In WordPress, what are Roles and Capabilities?

In WordPress, Roles are used to define the set of tasks (or Capabilities) an individual user is authorized to perform within the site. Blog administrators assign Roles to users to define the Capabilities each user is allowed to perform. Using Roles, the blog administrator controls which users are allowed to read, edit, publish, or delete posts, and can assign administrative functions, such as managing themes, plug-ins, or users, to an assistant.

WordPress has the following pre-defined Roles:

Role Summary of Capabilities
Super Admin
The Super Admin Role allows you to edit settings across a multi-site network. At IU, this Role is typically reserved for members of Enterprise Web Tech Services.
Administrators are allowed to manage all aspects of their own site(s), but are not authorized to manage a network of sites. Administrators can add, edit, and remove users, posts, and pages, and may also manage themes and other options, depending on the level of control set by the Super Admins.
Editors can edit, publish, and manage their own posts and pages, and publish and manage posts created by others.
Authors can edit and publish their own posts, but cannot act on posts created by others.
Contributors write and manage their own posts, but cannot publish them; posts from Contributers must approved and published by either an Editor or Administrator.
Subscribers can read content posted on a private blog, and edit their own profile information on the WordPress site. They cannot add or change any content.

For a complete description of WordPress Roles and the Capabilities associated with them, see Roles and Capabilities in the WordPress Codex.

For WordPress site owners at Indiana University, UITS recommends assigning Roles that let users perform only those Capabilities they need to do their work. Additionally, as a security measure, Administrators should create separate, less-privileged accounts for their own personal use, and log in with their Administrator accounts only when they need to perform administrative tasks. For more, see At IU, what are best practices for maintaining a secure WordPress site?

This is document bdbg in the Knowledge Base.
Last modified on 2015-11-24 00:00:00.

  • Fill out this form to submit your issue to the UITS Support Center.
  • Please note that you must be affiliated with Indiana University to receive support.
  • All fields are required.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.

  • Fill out this form to submit your comment to the IU Knowledge Base.
  • If you are affiliated with Indiana University and need help with a computing problem, please use the I need help with a computing problem section above, or contact your campus Support Center.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.