No control Full control
Plugins Full control No control No control No control No control Full control
Themes Full control No control No control No control No control Full control
Users Full control Edit own Edit own Edit own Edit own Full control
Settings Full control No control No control No control No control Full control


Administrators have full control over every aspect of the website. They can add, edit, and delete plugins, as well as shape how the website looks. They also have access to the site’s settings and content management, including posts, pages, and comments.

Additionally, administrators are the only role that can manage other user roles. Thus, if you are an administrator yourself, you can add new users, delete existing ones, or change their WordPress roles.


Editors can manage comments, pages, and posts (including those created by other users). However, they have no access to the settings panel, installing new plugins, customizing the site’s theme, or organizing other users.


Unlike editors, authors’ role is limited to their own content management. That’s why they have no permission to organize other users’ posts, approve and delete comments, nor manage pages. Other than that, they have the same limited WordPress roles and permissions as the editors.


The contributor role in WordPress allows users to add, edit, and delete their own content. Contributors can’t publish, upload media files, and manage their posts once published.


Subscribers only have access to view published posts or comments and manage their profile section on the dashboard.

Super Admin

A super admin role (which only applies to WordPress multisite network) can perform any administration task within the network, such as add or delete websites, install a WordPress theme or plugin, organize content and its settings. They have full control over the network’s users.

Picking the Right WordPress User Role

Before choosing the appropriate role for users, ask yourself about these key points: Will you let users manage your WordPress dashboard? Do you trust them to organize your site’s content? Should you review their posts before publishing? Are they capable enough to edit and publish other users’ posts?

Important! Be cautious when appointing another user as a new administrator. Once assigned, they get full access to your admin panel and they can even edit or delete your account.

Managing WordPress Users

Next, let’s figure out the correct way to add, delete, and customize user roles on your site.

Things to Know Before Setting WordPress User Roles

Here are a couple of key points to grasp before setting up user roles:

  • An administrator can change user roles at any time from the Users menu.
  • Once assigned, your new users will receive an email containing their login credentials.
  • Some user roles might have slight capability differences, especially content creator roles (author and contributor). Understand how each role differs from one another before appointing anyone.
  • Users with No role for this site can only log in to your dashboard but have no permission to access any page.
  • A super admin can perform local administrator’s tasks like updating WordPress itself, managing themes, users, and plugins.

Adding a New User

Follow these steps to create and assign a new WordPress user role:

  1. Log in to your WordPress Dashboard -> Users -> Add New.
  2. Fill out the form with the user’s personal details.
  3. Create a new password by clicking the Show password button. It’s optional since the user can change the password after logging in.
  4. From the drop-down menu, choose the preferred role.
  5. Hit Add New User.
The Add New User page on the WordPress dashboard.

Deleting WordPress User

If you want to delete a user account:

  1. Head to the Users menu on your WordPress dashboard -> All Users.
  2. Click Delete next to the user’s name.
  3. On the WordPress Delete Users page, press Confirm Deletion button. If users had any content on your website, you need to choose whether to delete or attribute their content to another user.
The Delete Users page on the WordPress dashboard, with the Confirm Deletion button highlighted

Alternatively, assign them to No role for this site to keep their posts and accounts on your website. Here are the steps:

  1. Select All Users from the Users menu.
  2. Locate the user’s name -> Edit.
  3. In the Name section, choose No role for this site from the drop-down menu.
  4. Click Update User.
The All Users page on the WordPress dashboard, showing how to set No role for this site

Customizing WordPress User Roles

It’s also possible to alter the roles and capabilities of a default user. In this tutorial, we will use the PublishPress Capabilities plugin. This WordPress user management plugin allows you to edit or delete each role’s tasks, and you can even create a new role name, and its capability.

Let’s learn how to use this plugin:

  1. Install and activate the PublishPress Capabilities from the Plugins menu.
  2. As a precaution, create a backup before editing or deleting anything. Navigate to the Capabilities menu -> Backup.
  3. In the Backup Tool for PublishPress Capabilities section, select Backup -> Manual Backup.
  4. Then, head to the Capabilities section.
  5. At the top left corner of the Role Capabilities page, click the drop-down menu to select the role.
  6. Tweak these settings to your liking -> Save Changes.
The Role Capabilities page on the WordPress dashboard, with the role drop-down menu highlighted


You can easily add and manage your website’s user roles using the default WordPress options. To recap, here are the six predefined WordPress roles and permissions you can organize:

  • Administrator — full access to the admin panel.
  • Editor — has full control of the site’s content section (posts, pages, comments).
  • Author — users have access to their own posts.
  • Contributor — partial access to their own content (unable to publish or manage their posts after they’re published).
  • Subscriber — can only read published posts and comments.
  • Super admin — complete control over the entire site within WordPress multisite network.

Furthermore, you are allowed to customize WordPress roles and capabilities with the help of PublishPress Capabilities — which can be installed and activated from your Plugins menu.

If you have further questions on WordPress role management, reach us in the comments section below.


Jaspreet Singh Ghuman

Jaspreet Singh Ghuman

Passionate Professional Blogger, Freelancer, WordPress Enthusiast, Digital Marketer, Web Developer, Server Operator, Networking Expert. Empowering online presence with diverse skills.

jassweb logo

Jassweb always keeps its services up-to-date with the latest trends in the market, providing its customers all over the world with high-end and easily extensible internet, intranet, and extranet products.


Jassweb, Rai Chak, Punjab, India. 143518
Item added to cart.
0 items - 0.00