A Guide to WordPress & WooCommerce User Roles and Security

We’ll go right to the source for the user roles & permissions when you have a WordPress website.

WordPress uses roles and permissions to allow the website owner the ability to control who can do what.

WordPress has 6 pre-defined user roles.

• Super Admin
• Administrator
• Editor
• Author
• Contributor
• Subscriber

SUPER ADMIN is somebody with access to the site network administration features and all other features. They have the ability to:

• create sites
• delete sites
• manage the network (on a multi-site install)
• manage the websites within the network
• manage the network users
• manage the network plugins
• manage the network themes
• manage the network options
• upgrade the network
• setup the network
• in the case of a single WordPress site installation, Administrators are, in effect, Super Admins.

ADMINISTRATOR (ADMIN) is somebody who has access to all of the administrative features within a single site. They have the ability to:

• activate plugins
• delete others’ pages & posts
• delete pages & posts
• delete private pages & posts
• delete published pages & posts
• edit the dashboard
• edit others’ pages & posts
• edit private pages & posts
• edit published pages & posts
• edit theme options
• export
• import
• list users
• manage categories, links and options
• moderate comments
• promote users
• publish pages & posts
• read private pages & posts
• create, edit, read and delete reusable blocks
• remove users
• switch themes
• upload files
• customize
• delete the site
• update the core, plugins themes
• install plugins and themes
• delete plugins and themes
• edit plugins, themes, files and users
• add, create and delete users
• use unfiltered HTML

EDITOR is somebody who can publish and manage posts, including posts of other users. They can:

• delete others’ pages & posts
• delete pages & posts
• delete private pages & posts
• delete published pages & posts
• create, edit and delete reusable blocks
• edit others’ pages & posts
• edit private pages & posts
• edit published pages & posts
• manage categories and links
• moderate comments
• publish pages & posts
• read private pages & posts
• unfiltered HTML
• upload files

AUTHOR is somebody who can publish and manage only their posts. They can:

• delete posts
• delete published posts
• edit posts
• edit published posts
• read
• upload files
• create, read, edit and delete their own reusable blocks

CONTRIBUTOR is somebody who can write and mange their own posts, but cannot publish them (make them live). They can:

• delete and edit posts
• read
• read reusable blocks

SUBSCRIBER is somebody who can only manage their profile. They can:

• read

This assumes that there is not a plugin for “user role editor”; then, each user can have a customized role with customized functionality and permissions.