Who has, and needs, the power?
A Guide to WordPress User Roles and the Abilities of Each
WordPress has many different levels of access. Some have great power, and access to everything – some very little.
Being able to designate different access levels to different users allows one to be able to get everything done by a range of users, but with the flexibility to restrict access to certain functionalities to certain people. After all, not everyone needs to be able to do everything. While we may create and set custom user levels if the situation happens to require it the below are the standard permissions levels which cover the needs of users in most cases.
Administrator – Somebody who has access to all the administration features within a site
They can view and edit everything, including the access levels of other users and the plugins in use on a site. This access level is one usually reserved for ourselves in order to ensure we can do any work we may need to go on the site and for site owners. Administrators can do everything they wish with regard to administering a site, so we recommend having a minimal number of Admin users and having extremely secure passwords on these accounts.
Editor – somebody who can publish and manage their own posts and the posts of other users
Editors do not have access to change your site settings. This means that they cannot install plugins and themes, add new users or edit the access levels of other users. They can however publish the posts of other people, administrate the comments left on posts, create post categories and
Author – somebody who can write, edit, publish and delete their own posts, but not those of other users
When writing posts they must choose an existing category when publishing as they cannot create new ones. That said, they can still add tags to their posts to help with SEO. Authors can also view comments, published or not, but they cannot change the status (ie approve or delete) of any comment. As they are a lower access user level that Editor or Admin the only risk of them doing something one might not want them to do is publish or delete an article of their own. This means that they are a fairly low-risk user.
Contributor – somebody who can write and manage their own posts but cannot publish them
They must have their work published by other user with Admin/Editor access levels. This user level can realistically do quite little as their posts must be published by an Admin or Editor and they cannot upload files – which other, higher access levels can. The only real downside to this is that another user must upload an image which they wish to use in their article(s).
Subscriber – somebody who can only manage their profile
Handy for being able to be contacted by the owners/admins of a site, but cannot actively participate as the other users can. It does however have it’s use as a level as it allows you to publish posts on a company site which are only visible to logged in users. An example of this might be details of a staff event. If all staff are members of the site then they can view the page when logged in – but random internet users, non-staff members etc cannot see the page which gives it and the data within privacy.
So before you set a user/staff members access level for your site, stop and think “What access level do they need?”
As a final note, there are many third party plugins that further extend the WordPress permissions capabilities, by creating new roles with atomic control over access, by hiding items from the admin menu. However these should be used with care.