WordPress started out as a blogging platform, and most people are aware that you can have multiple user accounts within one website. You can have one (or multiple) admins, and people designated with any of the default user roles:
WordPress Roles Simplified
subscriber: read capability
contributor: can write posts but not publish
author: can write, publish, and manage posts
editor: can write, publish, manage, and edit other’s posts
Each, of course, has it’s own hierarchy of capabilities (as listed above). Today since WordPress is a fully matured CMS, most websites are for business, and user account needs might be slightly different (depending on the type of website).
There are (of course) hundreds of free plugins available in the repository for user and role management. Today we’ll briefly review some of the more popular ones you should know about (concentrating on ones with at least one update in 2021).
What can each WordPress role do?
By default WordPress user roles have the basic capabilities listed above, but there is no way (out of the box) to edit them. Let’s say you have an editor and you want to give them the ability to add or remove plugins. You can’t do that without making them an admin (and giving them access to everything).
Enter the User Role Editor plugin. Easily select a role and change it’s capabilities by simple checkboxes.
It also allows you to add new roles, as well as new capabilities.
This is a very mature plugin with more than 360,000+ downloads, and active supportive developers. You can tell how widely used it is since it’s has 19 different language translations available. Another bonus is that it works with WordPress multisite.
The Role Scoper plugin has been around quite a few years, it was one of the first roles and capabilities plugins out for 2.x versions of WordPress.
One thing you have to be careful of with roles and capabilities plugins, is that many (like the old Role Manager, or Capability Manager) store their changes (for roles) in the main WordPress database. This means when the plugins are deactivated – the changes you made will remain in WordPress. This is not the case with Role Scoper, when you deactivate the plugin the changes are turned off.
Role Scoper differs because it controls permissions for reading and editing on top of WordPress roles (it complements them).
The image above shows a WP page edit screen and the role scoper fields for restricting read access to specific users or groups.
Role Scoper fulfills a specific need, by allowing content restriction by role. Download Role Scoper here
Also back in the early 2.x series of WordPress was a popular plugin called Capability Manager.
You’ll see when you visit that link an image like the one above warning you the plugin hasn’t been updated in 2+ years. That’s a good indication it’s no longer supported and there is no active development.
Enter Capability Manager Enhanced. The great things about free open source plugins is that anyone can take that code and make it into something different (or better).
New developers picked up where the old plugin left off. The old plugin was great because you could edit standard WordPress roles, and create new ones (and you can do that in this version too).
This new version has an improved UI that organizes the capabilities a bit better.
– manage role capabilities
– create and delete roles
– backup and restore roles
– revert to WordPress default roles and capabilities
You can see in the image above how easy it is to edit and refine the capabilities of foles by checking off what you want.
S2Member is as popular WordPress membership plugin. Many times roles and capabilities in WordPress are tied to membership. A membership website could be anything from a club, organization, or community group – to paid tutorials, classifieds, auctions, social media website, or learning management system (LMS).
This is also a mature plugin that’s been around for a few years+ with more than 280,000+ downloads and has high ratings. It also has it’s own support forum, codex, knowledge base, and video tutorials. This is far more documentation than you’ll find in almost any other membership plugin.
Having said all that, the free plugin is called the S2Member Framework. Visit that link and you’ll easily see the differences between free and pro.
You can use the plugin for free and you get features such as:
– paypal payment integration
– built in roles and capabilities
– custom membership levels
– custom registration profile fields
– custom email templates
– customizable login welcome page
– customizable membership options page
– shortcodes for profile editing
– content restriction functionalities
– file download restrictio functionalities
– mass promotion / demotion / deletion of users
– integration with mailchimp and aweber
– preintegrated with many affiliate programs
– compatible with buddypress and bbpress
Basically in pro a paid license gets these additional features:
– custom paypal thank you page
– paypal pro options
– paypal subscription options
– support for coupon codes
– buy now for specific posts or pages
– authorize.net integration
– google checkout integration
– clickbank integration
– unlimited paid membership levels
– customizable one time offers
– CSV import and export
– specially designed pro login widget
– remote operations API for programmers
– supports restriction in WordPress multisite
If you need to control membership within your WordPress website, S2Member is a great way to go. You can download S2Member here.
BAW Moderator Role is a brand new WordPress plugin that adds a comments moderator role for your website. If you think about it comment spam and trolling plague any busy website. This is why so many busy blog use a service for commenting like disqus. Bigger websites (like Mashable) for user registration for commenting that links to a profile page only. Forums have moderators – why shouldn’t a busy website?
This is a very cool plugin that fulfills that exact need. Just enable the plugin (there is no settings page) and assign the comment moderator to a registered user of your site. They’ll see the icon in the admin toolbar as in the image above and be able to moderate comments in your site – simple as that (no other role or admin ability required).
Also the author provides a hack on the FAQ page if you want moderators to be able to moderate their own comments only.
Let’s say you have multiple users in your website on various roles, and you want them to login to your website without having to visit the default wp-admin or wp-login.php URL’s? There is a “meta widget” in WordPress by default you can use for login – but maybe you want it inserted in a post or page, or you want to customize it?
WP Flogin gives you a settings page to build a custom login form, and then the additional ability to insert in anywhere you want.
WordPress has “revisions” on by default for posts and pages (saves multiple versions to fall back on), and it keeps track of what author made changes on what date. WP is also smart enough to tell you if another author already has a page/post open on the edit screen (with a warning message).
What it doesn’t have are any tools for approval or workflow. You can have standard roles submit content (contributor) as draft, to be reviewed by another role (editor or admin) – but that’s about it.
Enter the Revisionary plugin, which allows immediate or scheduled approval of content. You get the ability to suggest changes to content using “pending revisions”, you can schedule revisions, and there’s even a revision management form. This plugin creates a new role called “Revisor”, which is a moderated editor.
The image above shows how pending revisions are shown.
This image shows what it looks like when an editor or admin views a revision submission.
Here’s another plugin for a specific purpose, if all you want to do is restrict content in particular categories for specific users – that’s exactly what it does.
Just check off the boxes as in the image above and it works like a charm.
Maybe a full blown membership plugin is just more functionality that you need. The User Specific Content plugin allows you to specify people by username or role that should view certain post or page content.
This can be a helpful plugin if you have a simple organizational or non-profit website, where maybe only leaders should be able to view certain sections of the website. This plugin would be great if you have interns, or for a church, or community organization. It has a shortcode, so it’s easy to implement.
In the image above you’ll see some simple general settings. You can set the warning message shown when content is blocked, but more importantly you can choose what to block. If you block “the_content” hook, you are blocking the full post pages. If you block “the_excerpt” you are blocking the archive and excerpt pages from showing the content too. You might want to show excerpts, but block the full posts (or both). The metabox settings allow you to choose whether or not to show and be able to filter access for username and / or user role. You can do one or the other (or both).
In the image above you see the user specific box that’s shown in post and page edit screens (below the content area) once the plugin is installed. To limit content, open a page or post to limit, andthen choose your options. In this example you can limit by user role, user name, logged in users only, none logged in users, and you can choose a specific content blocked message (overriding the default).
Advanced Access Manager is more of a full featured plugin for limiting access to content and / or functionality. You can easily limit access to any part of your website front end or back end. It even works with WordPress multisite. This of this plugin as a content manager/limiter and roles and capabilities editor all rolled into one.
Need to limit access on the front end to specific roles? You can do that. Need to hide certain parts of wp-admin from some users? You can do that. Need to create custom roles and give some people additional functionality like the ability to install or edit a theme? You can do all of that and hundreds more things.
The image above shows the tab where you can edit metaboxes, and you can see that there are other tabs and a LOT more options to configure. This is a very full featured plugin with high ratings and more than 73,000+ downloads.
Here’s a plugin that serves only one specific purpose – it removes all references to admin accounts to all other user roles. If you create or manage websites for clients – this probably exactly what you need. This is a relatively new plugin that boasts support for configurable permissions and multisite support in the next release.
Adminimize is a plugin that allows you to hide unnecessary items from the WordPress backend. You can customize nearly anything you want on the wp-admin dashboard.
In the image above you see some of the default options – like the ability to exclude a multisite super-admin in the plugin options. You can also hide the default wp-admin header, footer, timestamp, advice in footer – you can even deactivate the default dashboard (and redirect to another admin page) if you have an extremely customized site.
In the image above you see some of the global options for deactivating certain items for specic roles – like the admin bar, favorite actions, screen-meta, screen options, contextual help, or even the admin color scheme. Easily prevent any role from seeing or using these options.
There are many more options than we could possibly display in this one post for this plugin, but to show how exhaustive they are – the image above shows (some of the) options you can change for a post (by role). You can deactivate the ability of any role to do just about anything – anywhere.
Let’s say in this example you want to remove the ability to change the permalink (slug) by all users. It’s an easy one-click for whatever role you want. You could disable tags, categories, the HTML editor button – ANYTHING. These same options exist for pages, as well as any custom post types you have setup.
One very unique feature of this plugin is that under the “menu options” subheading, every single plugin that has a menu is listed – and you can deactivate that from view from any role you want.
The reason that this is unique is the way you can use it. Let’s say you’ve been trying to figure out for some time how to disable the ability to use a particular plugin for some users. You may have fiddled with trying to create a custom role and then tried to figure out how to remove their ability to use that one plugin (but you want the rights for them to user the other ones to remain). Maybe you have one plugin you want users to have access too, but you don’t want them to be able to use certain sub-menus. This can be a very, very frustrating thing to try and achieve.
Using “Adminizmize” you could just deactivate that plugins menus and-or sub-menus from displaying and voila – problem solved!
Whether you create websites for clients, or have a website with some type of membership or user community – the need to communicate information at appropriate times always exists.
I can’t count the number of times clients begged me for some type of “user manual” for WordPress. I’ve also had clients that had a need to communicate to website members certain types of information – say for a group, school, church, non-profit, or author based website.
In the image above you see the creation screen for a “Site Note”. Once you install and activate the plugin – you’ll see a sidebar entry (custom post type) called “Site Notes”. You give it a title and content just like you would a post.
Then in the meta-box below the content box you’ll see you have some checkboxes to show where this message will be displayed. It could be a dashboard widget, you can hide the title, and you can choose which roles to show it for. You can also choose to show it in the screens for things as well, such as edit screens, new page screens, or search screens for posts, pages, attachments, revisions, etc.
In the image above you see probably the greatest benefit of using this plugin. You can compile a large amount of these site notes together, and then easily generate an internal “website instruction manual” for your client or client’s users. Check out the top left of that image above – you’ll see the link is placed in the sidebar “Dashboard – Site Instructions”. This is a plugin I truly wish was around years ago, and it has a myriad of uses.
There are a lot of admin bar plugins out there for WordPress. One of first we used was Disable Admin Bar by OZH. It does it’s job, simply disabling the admin bar from front end display.
However, if you need more options we recommend using WP Custom Admin Bar. You can easily enable and disable the admin bar display, but you can also do it by role. In the image above you’ll see you can also easily add CSS code to the bar for quick customizations as well. This is great if you want to style the bar to better fit the look and feel of your website.
If you’re using Buddypress you might want to try the BP GTM System. GTM stands for “Group Tasks Management” where you can add responsible people, attach files to tasks, and create projects and discussion posts. You could use this for nearly anything, but at first glance you might think of it as a free alternative to something like basecamp.
For WordPress Multi-site you might try the Multisite User Management plugin that allows you to assign different roles to users in a multisite installation.
You can also use the User Management Tools plugin for multisite if you have a need to add users in bulk and assign them a role.
Do you have favorite plugins for WordPress roles and capabilties that you use? What are they?