In the world of WordPress, user roles and capabilities play an essential role in managing a website. These roles and capabilities determine the level of access and control each user has over various aspects of your site, enabling only authorized users to perform specific tasks or make changes.

All of this helps you maintain a structured, organized, and secure environment for your online business.

This blog post will walk you through the basics of WordPress user roles and capabilities, reasons for updating them, and two methods you can use to update a WordPress user’s role or capabilities with ease.

Banner image for How to Update WordPress user roles and capabilities

Table of contents

What Are WordPress User Roles and Capabilities?

In our post Understand the Difference: Roles and Levels for Membership Sites we talk in depth about the default WordPress user roles, custom roles and capabilities, and more, but here’s a brief overview:

In WordPress, capabilities are individual permissions that grant users the ability to perform specific tasks or access certain features. User roles are predefined sets of capabilities assigned to a particular user.

You can create unique user roles tailored to your website’s needs by customizing user capabilities. This provides a more granular level of control and streamlines the management process by grouping users with similar responsibilities.

Default WordPress User Roles

WordPress comes with five default user roles, each with a unique set of capabilities:

  1. Administrator: Users with this role have full control over the website, including the ability to add, edit, and delete content, manage themes and plugins, create and edit user accounts, and modify settings. Administrators have the highest level of access and should be assigned to a limited number of trusted individuals. As the owner of your membership site, it is important to periodically review the administrator users from the All Users screen in the WordPress admin. Downgrade the access for any users that do not actively need this highly powerful role. Pro Tip: Admins should always have very strong passwords. For ultimate security, consider requiring two-factor authentication on admin accounts.
  2. Editor: Users with this role have the ability to manage and publish all content, including posts and pages created by other users. Editors can also moderate comments, manage categories and tags, and upload media files, but they do not have access to website settings, themes, or plugins.
  3. Author: Users with this role can create, edit, and publish their own content. They can also upload media files, but they cannot edit or delete content created by other users or manage comments, categories, or tags.
  4. Contributor: Users with this role can create and edit their own content, but they cannot publish it. They also cannot upload media files or manage comments, categories, or tags. A contributor’s content must be reviewed and published by an Editor or Administrator.
  5. Subscriber: Users with this role have the most limited access and can only read content on the website. They can manage their own profile, including updating their password and personal information, but they cannot create, edit, or manage any content. This is the primary role for most users of your WordPress membership site, and the majority of sites should use Subscriber as the New User Default Role on the Settings > General screen in the WordPress admin.
Infographic on the five default user roles in WordPress

Why Update WordPress User Roles and Capabilities?

There are a variety of reasons why you might decide to update WordPress user roles or capabilities. Here are a few to consider:

With Growth Comes Change

As a website grows and evolves, its management needs may change, and updating user roles or capabilities can help accommodate these changes, ensuring smooth and efficient website administration. Here are a few reasons why you might decide to update WordPress user roles and capabilities:

  1. Delegate responsibilities among team members. A website owner may want to assign specific tasks to different individuals based on their expertise or job responsibilities. For example, you might want certain roles to be able to approve other members. Updating user roles helps your users fulfill their tasks without being overwhelmed by unrelated options or accidentally making unwanted changes to your website.
  2. Enhance website security. Restricting access to critical features or sensitive data based on user roles can minimize potential security risks. By limiting the number of users with high-level access, you can reduce the likelihood of unauthorized changes or data breaches, protecting your website from potential threats.
  3. Streamline workflows and improve productivity. By granting users access to only the necessary features, you can eliminate distractions and help team members focus on their specific tasks. This tailored approach can lead to more efficient workflows and improved collaboration among team members.
Infographic on the 3 reasons to update user roles and capabilities

Now that we’ve discussed the reasons why you might want to update a WordPress user’s role or capabilities, let’s talk about how to do it.

Method 1: Edit the User Account in the WordPress Admin

WordPress is designed to have one role per user by default. To change a user’s role, you can edit the user account in the admin section.

To edit a WordPress user’s role:

  1. Log in to your WordPress admin dashboard.
  2. Navigate to Users > All Users.
  3. Locate the user you want to edit and click on their username.
  4. In the user profile, find the Role dropdown menu.
  5. Select the new role you want to assign to the user.
  6. Click Update User to save the changes.

If you want to give a specific user more capabilities, you’ll need custom code or a plugin.

Method 2: Use a Plugin to Add Roles or Capabilities to a User

There are several plugins available that can help you add roles or capabilities to a WordPress user’s account. Here are two popular options:

User Role Editor Plugin

The User Role Editor plugin is a versatile tool for managing user roles and capabilities in WordPress. With an easy-to-use interface, it allows website administrators to create custom roles, modify existing roles, and assign granular capabilities to individual users.

This plugin simplifies the process of tailoring access and permissions, giving you better control over your website’s management and enhancing overall security.

To update roles and capabilities:

  1. Install the User Role Editor plugin. Don’t forget to activate it.
  2. Once activated, edit the desired user.
  3. Locate the Additional Capabilities section.
  4. Add the capability you’d like to give the user. For example, add the Membership Approver capability to grant the user the ability to approve other members when using our Approval Process for Membership Add On.

If you require two or more roles per user or need granular capability access, this plugin is a solid choice. To grant granular capabilities, simply navigate to the Edit User page, click “Edit” in the Capabilities section. If you’re using our Approvals Add On, for example, you can add the “pmpro_approvals” capability to a single user using this screen.

The Roles for Membership Levels Add On for Paid Memberships Pro

The Roles for Membership Levels Add On for Paid Memberships Pro enhances the functionality of your WordPress membership site by automatically creating a new role for each existing or newly added membership level.

The custom roles generated by this plugin inherit the basic capabilities of the “subscriber” role, but they can be adjusted to fit your specific needs.

Ultimately, you can sync membership levels with user roles to the degree that even other plugins that manage capabilities and access by role can be integrated with your membership.

All of this streamlines user management and access control, and helps you create a personalized and organized experience for members on your site.

Conclusion

Updating a WordPress user’s role or capabilities can be a straightforward process when you know which method to use. Whether you edit the user account directly in the WordPress admin or utilize a plugin, these methods will help you manage your website more effectively.

If you want to customize how users access your WordPress site, chances are that a membership plugin has many of the features you need. Download Paid Memberships Pro today and get a complete set of tools that will help you create a robust and personalized membership experience.

PMPro Team

Author: PMPro Team

The editorial staff at Paid Memberships Pro is a team of WordPress membership site and online business experts led by Kim and Jason Coleman. Trusted by over 350,000 readers worldwide.