WordPress makes running a highly functional website simple for site owners and webmasters. You’ll undoubtedly want to enlist the support of others to make the most of your WordPress site.
You might want to assign the capacity to publish blog entries to a third-party contractor. Or use a developer to assist you in creating new pages. But, giving complete access to your WP site can be alarming and represent a security concern.
WordPress roles come into play in this situation. Website owners have complete control over what users can and cannot do on the site, thanks to roles.
You won’t have to worry about people doing things on your site that they aren’t allowed to do with WordPress user roles.
- 1 Should Admin Access be Given to Plugin Developers for Fixing Bugs
- 2 Why the need for admin access
- 3 Should you give admin access
- 4 WordPress User Roles – What are they?
- 5 Administrator
- 6 Editor
- 7 Author
- 8 Contributor
- 9 Subscribers
- 10 Bonus: Super Admin
- 11 Managing WordPress User Roles from User section
- 12 Create Your Own Custom WordPress User Roles
- 13 Manually Assigning WordPress User Roles
- 14 Using a Plugin
- 15 3 Tricks For WordPress User Roles
- 16 Trick #1: Super Admin For WordPress Multisite
- 17 Trick #2: Limit Admins and Editors
- 18 Trick #3: Customize Roles Accordingly
- 19 Conclusion
Should Admin Access be Given to Plugin Developers for Fixing Bugs
Have you ever installed a WP plugin only to discover that it isn’t functioning properly?
It doesn’t matter if it’s a free plugin because you can change it. But what if you paid for this plugin?
You have the option to seek help. But, the plugin creator may request admin access to your site to debug the problem in some situations.
Giving third-party developers admin access is unsettling. I understand that as a plugin user.
Should you allow WordPress plugin developers admin access to patch bugs? Let us start by knowing why a plugin developer needs your WordPress admin access.
Why the need for admin access
When you report a bug, most good developers try to replicate the problem on their testing site first. Then, if they can reproduce the problem, they will fix it and update the plugin.
Now, if they can’t reproduce the bug you’re describing, they won’t be able to solve it. You’re probably wondering why these brilliant developers can’t recreate the issue you’re facing.
That’s because each website is unique. In addition, there are many web hosting environments and plugin/theme combinations to choose from. One or more of these variables could be the source of the problem.
When a plugin developer tests their plugin, they use the default WordPress theme and don’t have any other plugins installed.
As a result, the bug you’re seeing may be unique to your website. Or there’s a fault with the theme you’re using or a combination of other plugins you’ve installed.
To solve the bug, plugin developers must first figure out what’s causing the problem. This is why they request access to your WordPress admin panel, so they can access all the same settings.
Should you give admin access
If you want the bug corrected, you must give plugin developers admin access.
No, you do not need to grant them administrative access to your live site. The plugin developer requires the same environment as your live site. That is the same host, same plugins installed, same themes, and same settings).
Your main site is not required for them to have access. The user is concerned that the plugin author will wreak havoc on their live site. This, in turn, will affect hundreds or thousands of visitors. Giving them access to a staging or test site is the solution.
In a nutshell, you must install WordPress on a subdomain, such as testing.yoursite.com. This will ensure that it uses the same theme and plugins as the main site. Next, make sure you’re getting the same bug on this test site as you are on your real site (which you should).
You can request a staging environment from your web hosting company’s support team. Simply request that they reproduce the site on a subdomain, and they will do so much more quickly than you.
You can also migrate your settings using a plugin like BackupBuddy.
After you’ve created the staging/test site, you can grant admin access to the plugin developer.
It’s a good idea to set up a staging environment, so consider it an investment.
WordPress User Roles – What are they?
A role is a set of behaviors, activities, rights, or responsibilities. These are imagined by people performing in a specific context. As a result, you can define WP user roles as the rights and authorities granted to various users. It establishes a set of specified permissions for what the site’s owner and users can and cannot do.
WordPress comes with five predefined user roles. Once you have a good understanding of these responsibilities, you may restrict Dashboard access to meet your needs. So, let’s take a closer look at each of them.
During the installation of WordPress, a new user is created with a username and password. The administrator role is given to that particular user. All operations on a WP site are available to the administrator, who has full access and control.
The person with the job of administrator can install, edit, and delete WP themes and plugins. They can also add, edit, publish, and delete any post made by any user on the website in the same way. As a result, an administrator is the most powerful WordPress user role. It gives you complete authority over your website.
You might be wondering what the job of a Super-admin is now. In the event of a WordPress multi-site installation. The super admin is given some of the administrator’s capabilities.
By default, a super-admin has all the skills of an administrator. It also has the ability to manage not only users but also administrators. As a result, an administrator has the most privileges (after super-admin, if there are any).
By looking at the name of the role, we can see what skills the user with this role might have. But, the editor has complete authority over the content part of a WordPress site. They have the ability to write, edit, publish and even remove posts. Not only may they do this with their own postings, but they can also do it with other users’ posts.
They also have the ability to moderate, approve, and delete content. Also, they get access to private postings and pages as part of their privileges. But, this user position imposes some limitations. WP settings, themes, plugins, and widgets are not accessible to users with the editor role.
Because it is the second most powerful WordPress user roles, we strongly advise you to assign it to only those you can completely trust.
The author is one of the predefined WordPress user roles, as its name suggests. This job allows the user to write, edit, and publish their own content. They can also upload files to the media library as needed, as well as delete any past uploads.
But, they do not have access to any of the posts made by other users. They also have the ability to create posts but not categories. As a result, they can only choose from the accessible categories.
Furthermore, while the author can see the comments, he or she cannot control or approve them. They are also unable to remove the comment. They have no access to the site management responsibilities in general.
Hence, an author is one of the user roles in WordPress that is comparatively at lower risks.
Contributors have the ability to create and edit their own posts. But, they do not have the authority to publish any posts, even their own. The contributor’s biggest flaw is that they can’t even upload media files.
This means that someone with this role is unable to upload photographs to their own posts. They can add tags to the articles, which some may see as a consolation. But, they do not have access to the settings, themes, or plugins.
This user role is a great alternative for site owners who want visitors to come to their site and only write.
To be more specific, you can assign this function to guest authors who provide their articles sometimes.
A subscriber is a WP user role that has the most limited access and capabilities of all the WordPress user roles. The subscriber user role is limited. They can only create and maintain their profile on a website unless you alter the default capabilities.
They can also change their passwords if they so desire. But, they are not permitted to write or publish articles.
This function is best suited to those who are passionate readers and commenters. Also, you can refer to this user position to people that have subscribed to a site to receive regular updates.
Bonus: Super Admin
Only a WordPress Multisite Network can use this user role. On a multi-site network, users with the super admin user role can add and delete sites on a WordPress multi-site setup. They can also install plugins and themes, add users, and perform network-wide tasks.
Managing WordPress User Roles from User section
From your WordPress admin panel, you can assign these default user roles. Let’s have a look at how you can manage the user roles from the user section.
To begin, go to your WordPress Admin Panel and log in.
After that, go to Users> All Users.
After that, you have the choice to adjust the roles of the users as needed, as seen in the figure below.
Create Your Own Custom WordPress User Roles
How to create new custom WordPress user roles?
Using the same Capability Manager Enhanced plugin. You may establish your own custom user roles in WordPress with your own set of capabilities.
- Go to Users » Capabilities
- Enter the user role name in ‘Create New Role‘ after installing and activating the plugin.
A magazine website, for example, may need a staff member to actively moderate comments. You could wish to create a user role that can solely filter comments in that instance.
- Create a new user role
- Then pick the moderating comment option from the ‘Other WordPress Capabilities’ section
Manually Assigning WordPress User Roles
Log in to your website, go to Users, and create a new user.
Fill in the relevant details and assign the required position on the next page.
Finally, select Add New User from the drop-down menu.
You can use this technique to change the role of a user who has already been assigned to another role. Look for the user in Users. When you’ve discovered what you’re looking for, click edit. Then, as appropriate, change the user’s role and save the changes.
Using a Plugin
You can also use plugins to add and manage users. The following are some of the most popular plugins for this purpose:
These plugins are particularly handy, especially when you need to establish new user roles that have different permissions than the six basic roles.
3 Tricks For WordPress User Roles
Here are some short ideas and best practices you can use on your WordPress website. These tips will make understanding and managing WordPress roles much easier.
Trick #1: Super Admin For WordPress Multisite
Make sure you use the super admin role if you’re running many sites from the same WP installation. This feature is only available on multi-site WordPress networks.
Super admins have complete control over all network-wide activities in WordPress. This includes adding and deleting sites, installing plugins, managing themes, and so on. It’s WordPress’s most powerful role, and it’s usually best if you keep it to yourself.
Make sure you’re using a web hosting service that can handle your needs if you’re using WP multi-site. This type of setup necessitates a little more processing power from your server.
Trick #2: Limit Admins and Editors
It may be tempting to start granting full access to your WP dashboard to strangers. But, this is not a good idea. At most, you’ll only need one administrator and one or two editors.
Follow the “principle of least privilege” at all times. This IT security concept states that users should only have the privileges they need to do their jobs. This is why an editor can’t remove your theme or add a new plugin, for example. An editor’s job does not need these skills.
Trick #3: Customize Roles Accordingly
The default roles are adequate for most purposes. But they are unlikely to meet all your requirements. So you may change how different people have access to your WordPress site. You can also adjust capabilities based on your workflow.
You might, for example, opt to allow contributors to submit files to WordPress. You might like to allow authors to regulate comments. It’s easy to customize distinct roles at scale. You can do this by using a plugin or a third-party application.
You’ll need the help of others to administer your website. After you’ve assembled your team, the next step is to assign roles to each member. To be able to govern their experience on your site. Customers and readers need responsibilities and skills as well.
It’s worth noting that different plugins may introduce new roles to your site. If you install an SEO plugin, for example, you can introduce new roles such as “SEO Manager” and “SEO Editor” to your site. We went through the various user roles and permissions, as well as how to use them in this article. I hope you found it useful.