WordPress, like many other content management systems, groups users according to what permissions they are granted upon account creation. These groups are called “user roles” and are immensely useful to create a secure website. Each user should be only given enough permissions to perform the actions they are allowed to and nothing more.
In this article, we will examine WordPress default user roles and see a few ways on how to add additional user roles with a specific set of permissions each.
Default user roles in WordPress and WooCommerce
WordPress default user roles
By default, WordPress has the following user roles:
- Administrator
The administrator of a site has almost full permissions to perform any action, including actions that could break the site. They can update WordPress core, themes and plugins, delete or install new themes and plugins, create or delete users and more. You should, ideally, use the administrator role only when necessary. The daily tasks of writing and publishing posts should be delegated to a user role with less permissions, even on a single-person site. - Editor
The editor has most permissions related to publishing. They can update, publish, unpublish or delete posts and pages, even those created by other users. - Author
Like the editor, the author has most necessary permissions related to publishing, however, these permissions are limited only to posts that they create. An author cannot publish or edit a page, or modify posts created by other users. - Contributor
The contributor can write and edit posts, but cannot publish them. Contributor’s posts remain as drafts in the dashboard, until an editor or administrator reviews and publishes them. - Subscriber
A subscriber can simply create an account and read posts. In some sites, the user must be at least a subscriber in order to leave a comment. - (for WordPress multisite only): Super Admin
In a multisite, the Super Admin has all the capabilities of the Administrator, while the Administrator has limited abilities in comparison – a simple administrator in a multisite cannot update the core, themes or plugins, or install or delete themes and plugins.
WooCommerce default user roles
WooCommerce, when installed, adds the following user roles:
- Customer
A customer account is similar to the subscriber account, they can view posts and edit their own profile information. They have the additional ability to view their past orders - Shop Manager
A user with the shop manager role is the equivalent to an editor. They can create and edit WooCommerce products, change WooCommerce settings and view reports.
You can find more information about user roles and capabilities in the WordPress and WooCommerce documentation
Why create new user roles
Why would you want to create new user roles? The two most important reasons would be:
- You need to create groups of users with a specific set of capabilities, for example, only users in this group can see some of your posts, or can buy some of your products. If that’s the case, you might also want to check our previous post on membership plugins, if you need a full-fledged solution to convert your site to a membership site.
- You want to add or remove one or two capabilities from a default user role. In this case, using a membership plugin might seem an overkill, so let’s explore some additional options in how to add a new user role.
Getting ready
Before doing any code modifications, it’s always a good idea to take a full backup of our site and make sure that we have FTP access or access to cPanel or Plesk or other control panel with access to a file manager.
If you wonder what is the best way to add code snippets to your site, have a look at our previous article about safely adding PHP code.
Add a new user role
Let’s create a new user role called “Team Member”, that can create, edit or delete their own pages and update WooCommerce products. You can find a full list of possible capabilities in the WordPress documentation.
Here is the snippet we will use:
function tl_my_custom_role() {
$roles_set = get_option( 'my_roles_are_set' );
if( !$roles_set ){
add_role('team_member', 'Team Member', array(
'read' => true,
'delete_posts' => true,
'edit_posts' => true,
'edit_published_posts' => true,
'publish_posts' => true,
'delete_pages' => true,
'edit_pages' => true,
'edit_published_pages' => true,
'publish_pages' => true,
'read' => true,
'upload_files' => true,
'manage_woocommerce' => true
));
update_option('my_roles_are_set',true);
}
}
add_action('after_setup_theme','tl_my_custom_role');
In the add_role function, we can define the slug of the user role (here team_member) and the name used to display this role in the dashboard, that can have capitalization, or spaces (here Team Member). Then we define as true all the capabilities from the WordPress documentation that we want our user to have.
The edit_posts, edit_published_posts and publish_posts allow the user to write, edit and publish their own posts, while edit_pages, edit_published_pages, publish_pages allow them to edit and publish their own pages. The manage_woocommerce option gives them all the capabilities of the WooCommerce “Shop Manager” role.
Now the administrator can select the new user role from the “Role” drop-down at the user’s profile:
Please note here that we just added this user role in the database, by hooking to the add_role function. If we later want to remove this role, removing the snippet won’t do; we need to programmatically delete the role from the database as well. The following snippet will remove the user role:
function tl_remove_my_role() {
remove_role( 'team_member' );
}
add_action( 'init', 'tl_remove_my_role' );
Fine-tune user roles with “User Role Editor
Manually creating, updating and fine-tuning user roles can be tedious, and quite error prone. Fortunately, there is a plugin that allows us to do just that, from the dashboard. Let’s install the User Role Editor plugin.
Upon installing and activating the User Role Editor plugin, a new submenu appears under “Users” on the dashboard.
This makes it much easier to edit capabilities, add or remove user roles, but, again, it pays off to be familiar with WordPress capabilities, as defined in the documentation.
Let’s try to add a new role. As you see in the following screenshot, the popup allows us to type the slug and the display name of the new role, but also to copy all the permissions of one of the existing roles. This gives us a huge headstart, if we want the new role to only differ in a few capabilities of an existing use role.
This plugin can be considered as a graphical user interface to WordPress capabilies management, a bit spartan and requires to know what you are doing, but certainly can make things much easier.
Fine-tune user roles with “Members
Members – Membership & User Role Editor Plugin is another plugin that helps manage user roles. Written by a well acclaimed WordPress developer, Justin Tadlock and acquired by the same team that publishes the Memberpress plugin for membership sites, it is guaranteed to work well with your website.
Its main difference with the previous plugin is that the settings screen seems much more user-friendly. When you select the new “Members” entry on your dashboard and click on “Add new role”, you are presented with the following screen:
The options are neatly arranged in categories, and the options are presented by default with human readable names.
Members, similarly to User Role Editor, gives the option to clone or edit an existing role, and allows to overview all the users in each specific role. Members has some additional features. It allows you to assign a user to more than one role, to apply content permissions (that is to restrict certain posts or pages from being viewed by certain user roles), and also to make the entire site private for all logged-out users.
It’s worth noting that Members comes with quite a few free addons, ready to be activated if you so wish. You will find addons for integration with WooCommerce, with Advanced Custom Fields, as well as addons to accept payment for your restricted content.
Wrapping up
In this article we examined the default user roles provided by WordPress and WooCommerce. The topic of WordPress built-in capabilities (essentially the permissions that each role has) is huge. In this tutorial, we saw how to add or remove a user role with a code snippet, as well as how to manage user roles with plugins such as the User Role Editor plugin or the Members – Membership & User Role Editor Plugin.
We hope this article was useful. Please leave a comment if you have used any of these methods and how they worked for you!
