Website managers can customize user roles in WordPress to enforce five basic permission levels, easily assigned within their default WordPress dashboards. But complex user permission configurations require advanced user role assignments beyond the defaults and require an advanced user role plugin for greatest control and flexibility.
The default permission levels available in WordPress are a good place to start thinking about assignments because user role plugins typically build on these assignments.
How WordPress manages user roles without a plugin
(Default) Basic WordPress user roles
Administrators – The god-like website manager who can control the destiny of everyone and everything within WordPress, different from editors because they can change themes, manage widgets and plugins and determine the roles of other users.
Editors – This is the vice president within WordPress who acts as the mouthpiece and moderator on behalf of the ones in charge. Editors mostly spend their time editing, deleting and approving comments. But they also have access to pages and most of the plugins on the website.
Authors – These are the senators of the website, managing their own interests by publishing their posts as they wish, without review. They can’t add or delete media files, but they can cause a lot of problems by publishing any words and linking to any website they wish.
Contributors – These are the children who must wait for their parents’ approval before leaving the house with their Halloween costumes on. WordPress contributors can write their own posts but can’t publish them until they’re approved by a more powerful user.
Subscribers – Can’t do much more than manage their pictures and profiles associated with the comments made on the website.
How WordPress manages user roles with a plugin
(Advanced) Plugins to change user defaults:
How do you assign administrative control to one plugin but not another? The default won’t cut it for website managers who need to add and customize user roles with granularity.
For instance, many organizations will want to assign a user to manage the website’s event calendar while another is in charge of sending email blasts to users.
There are a number of great (and free!) plugins for website managers to use for customizing user roles on WordPress, but only two that come in with more than 100,000 active installs and more than 4 out of 5 star ratings:
User Role Editor Plugin (Blotter’s Choice!) – Uncheck or check boxes of capabilities to add a selected role or add new roles and customize its capabilities according to what the user needs. This plugin is the most robust and intuitive way to manage user roles beyond their default assignments.
Members Plugin (Blotter’s 2nd Choice!) – Allows you to edit, create, and delete roles, control which users (by role) have access to post content and allows you to use shortcodes to control who has access to content. Many website managers utilize this plugin to create a virtual Intranet, making a website completely private to employees or assigned membership.
More about how to customize user roles …
There’s a number of folks out there complaining that the five user types are not needed and should be simplified. But WordPress approaches their defaults without consideration of user capability plugins that might be layered on top of their content management system. Indeed, there’s efficiency in this simplicity, and website managers should ensure they’ve mastered their understanding for these assignments before installing a third-party plugin which may over complicate the user roles.
A note on security
It is worth mentioning the very real dangers that arise when depending on third-party plugins to manage the security settings of a website, especially when permissions are involved. The integrity of a website is compromised each time a third-party plugin is added, so website managers developing a permissions protocol may consider writing a custom plugin. Also remember to enforce password security for all users assigned on a website. Website management involves multiple layers of security without having to compromise convenience.