WordPress user roles control who can do what on your site. There are six default roles, Administrator, Editor, Author, Contributor, Subscriber, and Super Admin, each with a different set of permissions called capabilities. Understanding them helps you build secure, organized workflows whether you’re managing a blog, running an agency, or handing a site off to a client.
This guide covers every default WordPress user role, what each one can and cannot do, how to customize roles with code or plugins, and how to manage client access without giving away the keys to the kingdom.
Table of Contents
Key Takeaway
WordPress has six default user roles, each with a predefined set of capabilities that control access to the dashboard and content.
The principle of least privilege applies here: always assign the minimum access a person needs to do their job.
You can create custom user roles using PHP functions (add_role, add_cap) or plugins like User Role Editor.
What Are WordPress User Roles?
A WordPress user role is a label assigned to a user that determines what they’re allowed to do on the site. Each role comes bundled with a set of capabilities, granular permissions like publish_posts, edit_pages, install_plugins, and manage_options.
Think of it this way: a role is a job title, and capabilities are the actual tasks that come with it. WordPress groups capabilities into roles so you don’t have to configure each user individually. You assign a role, and WordPress handles the rest.
When you first install WordPress, you get six roles out of the box. Over time, plugins like WooCommerce, LearnDash, or Yoast SEO can add more. Understanding the defaults first makes everything else much easier to manage.
The 6 Default WordPress User Roles
Here is a breakdown of every default role and what each one can and cannot do.
Let’s look at each one in detail.
Administrator
The Administrator has complete control over a single WordPress site. They can install plugins and themes, change any setting, manage all content, add or remove users, and change user roles. This is the most powerful role and should be treated accordingly.
Reserve it for site owners, lead developers, or senior agency staff who genuinely need full access. A good rule of thumb: if someone needs to log in just to update blog posts, they do not need to be an Administrator.
Editor
Editors manage content across the entire site. They can publish, edit, and delete posts and pages written by any user, moderate comments, manage WordPress categories and tags, and upload media. What they cannot do is touch plugins, themes, settings, or users.
This role is ideal for content managers in multi-author blogs, agency team leads who oversee content quality, or any trusted person who needs editorial control without site administration access.
Author
Authors can write, edit, publish, and delete their own posts. They can also upload media files. Everything else is off-limits, they cannot touch other users’ content, access settings, or make any structural changes to the site.
This role works well for regular blog contributors, freelance writers who publish independently, or any team member focused purely on content production.
Contributor
Contributors can write and edit their own draft posts, but they cannot publish them. Every post they create sits in draft until someone with a higher role, an Editor or Administrator, reviews and publishes it. Contributors also cannot upload images or files.
Use this role for guest writers, new team members on probation, or clients submitting content for review before it goes live.
Subscriber
Subscribers have the least access of any role. They can read content and manage their own profile. That’s it. On a standard public blog, most visitors never need an account, but Subscriber access becomes valuable on membership sites, learning platforms, or any site where logged-in users get access to gated content.
Super Admin
Super Admin is exclusive to WordPress Multisite networks. In a Multisite setup, a Super Admin can manage all sites across the network, including enabling themes and plugins network-wide. On a single-site installation, this role does not apply.
WordPress User Roles for Developers and Client Handoffs
One of the most common real-world needs that default WordPress roles don’t quite solve is the client handoff. You’ve built a site, handed it over, and you need the client to be able to edit content, but you don’t want them accidentally deleting a plugin, changing the theme, or breaking something you spent hours setting up.
The Editor role gets you close, but clients often need slightly different access depending on the project. This is where a custom user role makes all the difference.
A “Client Editor” role, for example, might include full access to posts and pages, the ability to upload media, and permission to manage some WooCommerce products but with plugin management, theme access, and user management completely removed.
Did You Know?
InstaWP lets you spin up a WordPress sandbox in seconds and test any custom role configuration before it touches your live site. You can add the role, assign it to a test user, log in with that user, and verify exactly what they see; all without putting any real site at risk.
How to Create Custom WordPress User Roles
WordPress’s default roles cover most use cases, but they don’t cover everything. You might need a “Client Editor” who can update pages but can’t touch plugins, or a “Shop Manager” with WooCommerce access but no admin privileges. That’s where custom roles come in.
There are two ways to create them: writing PHP directly, or using a plugin. This section walks you through the plugin approach using User Role Editor, which is the most practical option if you want a visual interface and don’t want to maintain custom code across multiple sites.
Method 1: Using Code
WordPress ships with two core functions for role management and two for capability management. Here is how they work.
To add a new custom role:
function register_client_editor_role() {
add_role(
'client_editor',
'Client Editor',
array(
'read' => true,
'edit_posts' => true,
'edit_published_posts' => true,
'publish_posts' => true,
'delete_posts' => false,
'upload_files' => true,
'edit_pages' => true,
'edit_published_pages' => true,
'publish_pages' => false,
)
);
}
add_action( 'init', 'register_client_editor_role' );Add this to your active theme’s functions.php file or, better yet, a site-specific plugin so changes survive theme updates.
To add a capability to an existing role:
$role = get_role( 'editor' );
$role->add_cap( 'manage_woocommerce' );To remove a capability:
$role = get_role( 'author' );
$role->remove_cap( 'delete_posts' );To remove a role entirely:
remove_role( 'client_editor' );One important note: add_role() only needs to run once. If you call it on every page load, it won’t cause errors, but it adds unnecessary overhead. Ideally, hook it to a plugin activation function or theme setup routine.
Method 2: Using a Plugin
If you’d rather not write PHP, the User Role Editor plugin gives you a visual interface for everything above. You can create new roles, clone existing ones, add or remove individual capabilities with checkboxes, and manage multiple roles in bulk. It’s a solid choice for agencies managing many different client configurations without maintaining custom code across projects.
Did You Know?
When you create a client role configuration that works well, you can save the entire WordPress setup as a snapshot in InstaWP and turn it into a reusable WordPress template. Next time you build a similar project, you start from a pre-configured environment with the right roles already in place; no repeated setup needed.
We’re using the User Role Editor plugin here. Install and activate the User Role Editor plugin from the WordPress plugin repository (Plugins > Add New > search “User Role Editor”).
Once active, you’ll find it under Users > User Role Editor in your admin menu.
The main screen shows a dropdown of all existing roles on the left, a full list of capabilities in the center displayed as checkboxes, and controls to add, clone, or delete roles on the right.
Rather than building a role from scratch by checking individual capabilities one by one, the fastest approach is to clone an existing role that’s already close to what you need, then adjust from there.
Here’s how to do it:
Open Users > User Role Editor.
In the role dropdown, select the role you want to base your new one on. For a client-facing role, “Editor” is usually the right starting point. Click Add Role.
Give it a machine-readable ID (for example, client_editor) and a display name (“Client Editor”). Check the box that says “Make copy of” and confirm the base role is selected.
Click Add Role to confirm. You’ll now be editing the new role with all of the base role’s capabilities pre-checked.
Adjusting Capabilities
This is where it gets precise. The plugin lists every registered capability on the site, including those added by plugins like WooCommerce or Advanced Custom Fields. By default, the view is filtered to show only capabilities that are currently checked for the role.
To review everything available, check the Show all capabilities option. Then work through the list and check or uncheck based on what you need.
For a typical client editor role, you’d want to uncheck things like:
edit_theme_options(prevents access to the Customizer)install_pluginsandactivate_pluginsedit_usersanddelete_usersimportandexport
And keep enabled things like:
edit_pagesandedit_published_pagesedit_postsandpublish_postsupload_filesread
Once you’re satisfied, click Update to save the role.
If you prefer a more guided experience, the Melapress Role Editor plugin is a good alternative. It walks you through the entire role creation process with a step-by-step wizard, making it especially beginner-friendly while still offering advanced configuration options for experienced administrators.
To get started, install and activate the plugin from your WordPress dashboard by navigating to Plugins > Add Plugin and searching for “Melapress Role Editor.”
Once activated, the plugin adds two new options to your dashboard menu:
- User Roles for creating, editing, and managing role capabilities
- User Role Tools for assigning, migrating, backing up, and restoring roles
By default, the plugin comes with ready-to-use custom roles: Business Owner, Content Editor, Designer, and others. After activation, the wizard gives you three ways to proceed:
- Create a new role from scratch
- Copy and edit an existing default WordPress role (Administrator, Editor, Author, Contributor, or Subscriber)
- Clone a Melapress pre-built role and customize it to your needs
To create a new role, give it a clear title and short description (for example: Editor Assistant – can upload and edit articles without publishing), then toggle the capabilities you want to assign, such as creating and editing posts, moderating comments, and uploading media.
Once done, assign the role to a user by typing their username: the plugin will auto-suggest matches.
Note: You can assign multiple roles to the same user; a secondary role simply adds its capabilities on top of the primary role.
After reviewing the role summary, click Create the New User Role, and it will appear in your User Roles manager, ready to use.
How to Assign a User Role in WordPress
Assigning a role is straightforward from the WordPress dashboard.
Go to Users > Add New to create a new account and choose a role from the dropdown before saving.
To change an existing user’s role, go to Users > All Users, click the user’s name to open their profile, scroll to the Role field, and select the new role.
You can also bulk-change roles: select multiple users from the Users list, open the “Change role to…” dropdown above the table, select the target role, and click Change.
Why Getting User Roles Right Matters
The security case for proper role management is straightforward. Every user with Administrator access is a potential entry point. If that account gets compromised, whether through a weak password, phishing, or a session hijack, an attacker inherits every capability that account has. Keeping Administrator accounts to a minimum and giving everyone else the lowest role that lets them do their job reduces your exposure significantly.
The workflow case is equally practical. When an Editor can’t accidentally install a plugin, your site stays stable. When a Contributor’s posts require approval before publishing, your content quality stays consistent. When a client has the right role, your post-launch support calls get shorter.
Testing Custom Roles Before Going Live
Before you deploy any custom role configuration to a production site, test it. Log in as a user with the new role and verify every permission behaves the way you expect. Check what appears in the dashboard, what’s accessible in the admin menu, and what happens when that user tries to access something restricted.
The safest way to do this is on a WordPress staging site that mirrors your live environment. Set up the roles, assign them to test users, verify the behavior, and only then push the configuration live. This is especially important if you’re removing capabilities from an existing role, some plugins hook into capabilities in ways that can break functionality unexpectedly.
InstaWP makes this fast. You can create a full clone of any live site in a few clicks, test your role setup, and push changes to production once everything checks out. It also supports 2-way sync, so you can apply only the changes you want without overwriting new content that was added while you were testing.
To create a staging site, install and activate InstaWP Connect on your live site.
Go to Tools > InstaWP and connect your WordPress site to your InstaWP dashboard. Then, click on Create Staging Site.
Select your preferred type of staging, and click Next Step.
Continue with the process, confirm your settings, and click Create Staging.
Once created, you can use the Magic Login button to log straight into the staging site.
You can then proceed with your user role and capabilities configurations and test their access and permissions to be sure everything is working fine before pushing them to live.
User Management via InstaWP Dashboard
InstaWP allows users to connect and manage multiple WordPress sites from one single dashboard. One of the site management features is user role management, which will enable you to easily add and modify users and their roles for any connected site from the InstaWP dashboard.
So, if you have 24 sites, for example, you will be able to manage user roles using one dashboard instead of 24.
To add a new user to a connected site, click on the site and go to Settings > Manage > User > +Add User.
As you can see from the image, you can assign user roles to the user from your InstaWP dashboard, including existing custom user roles.
Using Role-Specific Access to Improve UX and Workflow
You can use role-specific access to improve user experience (UX) and workflow in your WordPress site by granting each user the right level of access to specific areas, functionality, and tools they need to carry out their respective tasks. You will be able to mitigate risks from accidental changes by limiting users from unauthorized zones. You can use role-specific access for various actions that enhance productivity, including:
- Customize the user dashboard based on each role.
- Manage the submission, review, and publishing process of content creation.
- Grant security privileges to qualified users.
- Provide SEO specialists access to SEO optimization tools and settings only
- Create special teams for specific actions like customer support, client manager, etc.
- Create exclusive or gated content for premium users.
- Control visibility of Gutenberg blocks based on different user roles.
- Streamline specific notifications to specific user roles, such as “opened tickets” to customer support, “placed orders” to the sales and logistics team, etc.
- Provide role-specific guides, training, or documentation (e.g., for entry-level users or beginners).
Ready to Manage WordPress Sites Without the Headaches?
Whether you’re configuring roles for a multi-author blog, building a client-ready handoff workflow, or testing a custom permissions setup, InstaWP gives you a clean environment to do it right.
Get started with $25 in free credits and spin up your first WordPress environment in seconds. No credit card required.
Frequently Asked Questions
What is the difference between a WordPress user role and a capability?
A role is a named group of capabilities; it’s the label you assign to a user. A capability is a single permission, like publish_posts or install_plugins. WordPress groups capabilities into roles so you manage access by role rather than setting individual permissions for every user.
Can I create a custom WordPress user role without a plugin?
Yes. WordPress provides the add_role() function to create custom roles with any combination of capabilities. You can also use add_cap() and remove_cap() to modify existing roles. Add this code to your theme’s functions.php file or a custom plugin.
What WordPress role should I give a client?
It depends on what the client needs to do. If they only need to write and update content, the Editor role usually works. If you want tighter control, create a custom “Client Editor” role that removes access to plugins, themes, and user management. Never give a client the Administrator role unless they specifically need it and understand the risks.
How do I give a developer temporary access to my WordPress site?
Create a new user with the Administrator role, give them temporary login credentials, and delete or demote the account once the work is done. InstaWP also offers magic login links, which let you share secure, single-click access to a staging environment without exposing passwords.
What is Super Admin in WordPress and when does it apply?
Super Admin is a role exclusive to WordPress Multisite networks. It gives one user control over every site in the network, including the ability to install plugins and themes for all sites. On a standard single-site WordPress installation, Super Admin does not exist as a separate role.
How do I safely test a new user role configuration?
Create a staging or sandbox version of your site, add the new role, assign it to a test user, and log in as that user to verify every permission. Only push the changes to production once you’ve confirmed everything works as expected. Tools like InstaWP let you create a WordPress sandbox in seconds for exactly this kind of testing.
