Understanding WordPress user roles and permissions

WordPress uses a role-based system to control what each user can do on your site. This guide explains the five default roles and helps you decide which one to assign.

How roles work

Every WordPress user account has a role. Each role comes with a set of permissions — called capabilities — that determine which actions the user can perform. The roles are arranged in a hierarchy, where each level includes all the permissions of the levels below it.

The five default roles

Administrator

An Administrator has unrestricted access to the entire site. They can:

• Install and remove plugins and themes
• Create and delete user accounts
• Change site settings, including permalinks, reading, and writing options
• Access all content, including private posts
• Export and import site data

Only assign this role to people who genuinely need full control, such as a developer building or maintaining the site.

Editor

An Editor can manage all content on the site, including content created by other users. They can:

• Create, edit, publish, and delete any post or page
• Moderate and manage comments
• Manage categories and tags
• Upload files to the media library

An Editor cannot install plugins, change themes, or manage users. This is the right role for a content manager or marketing lead who needs to oversee all published content.

Author

An Author can manage their own content only. They can:

• Create, edit, publish, and delete their own posts
• Upload files to the media library

An Author cannot edit or delete posts written by other users, and they cannot create pages — only posts. This role works well for a staff member who writes articles or blog posts independently.

Contributor

A Contributor can write but cannot publish. They can:

• Create and edit their own draft posts
• Submit drafts for review

A Contributor cannot publish posts, upload files, or edit published content. An Editor or Administrator must review and publish their work. This is a good role for guest writers or occasional contributors.

Subscriber

A Subscriber has the most limited access. They can:

• Read content on the site
• Manage their own profile (name, password, email)

Subscribers cannot create, edit, or publish any content. This role is mainly used on membership or community sites where users need an account to access certain content.

Choosing the right role for your team

For a typical small business website:

• Staff who manage content (updating pages, writing posts, handling comments) should be Editors.
• Staff who only write blog posts should be Authors.
• Guest writers or external contributors should be Contributors.
• Developers or agencies who need to install plugins or change settings should be Administrators.
• Subscribers are only needed if your site requires user registration.

The general rule is to give each person the minimum level of access they need. This reduces the risk of accidental changes and keeps the Dashboard simpler for everyone.

FAQ

Q: Can I create custom roles with specific permissions?

A: Yes, but not through the default WordPress interface. You need a plugin like User Role Editor or Members to create custom roles. These plugins let you pick exactly which permissions each role has. For most small business sites, the five default roles are sufficient.

Q: What happens if I give someone the wrong role?

A: You can change a user's role at any time. Go to Users in the WordPress Dashboard, click on the user, and select the correct role from the dropdown. The change takes effect immediately — no content is lost or changed when you switch roles.

Q: Does a user's role affect what they see in the Dashboard?

A: Yes. WordPress hides menu items that a user does not have permission to use. An Editor sees Posts, Pages, and Comments, but does not see Plugins, Themes, or Settings. This keeps the Dashboard simple and prevents accidental changes.