One of the standout features of WordPress is its user management system, which is both straightforward and robust. Each user is assigned a specific role that determines their capabilities, allowing for effective access control throughout your website.
However, there are occasions when the default user roles do not offer the flexibility we need. For instance, we have faced scenarios where we wanted authors to have the ability to moderate comments without the permission to publish posts.
If you are experiencing this issue, this article will guide you on how to add or remove capabilities for user roles in WordPress.
Why Should You Add or Remove User Role Capabilities in WordPress?
WordPress features an integrated user management system, complete with pre-defined user roles and permissions.
As an Administrator, you have the ability to execute any action on your WordPress site. This includes adding new users and authors, deleting content, installing themes, and much more.
If you operate a multi-author WordPress blog, you can invite others to join your site and assign them roles such as Editor, Author, or Contributor. This enables them to perform various tasks on your website, while restricting access to administrative functions.
Many WordPress plugins introduce their own user roles with specialized permissions. For instance, eCommerce plugins typically create a ‘Customer’ role, while membership plugins may add a unique ‘Member’ role to your website.
What if you want to modify the user roles in WordPress?
Enhancing your site’s security can be achieved by removing unnecessary permissions from specific roles. For example, you might revoke the publishing permission from the ‘Author’ role, ensuring that ‘Editors’ can review new posts before they are published.
Now, let’s explore how to easily adjust user role capabilities and even create new user roles on your WordPress site. You can use the quick links below to navigate through this comprehensive tutorial:
- Option 1: Modify User Role Capabilities in WordPress
- Option 2: Create a New User Role With Custom Permissions
Option 1: Modify User Role Capabilities in WordPress
The simplest method to change user permissions in WordPress is by utilizing the free Members plugin. This plugin enables you to tailor the permissions for each user role and even establish entirely new roles.
First, you need to install and activate the Members plugin. For detailed instructions, refer to our step-by-step guide on installing a WordPress plugin.
After activation, navigate to the Members » User RolesVisit this page to view all the various user roles available on your WordPress site.
Locate the role you wish to edit and click on the ‘Edit’ link associated with it.
This will open the user role editor.
The left sidebar displays all the types of content that the user role can edit, read, delete, and more.
Click on a tab to view all the permissions related to that specific content type.
To modify permissions for that content type, simply check the Grant or Deny boxes.
For example, if you want to prevent Authors from publishing blog posts, select the ‘Posts’ tab in the left sidebar and check the ‘Deny’ box next to ‘Publish Posts.’ You can also restrict authors from deleting posts if necessary.
Conversely, you can grant additional permissions to a role.
For instance, if your Authors need the ability to moderate comments, click on the ‘General’ tab and check the ‘Grant’ box next to the ‘Moderate Comments’ option.
You can continue to add or remove permissions by following the same steps outlined above.
Once you are satisfied with the configuration of the user role, click ‘Update’ to save your changes.
You can repeat this process to modify other user roles on your WordPress blog.
Option 2: Create a New User Role with Custom Permissions
The Members plugin allows you to add new user roles to your website easily.
For example, if you’ve created a custom post type called ‘Movies’ and want to enable users to submit posts, including movie reviews, on your WordPress site.
To create a custom user role, simply navigate toMembers » Add New Role.
First, enter a title for the new role.
This title will be displayed next to each user’s name in theUsers »All Userssection and other parts of the WordPress dashboard, so it’s advisable to choose a name that clearly represents the role.
Next, you can start assigning permissions to the new role by checking the various options available.
Once you are satisfied with the custom role, click the ‘Add Role’ button to save your changes. You’ll then be able to assign this custom role to new users.
You can also assign the new role to any existing user’s account.
To do this, go toUsers »All Users.Then, locate the account you wish to modify and click on the ‘Edit’ link.
After completing that step, navigate to the ‘Roles’ section and select the checkbox next to the newly created role.
You can assign multiple roles to a single user, as illustrated in the image below.
Once you have made your changes, remember to scroll to the bottom of the page and click on ‘Update User’ to ensure your modifications are saved.
Effective Management of User Accounts in WordPress
By adding or removing capabilities, you can manage the actions users are permitted to take on your website. This enhances your site’s security, but having additional users can still present a risk that hackers may exploit.
Keeping this in mind, here are some strategies to safeguard your multi-author WordPress site.
1. Require Strong Passwords for All Users
WordPress features a built-in password generator that can automatically create robust passwords for your users.
However, many users overlook the password generator. Therefore, it is advisable to mandate the use of a strong password generator.
For further details, refer to our guide on enforcing strong passwords for users and requiring password changes in WordPress.
2. Implement Two-Factor Authentication
Some hackers utilize automated scripts to attempt to guess users’ usernames and passwords.
Implementing two-step authentication enhances your site’s security by requiring users to enter a one-time code along with their password.
Users usually generate this code through an authenticator app on their computer or mobile device. To gain unauthorized access, a hacker would need both the user’s password and their device, significantly increasing your site’s protection.
For further information, check out our comprehensive guide on adding two-step authentication in WordPress.
3. Install a WordPress Security Plugin
WordPress security plugins safeguard your website by monitoring for suspicious activities and login attempts.
There are many security plugins available, but we recommend Sucuri as it is the top-rated WordPress security plugin. Sucuri effectively blocks malicious traffic before it reaches your server and scans your site for common vulnerabilities.
For additional details, please refer to our in-depth Sucuri review.
4. Install and Configure a WordPress Backup Plugin
In case of emergencies, backups simplify the process of restoring your website and all user accounts. While most WordPress hosting providers offer basic backup options, you often need to set up, create, and manage those backups manually.
A reliable backup plugin can handle all the heavy lifting for you, including automated backups. This allows you to focus more on managing your website.
We highly recommend Duplicator as the top WordPress backup plugin. It’s user-friendly and enables you to easily set up automatic backups, storing them in remote locations like Google Drive, Amazon S3, and Dropbox.
Discover Additional Ways to Personalize User Roles and Permissions
Looking for ideas on how to modify or create new user roles and capabilities?
Using the Members plugin, you can establish a custom user role for your clients and restrict their ability to deactivate plugins. This helps prevent mistakes on your client websites.
Alternatively, you can utilize the PublishPress plugin to oversee roles and permissions related to your editorial process. Here are some articles you might find useful:
- How to Allow Contributors to Edit Their WordPress Posts After Approval
- How to Restrict Authors to Their Own Posts in the WordPress Admin Area
- How to Limit Authors to Specific Categories in WordPress
We trust that this guide has provided you with valuable insights on managing user roles in WordPress by adding or removing capabilities. Additionally, consider exploring our comprehensive guide on safeguarding content in WordPress and our curated selection of top WordPress paywall plugins.
If you found this article helpful, we invite you to subscribe to our YouTube Channel for informative WordPress video tutorials. Stay connected with us on Twitter and Facebook for more updates.
