We’ve talked about why the default admin account is bad news bears for your WordPress site, but now it’s time to get a tiny bit more nerdy with your site’s user account settings.
Out of the box, WordPress has 5 different user roles that you can assign to new user accounts. These roles control what a user has access to on the dashboard, along with what they can do with your site’s content.
Let’s run through them from the highest level of access down.
Your site can’t function without an administrator account — that’s what admin is short for — so hopefully you have an administrator level account with a username of something other than admin that you don’t share the login details for.
The reason you don’t want you share your administrator details is because this account has access to everything. It can change the theme, content, add/remove users + more.
If you have anyone on your team that also needs admin level access (like the team at tiny blue orange often does), you’re doing your site security a favor by creating a whole new administrator account for them.
This level is the only user role that has access to the Appearance, Plugins + Users areas of your dashboard. Which means that any other administrator could alter your theme, remove or add plugins + manage your site’s users.
If your team is in place to help with content editing or creation, this user role is likely the best one for them to have. WordPress editors have access to all pages + posts, regardless of who created the content.
That means if I wrote a blog post, anyone with editor access could view it, make changes to the content (i.e. fix my mistakes) + then publish it. They also have access to the media library, categories + tags.
Since this role does not have access to your theme, this keeps your content editors away from making any accidental or purposeful changes to your site’s theme. They also can’t add or remove any users (including your own account), they can only update their own profile.
Maybe you have a team member that helps with content, but only blog content + not any pages. The author level would be great for them because it removes the page access that editors have.
The only catch is that authors can only add + edit their own posts. So if you create the post first, this user role would not be able to work with that content in the dashboard. But if you have a VA that adds in blog posts from a Google Doc, this is a great role to use.
The author role can publish their own blog posts too, which means once they are done adding a new post, they have the ability to make it live on your site as well.
If you’d rather review content before it goes live, the next role down is the right one to use. The contributor role can add new posts + edit them, but they cannot publish them.
The only downside with this role for content addition is that they cannot upload media files to the library. If that’s an important step in your process, using the author role may be better. Or you could add the content to the library for the contributor to pick from.
This last role is pretty worthless when it comes to the dashboard. the only menu item they have access to is their profile tab.
Where this role comes in handy is if you have a site that requires users to be logged in to view any content, like a membership site. Otherwise this role isn’t going to help many members of your team, unless they need to test what other subscribers see.
You can edit any user role from your administrator level account.
- Log in + head to Users > All Users to view a list of the accounts that exist on your site
- Click on the username that you want to edit
- Scroll to the Role label on the page
- Pick their role from the drop-down menu of the 5 user roles — plus any others that may be added by plugins
- Save your changes
That’s it! You’ve set them up to see the content they need access to in order to do their job. But kept them out of areas of your site that they don’t need to see or change.