If you are a single blogger who does all the writing and administration yourself, then you only need two types of user roles for your posts: Administration and Subscriber. As a lone blogger, you may not even need to define roles in your posts if you do not have contributors or other editors who do not log in and therefore don’t need a role. This post may not apply to you.
Many bloggers may not know what the heck the difference is between an author and a contributor. For bloggers who have contributing guest posters or authors, here are the definitions of roles and the users permissions.
User Roles Defined
When you create additional user accounts on your blog, you can assign a user to a role for blog posts. There are five roles: subscriber, contributor, author, editor and administrator. Each role has an increasing level of permission to perform actions on your site with administrator being at the top level.
All of the user information is under dashboard -> users -> and only an administrator can assign roles. By default all new users created on your blog will be subscribers, an administrator level user then will need to edit the user and assign it a new role, if necessary. Each role will have the same permissions as the role beneath it, PLUS any additional permissions as defined below.
5. Subscriber
Subscribers is the lowest level and these users have the ability to read all of your blog posts. Subscribers have the same permissions as an unregistered reader or any visitor to your blog. Why do you need to assign a role for this user? In most cases, you will not need to, but some blogs have features that are only available to registers users. Some examples may be:
- Allow user to leave comments to prevent spam control
- Allow user to read certain posts
- A private blog which only grants registered users access to your blog
Having this role allows flexibility if that is required.
4. Contributor
The next level for a user role is contributor. Contributors can create content on your blog. The contributor can create and edit posts from the dashboard. They can also delete their own posts which have not been published.
The big thing to point out about contributors is that they can create draft posts but cannot publish them. This is a great role for one time guest bloggers or a writer you may not have a long-standing relationship with. A higher user level is required to edit and publish the post.
3. Author
An author is a more trusted level of contributor. Authors have all of the permissions of a contributor, but they can also publish their posts and delete their own (published) posts. In addition, they can upload files to add to their posts (e.g. images or videos within a post).
*Authors and contributors only have control over their own content!
2. Editor
When a user is granted editor level, site wide permission is allowed. This is only recommended for a highly trusted user and a regular contributor to your blog. As the name suggests, editors have full control over your blog posts. They can create, edit, publish, and delete ALL users content (including private posts). In addition, an editor can:
- create, amend and delete pages
- create categories
- add blog roll link entries
- moderate comments
- create and amend users.
As I have mentioned, editors are trusted members of your blog and can affect your blog at a fundamental level. But, they cannot change the actual look and feel of the website.
1. Administrator
The administrator level user is the highest level user for the site. This is the role of the blog owner who has complete control and access to the blog. Along with all of the other capabilities mentioned above, they can change the theme, any CSS or HTML code to change the look of the site, upload and install plugins, etc. Administrators control everything under the dashboard.
Administrator access is typically only assigned for the blog owner with few exceptions. Temporary admin control may be used for web designers to tweak your blog. You can create a admin user with a temporary password to enter your blog to make these adjustments, but should change the password as soon as the design is complete! Control of the administrator role is critical for a site security. Be sure you have a strong password, and consider changing the log in username to something other than “admin”.
Other Tips on Roles and Capabilities
If you have multiple writers contributing to your blog, assign them the minimum permission required to contrubute. Even if you trust them, if they are only writing blog posts, there is no reason to give them editor or admin permissions! After a significant amount of time, you can upgrade the level, but be sure you trust the user. You will want to inform them of this upgrade and lay down some ground rules for this new level of permissions.
I would also recommend disabling NEW user registration for security reasons. Only you should decide who is going to be a user on your blog. Uncheck “anyone can register” under dashboard -> settings -> general.
Change the default displayed name of the admin account from admin to your own name. This is done from dashboard-> users ->edit the admin account -> complete first name and last name, then from “Display name publicly as” set your full name. This makes the blog more personal instead a post written by “admin” on your blog.
User roles can be a great tool if used properly and securely. It can cut down on some of the work if people can put posts directly into your blog. Use the roles appropriately and check your draft posts in case a contributor wants to add a guest post!