View Categories

Understanding Users, Roles and Permissions in WordPress

ProRedLine
Updated on December 29, 2025

1 min read

AI Doc Summarizer Doc Summary

WordPress allows multiple users to access and manage a website.
Each user is assigned a role, which defines what actions they are allowed to perform.

Correct role management is essential for security and stability.

What a WordPress User Is #

A WordPress user:

  • Has a unique username and password
  • Can log in to the WordPress admin panel
  • Has permissions based on their assigned role

Every person who accesses the admin area should have their own user account.

Why Roles Matter #

Roles control:

  • Who can edit content
  • Who can install plugins or themes
  • Who can change site settings
  • Who can manage other users

Assigning the wrong role can lead to accidental or malicious changes.

Default WordPress User Roles #

WordPress includes several built-in roles.

Administrator #

Administrator:

  • Has full control over the website
  • Can install and remove plugins and themes
  • Can change settings
  • Can manage users

Only trusted users should have this role.

Editor #

Editor:

  • Can create, edit and delete all content
  • Cannot change site settings
  • Cannot install plugins or themes

Suitable for content managers.

Author #

Author:

  • Can create and manage their own posts
  • Cannot edit other users’ content
  • Cannot change site settings

Useful for writers and contributors.

Contributor #

Contributor:

  • Can write posts
  • Cannot publish posts
  • Cannot upload media

Content must be reviewed before publishing.

Subscriber #

Subscriber:

  • Can log in
  • Can manage their own profile
  • Has no content or admin permissions

Often used for membership or restricted content sites.

Common Role Mistakes #

Avoid these mistakes:

  • Giving Administrator access unnecessarily
  • Sharing admin credentials
  • Leaving unused admin accounts active
  • Assigning roles without understanding permissions

Most WordPress security issues start with poor user management.

How to Manage Users #

To manage users:

  1. Log in to WordPress admin
  2. Go to Users
  3. Add, edit or remove users
  4. Assign the correct role
  5. Save changes

Changes take effect immediately.

Best Practices for User Management #

Follow these best practices:

  • Use the least-privileged role required
  • Give each person their own account
  • Remove users who no longer need access
  • Review users regularly
  • Use strong, unique passwords

This reduces security risks significantly.

Admin Account Recommendations #

For security:

  • Limit the number of Administrator accounts
  • Avoid using “admin” as a username
  • Enable additional security measures if available

Admin access should be rare and controlled.

WordPress vs Hosting Access #

Important distinction:

  • WordPress users control the website
  • cPanel users control the hosting account

WordPress access does not grant hosting access, and vice versa.

Responsibility Notice #

You are responsible for:

  • Managing WordPress users
  • Assigning correct roles
  • Removing unused accounts
  • Preventing unauthorized access

ProRedLine does not manage WordPress users.

Still need help after reading this article?

Create a Ticket