ARCHIVED: Roles and Capabilities in WordPress

This content has been archived, and is no longer maintained by Indiana University. Information here may no longer be accurate, and links may no longer be available or reliable.

In WordPress, Roles are used to define the set of tasks (or Capabilities) an individual user is authorized to perform within the site. Blog administrators assign Roles to users to define the Capabilities each user is allowed to perform. Using Roles, the blog administrator controls which users are allowed to read, edit, publish, or delete posts, and can assign administrative functions, such as managing themes, plug-ins, or users, to an assistant.

WordPress has the following pre-defined Roles:

Role Summary of Capabilities
Super Admin
The Super Admin Role allows you to edit settings across a multi-site network. At IU, this Role is typically reserved for members of Enterprise Web Tech Services.
Administrator
Administrators are allowed to manage all aspects of their own site(s), but are not authorized to manage a network of sites. Administrators can add, edit, and remove users, posts, and pages, and may also manage themes and other options, depending on the level of control set by the Super Admins.
Editor
Editors can edit, publish, and manage their own posts and pages, and publish and manage posts created by others.
Author
Authors can edit and publish their own posts, but cannot act on posts created by others.
Contributor
Contributors write and manage their own posts, but cannot publish them; posts from Contributers must approved and published by either an Editor or Administrator.
Subscriber
Subscribers can read content posted on a private blog, and edit their own profile information on the WordPress site. They cannot add or change any content.

For a complete description of WordPress Roles and the Capabilities associated with them, see Roles and Capabilities in the WordPress Codex.

Note:
For WordPress site owners at Indiana University, UITS recommends assigning Roles that let users perform only those Capabilities they need to do their work. Additionally, as a security measure, Administrators should create separate, less-privileged accounts for their own personal use, and log in with their Administrator accounts only when they need to perform administrative tasks. For more, see Best practices for maintaining a secure WordPress site at IU.

This is document bdbg in the Knowledge Base.
Last modified on 2019-06-18 07:57:39.