Who can do what on your website, and how to give every team member exactly the right level of access.
Every person who can log in to your WordPress website has a role. A role decides what that person is allowed to see and do, from writing a single draft to deleting the whole site.
Understanding roles keeps your website safe, prevents accidents, and makes teamwork smooth. This guide explains each role in plain English, shows what each one can and cannot do, and helps you pick the right role for every person you add.
What Is a User Role? #
A user role is a label attached to each login account that controls that person’s permissions. Permissions are simply the list of actions a person is allowed to take, such as publishing a post or installing a plugin.
Think of your website like an office building. A visitor can stand in the lobby, a staff member can enter the work floor, a manager can open the supply room, and the owner holds the master key to every door. Roles work the same way: each one unlocks a different set of doors.
A person has exactly one role on your site at a time. If someone needs to do more, you raise their role. If they need to do less, you lower it.
Why User Roles Matter #
Giving everyone the same high level of access may feel simpler, but it creates real risks. Roles solve three problems at once.
Security #
The fewer people who hold full access, the smaller the chance of a serious mistake or a hacked account causing damage. If a low-level account is ever compromised, the attacker can only do what that role allows.
Preventing Accidents #
A new team member cannot accidentally delete a plugin or change a critical setting if their role does not include that power. Roles act like guardrails.
Clear Responsibilities #
Roles make it obvious who does what. Writers write, editors review, and the owner handles the technical settings. Everyone stays in their lane.
The Standard WordPress Roles #
WordPress ships with five built-in roles. They are listed below from the most powerful to the least.
Administrator #
The Administrator has complete control over the website. This is the most powerful role, and it should be given to as few people as possible.
What an Administrator Can Do #
An Administrator can do everything on the site. It helps to see that power in three groups.
Content and Design #
Administrators can create, edit, publish, and delete any content, and they can change the site’s theme and overall design.
Plugins and Themes #
Administrators can install, update, activate, and delete plugins and themes, which directly affects how the whole site behaves.
Users and Settings #
Administrators can add or remove users, change anyone’s role, and edit every setting, including ones that can take the site offline.
Give the Administrator role only to yourself and people you fully trust with the entire website. Most team members never need it.
Editor #
An Editor manages content but cannot touch the site’s technical settings. Editors can create, edit, publish, and delete any post or page, including content written by other people. They also manage comments. Editors cannot install plugins, change themes, or manage users. This role suits a content manager who oversees a team of writers.
Author #
An Author can write, edit, publish, and delete their own posts, and upload images for them. Authors cannot touch anyone else’s content and cannot manage pages, comments, or settings. This role suits a regular blog contributor you trust to publish without review.
Contributor #
A Contributor can write and edit their own posts but cannot publish them. Their work goes to an Editor or Administrator for review and publishing. Contributors also cannot upload images. This role suits a guest writer or a new team member who is still learning.
Subscriber #
A Subscriber can only manage their own profile and read content. This is the lowest role. It is useful for membership sites or for letting people comment under their own account. A Subscriber cannot write or change any content.
WooCommerce Roles #
When you install WooCommerce to run an online store, it adds two extra roles for shop-related tasks.
Shop Manager #
A Shop Manager can run the store without being a full Administrator. They can manage products, process orders, view store reports, and edit WooCommerce settings. They cannot install plugins or manage non-store settings. This role suits the person who handles your day-to-day sales.
Customer #
A Customer is created automatically when someone buys from or registers on your store. They can view their own orders and manage their account details. They have no access to the dashboard beyond their own profile.
Roles at a Glance #
This table summarizes the main powers of each role so you can compare them quickly.
| Role | Write own posts | Publish posts | Edit others’ content | Manage store | Manage plugins and settings |
|---|---|---|---|---|---|
| Administrator | Yes | Yes | Yes | Yes | Yes |
| Editor | Yes | Yes | Yes | No | No |
| Author | Yes | Yes | No | No | No |
| Contributor | Yes | No | No | No | No |
| Subscriber | No | No | No | No | No |
| Shop Manager | Yes | Yes | Yes | Yes | No |
How to Choose the Right Role #
A good rule is to give the lowest role that still lets the person do their job. Here are common situations.
A Business Partner or Co-Owner #
Give them Administrator only if they truly need full technical control. Otherwise, Editor or Shop Manager is safer.
A Content Writer You Trust #
Author lets them publish their own posts without waiting for review.
A Guest or New Writer #
Contributor lets them draft posts while you keep final say over what goes live.
Someone Who Runs Your Shop #
Shop Manager gives full store control without exposing your plugins and core settings.
How to Change Someone’s Role #
You can update any person’s role in a few clicks, as long as you are an Administrator.
- In the left-hand menu, click Users, then All Users.
- Tick the box next to the person you want to change.
- Open the Change role to dropdown near the top of the list.
- Choose the new role.
- Click Change to save.
The person’s new role appears in the Role column next to their name, and their permissions update the next time they log in.
Frequently Asked Questions #
Can I Create Custom Roles? #
Yes. WordPress allows custom roles, usually through a plugin such as a role editor. This lets you build a role with an exact mix of permissions. For most small sites, the built-in roles are enough.
What Role Should I Give My Web Developer? #
Give a developer the Administrator role only while they are actively working, since installing plugins and editing settings requires it. When the work is finished, you can lower or remove the account.
Can Two People Share One Login? #
It is not recommended. Give each person their own account and role. Separate logins keep your activity log accurate and let you remove one person’s access without disrupting everyone else.