How to add and edit WordPress user roles to access private posts, products & categories

WordPress user role editor plugin

Want to know how to add and edit WordPress user roles? Keep reading to discover how to use a WordPress user role editor and restrict access to different parts of your website based on user role.

WordPress comes with a range of user roles that give you control over who can access your website. These are normally used to control who can access different parts of the WordPress admin dashboard. However, it's also possible to control access to the front end of your website based on user role.

In this complete guide to editing WordPress user roles, you'll learn:

  • Which default user roles are built into WordPress and what they can do.
  • How to set up a user role editor plugin to edit WordPress user roles and add your own custom roles.
  • How to use the Password Protected Categories plugin to restrict access to sections of your public-facing website based on user role. This is especially useful if you’re thinking about running a private site or a membership site.

What are the different user roles available in WordPress?

To start, let's answer the question: what are WordPress user roles?

User roles in WordPress are designed to give site owners the ability to control what users can and cannot do within their website. They let the site owner manage the user’s access to different tasks including writing and editing posts, creating pages, creating categories, moderating comments, adding widgets, managing plugins, managing themes, and managing other users.

All of this works by assigning a specific role to each of user account. For instance, you can give someone an Editor user role on your website so that they can create and and edit blog posts only.

WordPress, by default, offers six predefined users roles. Each user role can perform a specific set of tasks on your website. Let’s quickly take a look at each user role available in WordPress itself. After that, I'll tell you how to edit WordPress user roles, create additional user roles, and use them to control who can access the front end of your website.

Super Admin

In WordPress multisites, Super Admin user roles have all capabilities such as creating, adding, and deleting sites and networks. A superadmin also can add and manage users, plugins, themes, and customize the website in any way they want to. They have full administrative access to every site within the multisite, plus the network itself.

This is the highest level of authority on a WordPress website and WordPress multisite. It’s usually the default user role for the creator or site owner themselves, although you can add extra superadmins too.

Administrator

Administrator is the highest ranking user role on WordPress sites that are not multisites.

Admins have the ability to add, edit, and delete plugins, pages, posts, published posts, themes, categories, taxonomies, links, and tags. People with the Administrator user roles can also moderate comments, export and import files, create and access private posts and customize the layout of pages by adding blocks. In addition to this, they can view the entire admin menu from the WordPress back-end.

Administrator user role
The WordPress dashboard while logged in as an Administrator user role

This is the next level of authority from Super Admin and is usually shared by key role players in a website. For instance, people needing to manage plugins and settings would ideally have admin access, whereas people editing content would have lower user roles.

People often refer to the Administrator role as 'Admin'. For example, you might say "A WordPress site should have as few admins as possible for security reasons".

Editor

The Editor user role in WordPress has access to posts, pages, and categories on a website only. They do not have control over plugins and themes, site settings, and users.

Editor role
The WordPress Dashboard viewed from an Editors' perspective. Notice that there are fewer links on the left

Assign the Editor user role to people who need to add and edit content on a WordPress site, but don't need to change the design or settings.

Author

The WordPress Author user role has limited access on a website. This medium-risk user role grants users access to publish new posts. They can also edit and delete their own posts, but can't edit other people's content.

Author role
The WordPress dashboard while logged in as an Author

The Author user role is useful for people who add content to your site (e.g. blog posts) but who you don't want to edit other content too. For example, it's the best option for freelance writers.

Contributor

The Contributor user role on a WordPress website can add new posts and edit their own posts. However, their posts must be approved by a user with a more senior role in order to get published on the front-end. For this reason, they see very few menu items after logging in:

Contributor role

Subscriber

Subscriber user roles have the lowest form of control. That's because they can only log in to the WordPress site, update their user profiles, and change their passwords. They have no access to edit actual website content.

Subscriber role

The subscriber role is often used for WordPress sites where people need to login. For example, this might include e-commerce sites.

Which WordPress user role should I use?

As you can see, WordPress comes with several built-in user roles. When you need to let people edit a WordPress website, don't just give them the Administrator role. That's a bad idea because:

  • Administrators can make absolutely any change to your website, so there's a higher chance of user error. This could have serious consequences if you give an inexperienced team member full Administrator access.
  • Due to their higher privileges, it's far more serious if an Administrator's account gets hacked. If an Admin-level account gets full access to the WordPress Dashboard then very bad things can happen. In contract, if a lower level user account is hacked then there's a lower potential for damage.

Because of this, you should always give people the lowest role that would enable them to do the work they need to do. If they need full access to edit the content on your site, then give them an Editor account rather than Administrator. If you'll be checking their work prior to publication then they only need Contributor.

How to change the role of a user in WordPress

Changing the role of a user in WordPress is easy. It lets you control and restrict user access on your website by assigning the right user roles to the right people.

  1. Click on the Users tab from the WordPress admin panel.
  2. Select the user(s) whose role you want to change.
  3. Use the Change role to… dropdown menu to select a user role.
  4. Click on the Change button to apply the changes.
Change WordPress role

You can also change the user role on the 'Edit User' page.

How to edit user data in WordPress

WordPress also lets you edit and customize the details that are stored for each user on your website, whatever their role:

  • Navigate to Users → All Users in WordPress.
  • Click on the Edit button to navigate to the Edit User page.
  • You can modify and edit the fields here. You can set general information about the user, their contact information, set a new password, or send a reset link, and also edit customer billing address and information.
  • Once you are done making changes, click on the Update User button at the bottom.
Edit user data

How to create and customize user roles in WordPress

Above, I explained what are the default user roles in WordPress and when to use each one. But what happens if none of the default roles meet your needs?

Fortunately, it's possible to create and edit WordPress user roles. You can either create brand new roles with the exact permissions you need, or edit user roles to change the privileges. I'll tell you how to do that next.

First, we'll look at how to use the free User Role Editor plugin to create and edit WordPress user roles. You can use this plugin to customize user roles and choose what level of access they have to edit the WordPress back end. However, this won't let you control which parts of the website each role can access on the WordPress front end - we'll do that with the Password Protected Categories plugin later in this tutorial.

How to edit the privileges for a WordPress user role

  1. Install the User Role Editor plugin on your WordPress site.
  2. Navigate to Settings → User Role Editor.
Change privileges
  1. Make sure the Edit user capabilities checkbox is selected and click on the Save button.
Edit user capabilities
  1. Now navigate to Users → User Role Editor and select the user role you want to change the privileges for.
  2. Select the privileges you want to enable or disable for the selected role. Click the "Show capabilities in human readable form" to make the meaning of each permission easier to understand.
  3. Click on the Update button to save changes.

You can also delete user roles if you’d like.

How to create new user roles in WordPress

Sometimes, it's better to create a brand new WordPress user role instead of editing an existing role. For example, imagine that you want to create a 'VIP Member' role for people who have special access to parts of your website. It makes sense to create a dedicated role instead of editing one of the default roles in WordPress.

  1. Install the User Role Editor plugin on your WordPress site.
  2. Start by navigating to Users → User Role Editor and click on the Add Role button.
WordPress role editor
  1. Give your new user role a unique name and select an existing user role to duplicate. It's easiest to clone an existing user role that has similar privileges to those you want to grant to the new role. You can later make changes to the new role's permissions as needed.
Updated capabilities with WordPress role editor
  1. Once you’ve finished editing the privileges of your new user role, click on the Update button to save changes.
  2. Now you can select the new role when adding new users. Alternatively, you can use the instructions above to move existing users to this role.

How to restrict access to different parts of your website based on user role

The User Role Editor plugin offers a robust solution for creating new user roles and editing permissions that let you control what content users have access to on the back-end of your WordPress site. However, it does not let you control which part of your website is available to each user on the front-end.

For example, while User Role Editor lets you create a "VIP Members" role, you can't use it to restrict which parts of your membership site they can access. That's because the permissions that you can edit with User Role Editor only control access to the WordPress back end.

To get this extra functionality, I recommend using User Role Editor with the Password Protected Categories plugin. This lets you choose which parts of the front end of your WordPress site each user role can access. It lets you create hidden areas within a WordPress site or blog which only specific user roles can access. This is the easiest way to create custom user roles in WordPress and control access to your website front end.

It works by giving user role access to the categories and taxonomies on your site. This includes the categories for pages, posts, and any custom post type. For instance:

  • You can hide access to blog categories that contain premium content meant exclusively for Subscribers. This way, only people with the Subscribers user role will be able to access the exclusive blog posts on your website.
  • It's possible to create a hidden members-only area that only user with the VIP Member role can access.
  • If you're using a WordPress events plugin to let employees book training courses, you can restrict your event categories to your custom 'Employee' role.

Any type of content in WordPress can be structured into categories. This makes Password Protected Categories the perfect solution to edit user role access to each part of your site.

For even more fine-grained control, Password Protected Categories also offers a 'User' feature. This lets you select individual user accounts to give access to, in addition to whole user roles.

Setup instructions

  1. Start off by installing and activating the Password Protected Categories plugin on your WordPress website.
  2. Next, go to the section of the WordPress admin where you add and edit categories for the type of content you want to restrict. For example, if you're giving user role access to a blog category then you'd go to Posts → Categories. (Tip: If you need to restrict access to pages by user role, then you need to set up the ability to create page categories using the free Add Category to Pages or Category Tag Pages plugin.)
  3. When editing or creating the category, find the 'Visibility' section on the left. This is where you control access based on user role.
  4. Next, select each user role you want to grant access to:
Add new category
  1. When you're done, click on the Add New Category button.
  2. Next, it's time to add all your exclusive content to the private category.

Now when people log into an account which has one of the user roles you selected in step 4, they will be able to see the hidden content. Make sure it's easy for them to access by adding a link to the category to your navigation menu. Only logged in users with the correct roles will see these menu links.

If you don't already have a front end login form then I recommend adding one with the free Theme My Login plugin. This makes it easier for your custom or edited roles to log into their account without having to visit the WordPress dashboard. You can also use Theme My Login to redirect each user role to a different page when they login:

Theme My Login settings

It's time to take control of your WordPress user roles 🚀

In this tutorial, you've learned how to:

Using a WordPress role editor plugin like this is a great way to make your website more private. It also lets you create exclusive content and grant access to specific user roles only. This is great for running and managing a membership site.

Password Protected Categories offers a robust solution for restricting access to parts of a WordPress site based on user role. It makes it incredibly easy to edit WordPress user role access to each part of your site 💪

2 Comments

  1. Would like to be able to use this same sort of technique to secure individual files in the 'uploads' folder. Things like PDF document and images that are not tied to one specific page.

Please share your thoughts...

Your email address will not be published. Required fields are marked *