WPDude not only impressed me with his considerable technical prowess, but also with his integrity and commitment. He really is a pleasure to work with.
Continue Reading »
Your WordPress Coach
Client Testimonials
Ben White – itsfyionline.com
Thank you for making this such an easy experience to move to WordPress from TypePad. I found it much easier for you to get me going for a small fee than spend hours trying to go through the WordPress codex.
Continue Reading »Rich Usini – imwithrich.com
A couple of weeks ago, I was at my wits end. My blog posts were not showing up in Firefox and I needed help, more than you can imagine. None of the tech people that I know good provide me real assistance so, I used my good friend Google. I found WordPress Dude, Neil Matthews. [...]
Continue Reading »Jason Lane – housingcrashhub.com
Neil, I just wanted to say thanks for going above and beyond my expectations with our wordpress consultation the other day. You not only fixed my screw ups, but you also showed me where I was going wrong and how to properly operate the new blog template on a day-to day basis, as well as [...]
Continue Reading »Mike Bluestone – missionpossibledp.com
I must say that Neil AKA WP Dude is customer service oriented and commited to building a strong and honorable relationship with his clients. I’m far from tech savy and was in need of assistance with updating my version of word press. WP Dude went above and beyond the necessary, by updating all of my [...]
Continue Reading »Yvonne Kraft – www.designkitchenideas.com
After spending 3 months setting up my new site I was stuck on the last details to get the site up and running. I was thrilled to find Neil Matthews who took care of the technical stuff to make my site work better so I did not have to spend another 3 months learning things [...]
Continue Reading »
WordPress Roles Explained
WordPress comes with a number of inbuilt user roles to control what registered users can do when they login to your blog. I want to explain the various roles available and what capabilities each type of user will have.
There’s Just Me, Why Do I Need Roles?
If you are a lone blogger who does all the writing and administration themself then you only need two types of user; readers who do not login and therefore don’t need a role and an administrator. This posts is probably not for you, but if this is your scenario, there are a couple of things I recommend:
- Disabled new user registration to keep y0ur blog watertight, this can be done from the WordPress dashboard -> settings -> general and uncheck anyone can register
- Change the default displayed name of the admin account from admin to your own name. This is done from dashboard-> users ->edit the admin account -> complete first name and last name, then from “Display name publicly as” set your full name. This just makes the blog more personal instead of a sterile person called admin writing all of the posts.
I Want a Publishing Empire Tell me About Roles.
When you create additional user accounts on your blog, you can then assign a user to a role, there are five roles subscriber, contributor, editor and administrator. Each has an increasing level of permission to perform actions (know as capabilities) on your site.
This post will take you through each role and it’s capabilities. I will start with the least privledged and build up a profile of the additional things each level can achieve.
How Are Roles Assigned
By default all new users created on your blog will be subscribers, an administator level user then need to edit the user and assign it a new role. This is done from the dashboared -> users -> authors and users -> edit the required user -> from the role drop down, set the user level.
Subscriber
Subscribers have the ability to read your blog posts. This is the same level as unregisters readers and visitors to your blog so why do you need a role for this? The answer is you may not need this level, but some blogs have featured available only to logged in and registers users. Some of those may be:
- To leave comments, this is a spam control procedure
- To see certain posts
- For a private blog where only registered users are granted access, and creation of the users is left up to the administrator
There are various plugins which require a subscriber role so out of the box the subscriber role may not seem neccessary, but each installation is individual.
Contributor
Moving up the scale contributors are at a level where they can create content on your blog.
The contributor can read posts, create and edit posts from the dashboard. They can also delete their own posts which have not been published.
The point to note about contributors is that they can create draft posts but cannot publish them. A more trusted user level is required to edit and make the post publically available.
Author
An author is a more trusted level of contributor, they have all of the permissions of a contributor, but they can also publish their own posts, delete their own published posts and also upload files to add to posts e.g. images to include in posts or videos to play within a post.
Authors only have control over their own content, other authors and contributors posts can be read but not edited or ammended.
Editor
When we reach an editor level we move into site wide permission territory. As the name suggests editors have control over other users content to publish delete and create new posts, but an editor can also created amend and delete pages, have access to, and control over posts marked as private. Check out the visibility of a post it can be public, password protected or private, only editors and above can see private posts and pages.
Editors can create categories, and blog roll link entries, moderate comments and even create and amend new users.
Editors are trusted members of your organisation, they can effect your blog at a fundemental level. What they cannot do is change the look and feel of the site, for that we need an ….
Administrator
The admin level user is the super user for the site, along with all of the other capabilities discussed above, they can change the theme, upload and install plugins edit users and modify the look anbd feel of the dashboard.
Control of who is an administrator of your site is crucial for a secure site, harden the password and condider changing the login ID to something other than admin.
A last Word on Roles and Capabilities
If you have multiple people contributing to your site, make use of roles, assign them the minimum permision required to get their job done, you may have scrupulous procedures to safeguard your passwords, but do your contributors? You may trust them but making them an admin level users when all they need to do is upload their post for editing is just creating a security loophole on your site.
Further Reading
Leave a Reply
Trackback URL
http://wpdude.com/wordpress-roles-explained/trackback/
Thanks for explaining the roles and capabilities in language I understand. I find the WordPress Codex so difficult to comprehend.
[Reply]
Hi, thanks for the post.
I was wondering if know of any plugins that allow manipulation of the Roles’ capabilities. For instance, I would like to have and editor that can edit all content( like they already can), but ONLY for the posts. Not the actual page content.
Any ideas?
[Reply]