WordPress

What are WordPress User Roles? How to Add Users

著者画像

Tsukasa | IT writer

The page contains ads

WordPressis a website creation tool that is widely used by beginners and advanced users alike, but understanding the "user roles" for user management is the key to running it safely and efficiently.

In this article, we'll take a closer look at what WordPress user roles are, what their roles are, how to add users, and security measures.

What are WordPress User Roles?

WordPress roles are roles that are assigned to each user on your site and control what they can do within your WordPress site (e.g. creating and editing posts, changing site settings, etc.).

The system of user roles allows site owners to fine-tune user access permissions to ensure the safety and efficiency of their site.

By default, WordPress provides the following user roles:

  1. administrator (Administrator): Has administrative privileges for the entire site.
  2. Editor (Editor): Allows you to edit and manage posts and static pages.
  3. Contributor (Author): Can publish and edit their own posts.
  4. Contributor (Contributor): Can create posts but cannot publish them.
  5. Subscribers (Subscriber): Permission to only view the site's content.

This mechanism makes it possible to set different permissions for each user and limit the scope of operations as necessary.

The Need for WordPress User Roles

Correctly understanding and properly configuring user roles is important for running a WordPress site for the following reasons:

1. Enhanced security

Granting incorrect permissions can increase the security risk of your site. For example, if you give administrator privileges to a user who is only supposed to post, they may be able to change site-wide settings. By managing permissions properly, you can avoid unnecessary risks.

2. Improve operational efficiency

By using role groups, you can assign clear roles to each user. For example, you can allow contributors to only create articles, and editors to review and publish them. By dividing up the roles in this way, you can operate efficiently.

3. Preventing erroneous operation

This will prevent beginners and some members from accidentally changing important settings. By assigning appropriate permissions, you can prevent unexpected problems before they occur.

4. Flexible operation possible

In addition to the default user roles, WordPress also allows you to customize them using plugins. For example, you can create a role that allows editing only specific post types, allowing you to set flexible permissions according to your management policy.

Types of WordPress Roles

The following is a summary of the differences in the functions users can perform depending on their roles:

Super Admin

  • Privilege Levels: For WordPress multisite only (※)
  • Application Examples: A site administrator who operates a WordPress multi-network.

*WordPress Multisite is a feature that allows you to manage multiple sites with a single WordPress installation.

Multisite network administrator with full control over multiple WordPress sites.

Administrator

  • Privilege Levels: Top
  • Application Examples: The site owner or person in charge of overall management.

Full WordPress functionality available, but limited to one site only.

Editor

  • Privilege Levels: High
  • Application Examples: The person responsible for managing posted content.
  • Limitations:Operation of plugins and themes and user management are not possible.

All article management is possible, but management functions such as "appearance", "plugins", and "settings" cannot be set.

Author

  • Privilege Levels: Medium
  • Application ExamplesA writer who posts articles regularly.
  • Limitations: No access to site settings or administration. Cannot edit other users' posts.

You can create, edit and publish your own posts and upload files to the media library.

Contributor

  • Privilege Levels:Low
  • Application Examples: Guest writers and outside parties who suggest posts.
  • Limitations: No ability to publish posts (editor or administrator approval required). No access to the media library.

You can create and edit posts, but you cannot publish them, and you cannot see content created by others.

Subscriber

  • Privilege Levels:lowest
  • Application Examples: A viewer of paid membership sites or content available only to registered users.
  • Limitations: No posting or editing permissions.

You can only edit your own profile and view content on the site that requires a login.

How to Set User Roles in WordPress

To set user roles in WordPress, follow the steps below from the admin screen.

  1. Click "Users" > "Add New User"
  2. Enter the name (nickname is acceptable) and email address of the user to whom you want to add permissions.

WordPressのユーザー権限設定1

Click "Generate Password" and copy the password. A complex and strong password will be generated.

WordPressのユーザー権限設定2

  1. Select Permissions and choose the desired role.
  2. Click "Add new user" and you're done.

WordPressのユーザー権限設定3

WordPress User Role Security

In order to operate a WordPress site safely, it is important to properly manage user roles. Below, we will explain in detail security measures using user roles.

Enforce the principle of least privilege

It is fundamental to grant users only the "minimum necessary privileges." Granting unnecessary privileges may lead to operational errors or unintended security risks.

  • Administrative privileges are limited to a small number of trusted users.
  • Authors and contributors are given content creation rights only.
  • Regularly review permissions and delete unnecessary permissions.

Avoid sharing administrative privileges

Avoid sharing administrator privileges among multiple users. If you do so, operation history will not be linked to a specific user, making it impossible to track fraud or mistakes.

  • If necessary, assign other users appropriate permissions, such as "Editor".
  • Even if administrator privileges are required, assign them temporarily and then revert them after the task is completed.

Check user activity

User activity is recorded and verified to ensure that all users are operating appropriately, allowing for early detection of unauthorized use of privileges or operational errors.

  • Activity Log Pluginto record user operation history.
  • If you find any suspicious activity, immediately review the permissions of the relevant user.

Review permissions regularly

Regularly review permission settings in response to changes in management policies and user roles.

  • Delete user accounts that are no longer needed.
  • Promptly revoke the privileges of those who leave the company or who have completed a project.
  • Regularly check who has what permissions and revoke any inappropriate permissions.

Safe management of login information

Part of keeping role security safe is to also properly protect user login information.

  • Set strong passwords and encourage users to change them regularly.
  • Two-step authentication has been implemented to prevent unauthorized logins.
  • Install a plugin such as WP SiteGuard and change the login URL to prevent brute force attacks(*).

*A brute force attack is a method of attempting to illegally log in by trying all possible password combinations.

Disable unnecessary permissions

You can improve security by restricting or disabling certain operation permissions for some users.

  • Restricting posting permissions: Set some contributors to only be able to post in certain categories.
  • Restricting access to the administration screen: Set this to prevent subscribers and general users from accessing the admin screen.

Performing a backup

Be sure to perform regular backups in case any problems occur related to permission settings.

  • Use the automatic backup feature of your rental server
  • Use a reliable backup plugin

Internet environment and devices used

Please also check that you are not using public WiFi internet for anything other than WordPress, and check the security settings of your devices (smartphones, PCs, etc.), browsers, and rental servers.

*The No.1 share rental server"Xserver" has security featuresis available.

summary

Properly understanding and managing WordPress user roles is essential for strengthening security and improving operational efficiency. By utilizing the information introduced in this article, you can clarify the roles of each user and prevent problems before they occur.

In particular, adhering to the principle of least privilege and regularly reviewing it are key to running a website safely and effectively. Take this opportunity to review your WordPress permission settings and build an environment where you can operate with greater peace of mind.

We provide a WordPress homepage renovation service. We can respond by having you set WordPress permissions. For details on the service content and costs, please check the link below.

Learn more about WP renovation costs

Related articles

ホームページ
Are you struggling with an old design or a website that is difficult to use? Our WordPress homepage repair and renovation professionals will provide you with full support! WP homepage revision costs
TOP