If you are managing a WordPress site that is maintained by a group of people who have access to your site’s data, you may want to consider learning about WordPress user roles and permissions.
However, it is also important to consider file and folder permissions. By setting the correct permissions on your site for all elements, you further increase your security. The last thing you want is someone accidentally accessing a file they aren’t supposed to, changing the setting, and breaking your site, resulting in downtime.
But what about content and the people generating and posting it, the writers—how do you manage and set permissions for that part of the WordPress world?
There are plugins that make this process easier, but let’s first look strictly at what WordPress can do on its own.
WordPress User Roles & Permissions
WordPress comes with its own user role management system, so good news, you do not necessarily have to download a separate plugin to manage and set permissions for your writers—or anyone, for that matter.
The Five WordPress User Roles
-
- Administrator: Top of the WordPress food chain. The administrator can add new posts, edit any posts, and delete posts. It doesn’t matter which user posted the content, the administrator’s power overrides their posting power. Admins can also control plugins and themes and add new users to the website. In other words, the people who will be setting permissions for the rest of the website are the users with administrator status.
- Editor: Editors have access to all content on the WordPress site. They can add, edit, delete, and publish posts written by any user. They can also moderate, edit, and delete comments. Editors do not have the power to install plugins, change themes, or modify any site settings. Their power lies strictly in content.
- Author: Authors have control over their own content, but may publish their posts without having to go through a higher level. This means that they can add, edit, publish, and delete their own posts, but cannot touch anyone else’s. Authors cannot create categories, but may assign an existing category to their post. They may also view pending comments, but cannot moderate them. Forget about site settings. Authors are only allowed to create their own content.
- Contributor: A contributor can write and edit their own posts but cannot publish any post. This means a contributor’s post must be approved and published by someone who has either Editor or Administrator power. They also cannot upload their own images or sound/video files. They can add tags to their posts, but must select from pre-made categories. In terms of the comment section, contributors are simply onlookers. Contributors also do not have access to any site settings.
- Subscriber: A subscriber is like a supporter. The only thing they are allowed to do is log in to your WordPress site, update their profile and…that’s about it! From the administration area they cannot even view comments so you won’t have to worry about a subscriber breaking your webpage.
|
Capability |
Administrator |
Editor |
Author |
Contributor |
Subscriber |
|
Set Site Settings |
Yes |
x |
x |
x |
x |
|
Download and Manage Plugins |
Yes |
x |
x |
x |
x |
|
Set User Roles & Permissions |
Yes |
x |
x |
x |
x |
|
Write Articles |
Self/Other |
Self/Other |
Self |
Self |
x |
|
Edit Articles |
Self/Other |
Self/Other |
Self |
Self |
x |
|
Publish Articles |
Self/Other |
Self/Other |
Self |
x |
x |
|
Delete Articles |
Self/Other |
Self/Other |
Self |
x |
x |
|
View Comments |
Self/Other |
Self/Other |
Yes |
Yes |
x |
|
Moderate Comments |
Yes |
Yes |
x |
x |
x |
|
Update Profile on WordPress site |
Yes |
Yes |
Yes |
Yes |
Yes |
Setting Permissions for Existing User Roles
Other websites, as you browse the internet for WordPress tutorials, have made good points in their user role tutorials about the Author user role and it would be neglectful of this article to not bring up the same flaw in WordPress’s default permissions.
The Author permissions allow writers at this level to delete their own posts. Now, anyone who has extensive wisdom or experience in workflow knows that writers come and go. Some leave with a smile on their face, and others take the office down with them. In other words, if you lose a writer at the Author level on WordPress, they could end up deleting all of their posts when they leave without consequence to them if you do not have a proper contract set up.
So! Let’s fix that permission, shall we? This is where WordPress will need a little plugin help.
Step One: Download the PublishPress Capabilities plugin. This is free to use.
Step Two: Once the plugin is installed and activated, go to Users > Capabilities. Select the role you wish to modify under “Select Role to View / Edit” in the right hand box. This will bring up a list of their current permissions.
Step Three: Check or uncheck the the permissions you wish to add or remove to the user role. In this case, you would uncheck “delete published” for the Author.
Step Four: Save your changes — done!
The Publish Press plugin also allows you to create custom user roles for other parts of your WordPress site, but in terms of writers, you’ll want to focus mainly on those user roles that generate, edit, and publish content as opposed to moderate comments and work on site settings.
Other Plugins That Manage Writers & Permissions
If you are a major generator of content and your WordPress requires multiple authors, you may need something beefier to set permissions for your writers and other content developers.
PublishPress Revisions
If you are working on a multi-author blog and want to keep, in WordPress terms, all writers somewhere between Contributor and Author level, the PublishPress Revisions plugin could work for you.
Instead of having writers automatically update their post once it is published, you enable a system that allows writers to suggest revisions.
These revisions are approved by administrators only. The plugin also installs a new user role, “Revisor,” to the existing WordPress roles.
WP User Manager
WP User Manager is an excellent plugin for building online communities and WordPress membership sites. It gives you the ability to create frontend forms for login and registration and much more. It has support for registering users as different roles and role based permissions for content restriction.
It also features a built in user role and permission editor for easy customization of user roles and the ability to duplicate a role. Learn more about user role and permissions with WP User Manager.
WP User Frontend
WP User Frontend keeps writers on the front-end of your WordPress site. They won’t even be able to take a look at the backend, e.g., site settings, plugins, security features, etc.
WP User Frontend puts everything a writer may need right up front for them, allowing them to edit their profile, upload attachments, featured images, and create, update, edit, and delete posts from the front-end. Administrators can limit any user level’s access to the backend of the site.
User Role Editor
User Role Editor is another plugin that limits what users can and cannot see on the backend of the site. It allows you to edit existing roles by adding or removing user capabilities. You can also create brand new roles.
Wrapping Up
Whether or not you use WordPress’s built-in management system for writers or an outside plugin, you should always pay attention to the permissions and user roles you give to your writers.
Setting permissions is not that difficult or lengthy of a process and it will keep your website better organized and safer from user error.
What is your goto plugin for changing user permissions? Let us know in the comments below. Write safely, my friends!
What to hear about our latest deals and new posts? Subscribe below 👍
