If you are managing a WordPress site that is maintained by a group of people who have access to your site’s data, you may want to consider learning about WordPress user roles and permissions.

However, it is also important to consider file and folder permissions. By setting the correct permissions on your site for all elements, you further increase your security. The last thing you want is someone accidentally accessing a file they aren’t supposed to, changing the setting, and breaking your site, resulting in downtime.

But what about content and the people generating and posting it, the writers—how do you manage and set permissions for that part of the WordPress world?

There are plugins that make this process easier, but let’s first look strictly at what WordPress can do on its own.

WordPress User Roles & Permissions

WordPress comes with its own user role management system, so good news, you do not necessarily have to download a separate plugin to manage and set permissions for your writers—or anyone, for that matter.

The Five WordPress User Roles

    1. Administrator: Top of the WordPress food chain. The administrator can add new posts, edit any posts, and delete posts. It doesn’t matter which user posted the content, the administrator’s power overrides their posting power. Admins can also control plugins and themes and add new users to the website. In other words, the people who will be setting permissions for the rest of the website are the users with administrator status.
    2. Editor: Editors have access to all content on the WordPress site. They can add, edit, delete, and publish posts written by any user. They can also moderate, edit, and delete comments. Editors do not have the power to install plugins, change themes, or modify any site settings. Their power lies strictly in content.
    3. Author: Authors have control over their own content, but may publish their posts without having to go through a higher level. This means that they can add, edit, publish, and delete their own posts, but cannot touch anyone else’s. Authors cannot create categories, but may assign an existing category to their post. They may also view pending comments, but cannot moderate them. Forget about site settings. Authors are only allowed to create their own content.
    4. Contributor: A contributor can write and edit their own posts but cannot publish any post. This means a contributor’s post must be approved and published by someone who has either Editor or Administrator power. They also cannot upload their own images or sound/video files. They can add tags to their posts, but must select from pre-made categories. In terms of the comment section, contributors are simply onlookers. Contributors also do not have access to any site settings.
    5. Subscriber: A subscriber is like a supporter. The only thing they are allowed to do is log in to your WordPress site, update their profile and…that’s about it! From the administration area they cannot even view comments so you won’t have to worry about a subscriber breaking your webpage.

Capability

Administrator

Editor

Author

Contributor

Subscriber

Set Site Settings

Yes

x

x

x

x

Download and Manage Plugins

Yes

x

x

x

x

Set User Roles & Permissions

Yes

x

x

x

x

Write Articles

Self/Other

Self/Other

Self

Self

x

Edit Articles

Self/Other

Self/Other

Self

Self

x

Publish Articles

Self/Other

Self/Other

Self

x

x

Delete Articles

Self/Other

Self/Other

Self

x

x

View Comments

Self/Other

Self/Other

Yes

Yes

x

Moderate Comments

Yes

Yes

x

x

x

Update Profile on WordPress site

Yes

Yes

Yes

Yes

Yes

Setting Permissions for Existing User Roles

Other websites, as you browse the internet for WordPress tutorials, have made good points in their user role tutorials about the Author user role and it would be neglectful of this article to not bring up the same flaw in WordPress’s default permissions.

The Author permissions allow writers at this level to delete their own posts. Now, anyone who has extensive wisdom or experience in workflow knows that writers come and go. Some leave with a smile on their face, and others take the office down with them. In other words, if you lose a writer at the Author level on WordPress, they could end up deleting all of their posts when they leave without consequence to them if you do not have a proper contract set up.

So! Let’s fix that permission, shall we? This is where WordPress will need a little plugin help.

Step One: Download the PublishPress Capabilities plugin. This is free to use.

Step Two: Once the plugin is installed and activated, go to Users > Capabilities. Select the role you wish to modify under “Select Role to View / Edit” in the right hand box. This will bring up a list of their current permissions.

Step Three: Check or uncheck the the permissions you wish to add or remove to the user role. In this case, you would uncheck “delete published” for the Author.

Step Four: Save your changes — done!

The Publish Press plugin also allows you to create custom user roles for other parts of your WordPress site, but in terms of writers, you’ll want to focus mainly on those user roles that generate, edit, and publish content as opposed to moderate comments and work on site settings.

Other Plugins That Manage Writers & Permissions

If you are a major generator of content and your WordPress requires multiple authors, you may need something beefier to set permissions for your writers and other content developers.

PublishPress Revisions

PublishPress Revisions plugin banner

If you are working on a multi-author blog and want to keep, in WordPress terms, all writers somewhere between Contributor and Author level, the PublishPress Revisions plugin could work for you.

Instead of having writers automatically update their post once it is published, you enable a system that allows writers to suggest revisions.

These revisions are approved by administrators only. The plugin also installs a new user role, “Revisor,” to the existing WordPress roles.

WP User Frontend

WP User Frontend banner

WP User Frontend keeps writers on the front-end of your WordPress site. They won’t even be able to take a look at the backend, e.g., site settings, plugins, security features, etc.

WP User Frontend puts everything a writer may need right up front for them, allowing them to edit their profile, upload attachments, featured images, and create, update, edit, and delete posts from the front-end. Administrators can limit any user level’s access to the backend of the site.

User Role Editor

User Role Editor banner

User Role Editor is another plugin that limits what users can and cannot see on the backend of the site. It allows you to edit existing roles by adding or removing user capabilities. You can also create brand new roles. 

Wrapping Up

Whether or not you use WordPress’s built-in management system for writers or an outside plugin, you should always pay attention to the permissions and user roles you give to your writers.

Setting permissions is not that difficult or lengthy of a process and it will keep your website better organized and safer from user error.

What is your goto plugin for changing user permissions? Let us know in the comments below. Write safely, my friends! 

What to hear about our latest deals and new posts? Subscribe below 👍

WP App Store

Posted by WP App Store

WP App Store is the best place for great deals on quality WordPress products.