Many websites start as solo projects. However, at some point, you may want to share your WordPress dashboard with co-workers or even give visitors the option to create their own accounts.
Fortunately, WordPress has a built-in user role management system. Using this feature, you can grant users access to your administrative area without giving them free rein over your entire website.
In this post, we’ll explore the WordPress users and roles system and how it can help protect your website. We’ll then show you how to transform your site into a more collaborative and engaging experience by creating a complete user registration system. Let’s get started!
An Introduction to WordPress Users and Roles
WordPress comes with a built-in user role management system. Whenever a user registers with your site, WordPress assigns them a role that consists of different permissions. This enables you to control precisely what actions users can perform on your website.
By default, WordPress supports five user roles.
The most powerful one is the administrator. Site admins can create and delete posts and edit posts created by other users. They can also install and delete plugins and themes.
Most importantly, administrators can add and delete users and change key information such as their passwords. Typically, this administrative role is reserved for the website’s owner.
Next up is the editor role. Editors can create, edit, publish, and delete all posts, including those created by other users. They can also moderate, edit, and delete comments. Unlike the site admin, editors don’t have access to your site’s settings, so they cannot perform tasks such as installing themes and plugins.
Working our way down the list, authors can write, publish, edit, and delete their own posts. They cannot create categories, but they can choose from existing ones.
Meanwhile, contributors can create and edit their own posts, but they cannot publish them. They can also create tags and choose from existing categories. However, contributors cannot upload any files to WordPress. This can present a problem if they want to add images to their posts.
Finally, WordPress supports the subscriber role. Subscribers can log in to your WordPress site, edit their profile, and change their own passwords. However, they can’t perform any other actions on your website, like writing posts or viewing the comments in your approval queue. This role is most commonly found on sites where visitors can create an account, such as membership sites, e-commerce stores, and educational websites.
Sites hosted on WordPress.com provide two additional roles.
These users can comment on public sites hosted by WordPress.com.
These users can comment on private sites hosted by WordPress.com.
How WordPress Users and Roles Can Benefit Your Site
Understanding this permissions-based system is vital if you want to share your WordPress account with other people. This may include guest bloggers or even external consultants who are performing design, maintenance, or development work on your WordPress website.
Granting a third party access to your dashboard might cause you concern about giving up the keys to your kingdom. However, by limiting these individuals’ actions, you can help protect your site and your data.
These permissions can also be helpful when creating or managing websites for clients. Not everyone is a WordPress expert, so some developers or designers give their clients limited access to their new sites.
Note: We firmly believe that site owners should have admin rights to their own sites. However, it may be a good idea to give the client two user accounts, one with administrator privileges and one with editor privileges. Inform the client that they should use the Editor account for routine day-to-day tasks to avoid making unintended changes to the site. Let them know they have access to an Admin account when those kinds of tasks need to be performed but that they should avoid using it otherwise.
Having site owners use an Editor role can minimize the chances of damaging their own website, for example, by accidentally deleting important data. Although this kind of mistake isn’t your fault, it can still damage the quality of the client experience, which is bad news for your business.
Restricting the client’s permissions can also help them master their new website. WordPress is a user-friendly and intuitive platform. However, it also comes with many settings and options, which can be a little confusing for a newcomer. By streamlining the dashboard, you can ensure a smoother introduction to WordPress and a better client experience.
However, permissions aren’t solely for third parties. Universal admin-style privileges are a considerable security risk and represent an attractive target for hackers. Even if you only share your website with trusted co-workers, we still recommend restricting the actions these people can perform.
Some websites rely on this permissions-based system to deliver their core functionality. For example, if you’re creating a membership site, you might encourage visitors to register as subscribers.
How to Manage Your WordPress Users and Roles
Out of the box, WordPress has everything you need to share your website with other people safely. Alternatively, you might give your audience the ability to register with your site. This can be a great way to engage with your visitors and create a sense of community.
With this in mind, let’s take an in-depth look at the platform’s built-in users and roles system.
How to Allow User Registration
WordPress ships with everything you need to manage user registrations. This feature is disabled by default, but you can activate it using your WordPress administrator account.
To start accepting registrations, navigate to Settings > General in the WordPress dashboard. In the Membership section, select Anyone can register:
You can now select the default user role. This is the role and the capabilities that WordPress will automatically assign to everyone who registers with your website.
The default user role is subscriber, but you can change this to any other role. For example, if you accept guest blogs, then it may make more sense to use Author as the default role:
When you’re ready, click on Save Changes. Your WordPress website is now open for registrations.
How to Create New User Accounts Manually
Instead of opening up registrations to everyone, you may prefer to create user accounts manually via your WordPress dashboard. This is useful if you only want to add a small number of approved users.
This manual approach also makes sense if you need to apply unique settings to each account. For example, you might assign a different role to each person.
Site administrators can create accounts by navigating to Users > Add New. You can then enter all of the information for this particular user:
This includes entering the person’s first and last names and assigning them a password. For extra security, WordPress can generate a long and complex password for you.
WordPress can also notify this user about their new account via email. This can be a quick and easy way to share usernames and passwords with your collaborators.
Finally, open the Role dropdown and assign this person a role. When you’re happy with the information you’ve entered, click on Add New User. You can then repeat the process for every new user account you want to create.
How to Edit Your Existing User Accounts
At some point, you may need to edit an existing user account. For example, you might have to reset their password or assign them a new role.
When you’re editing an account, you’ll have access to options that weren’t available when you created it. This includes adding a biography and uploading a profile picture. These settings can help you make more informative user accounts.
In your administrator account, navigate to Users > All Users. Here, you should see a list of every person who is registered with your WordPress website:
Find the account in question, and hover over this person’s username. When the Edit link appears, give it a click:
You can then make the desired changes to this account. Most of these settings are relatively self-explanatory. However, if you’re changing the user’s password, you’ll need to scroll to the Account Management section:
If you want WordPress to generate a new password automatically, click on the Set New Password button. Alternatively, you can send this person a password reset link via email. They can then choose their own password.
After updating the profile, you’ll need to save your changes. Scroll to the bottom of the page and click on Update User.
How to Accept Profile Pictures
Many websites give users the option to upload an image, which will appear alongside their names. In WordPress, these images are referred to as avatars:
When you attach an avatar to your profile, this graphic will appear every time you submit content to an avatar-enabled site. This includes any comments that you post and any guest posts that you submit to third-party websites.
By enabling avatars, your visitors can put a face to a name. Humans are visual creatures, so an avatar can immediately make your content more engaging.
This human element may also prompt visitors to interact with each other in your comments section. A lively, engaging comments section is powerful social proof that your content is worth reading. If a post generates lots of engagement, people may return to your website to read the latest comments.
Most WordPress themes come with avatar integration. To enable this feature, navigate to Settings > Discussion in the WordPress dashboard. Then, scroll to the Avatars section and select the Show Avatars checkbox:
Next, select the Maximum Rating for the avatars that you’ll allow on your site. The available options are G, PG, R, or X. G is suitable for all audiences, while X is adult-only content. You may also want to set a default avatar for everyone who registers with your site.
After updating these settings, click on Save Changes to enable avatars across your WordPress website.
How to Create a Gravatar
WordPress supports the Globally Recognized Avatar service, which is commonly known as Gravatar. WordPress will attempt to retrieve the Gravatar associated with their email address whenever a user comments or posts something on your site. If WordPress cannot locate a Gravatar, it will display your site’s default avatar instead.
If you want to display an image alongside your own WordPress user profile or author posts, you’ll need to create a Gravatar. To get started, head over to the Gravatar website and sign in using the email address that’s associated with your WordPress account:
You’ll now have the option to upload the image that will serve as your profile picture. Gravatars are used across many different sites, so there’s a chance you may already have an associated image with this email. If that’s the case, you can click on Remove Image and upload your new WordPress avatar.
What If You Need More User Roles or Want To Adjust The Permissions of a Specific Role?
Some site owners require additional roles, or they may wish to add or delete permissions from an existing role.
For example, we mentioned that Contributors cannot publish their own posts or upload media, such as images. Many owners would prefer to allow contributors the ability to upload images but continue to prevent them from publishing their own posts. In such a scenario, the owner would need to either create a new role that allows uploads but restricts publishing or edit the existing role itself.
WordPress does not have this functionality built in, so you’ll need to rely on a plugin (or code) to make this work. We’ll demonstrate how to use a popular plugin to enable this functionality.
Note: Choose either the Business or eCommerce plans on WordPress.com to gain the ability to install plugins and themes.
User Role Editor
User Role Editor is a popular plugin that allows you to change capabilities (permissions) of any user role or add new roles completely from scratch. Simply check or uncheck boxes next to any capability to enable or disable it on a role. With just a click, you could add media/image upload to the Contributor role. These changes can also be made per user, so if you only want a specific Contributor to have upload privileges, that can be set with the plugin as well.
Opening up your WordPress dashboard to other people may make you nervous, but there’s no need to fret. Fortunately, the platform’s built-in user management system has everything you need to share your admin area safely.
This complete users and roles system is essential if you regularly accept contributions from third parties or work with external professionals such as freelance designers and developers. You might even use this system to accept user registrations if you are running a membership site or e-commerce store.
Let our experts build your custom WordPress.com website.
Whether you need a landing page or a full ecommerce site, an online learning academy or an interactive informational site for your business, we can build it for you.Apply now