WordPress User Roles Explained: Why Access Levels Matter More Than You Think

Traverse Web designs websites on a WordPress platform using a custom theme. One of the many built-in features of WordPress is its user role management system, which determines exactly what each user can (and cannot) do on your website.

Understanding WordPress user roles is essential for anyone who owns or manages a website. Giving someone too much access can lead to accidental changes, broken functionality, or even security issues. Giving someone too little access can make their job harder than it needs to be. The key is choosing the right role for the right person.

How We Handle Access at Traverse Web

When development begins, an Administrator account is created for our team. We use this access during development to design, build, and configure your website properly.

Once your site goes live and is hosted with us, we require continued Administrator access. This allows us to:

  • Perform WordPress core updates
  • Update plugins and themes
  • Apply security patches
  • Troubleshoot issues if something goes wrong

Most hosting companies or webmasters will give you Administrator access if you ask—and many do this automatically. However, they’ll also tell you (often in the fine print) that if something breaks due to changes you made, there will likely be a fee to fix it.

In short: be very careful in areas of your website you’re not familiar with.

If we designed or developed your site, we provide training on using the WordPress dashboard (the backend). We’ll clearly show you:

  • Which areas are safe to update
  • Which areas you should avoid
  • How to make content changes without risking the site’s structure or functionality

WordPress User Roles Explained

Administrator

The Administrator role is the master key to your website.

This is the most powerful user role in WordPress and should be assigned sparingly. Ideally, there should only be one or two Administrators on a site.

This role is typically reserved for:

  • Your website designer/developer
  • In some cases, the site owner

An Administrator has complete control over every aspect of the website, including:

  • WordPress core updates
    These should always be done carefully and with a full backup. Major updates are best handled by your webmaster.
  • Themes & plugins
    Full control over your site’s design and functionality—including access to the code.
  • User management
    Add, delete, or modify users and change their roles.
  • Site settings
    Access to all settings that control how your site looks and functions. One wrong click can significantly affect—or even take down—your website.
  • Full content access
    Manage posts, pages, media, images, and custom post types.

Because of this power, Administrators should only be people who truly need that level of access.

Editor

An Editor has full control over your site’s content—but not its structure or settings.

This role is ideal for:

  • Site owners
  • Employees responsible for managing content

Editors can:

  • Create, edit, publish, and delete posts and pages
  • Upload and manage media (images, PDFs, etc.)
  • Approve content submitted by Contributors
  • Moderate comments

Editors cannot:

  • Change themes or plugins
  • Access site settings
  • Manage users

This makes Editor one of the safest and most practical roles for day-to-day site management.

Author

An Author can manage only their own content.

This role is great for:

  • Blog writers
  • Contractors creating ongoing content

Authors can:

  • Write, edit, publish, and delete their own posts
  • Upload and manage their own media files

Authors cannot:

  • Edit pages
  • Edit or approve other users’ content
  • Moderate comments
  • Access site settings

Contributor

A Contributor can write content, but cannot publish it.

This role is best for:

  • Guest bloggers
  • New writers
  • Anyone whose content you want to review before publishing

Contributors can:

  • Write and edit their own posts (before publishing)

Contributors cannot:

  • Publish posts
  • Upload media files
  • Edit pages or settings

Subscriber

A Subscriber has the most limited access.

Subscribers can:

  • Log in
  • Manage their own profile
  • Change their password

This role is typically created when:

  • Someone signs up for a newsletter
  • A user registers to access gated content, coupons, or downloads

Subscribers cannot manage any part of your website.

Plugin-Specific Roles

Yoast SEO Roles

If you use Yoast SEO, it includes additional roles:

SEO Manager

  • Full access to all Yoast SEO settings
  • Ideal for third-party SEO companies

SEO Editor

  • Can manage SEO settings on individual posts and pages
  • Can edit meta descriptions, focus keywords, and alt tags
  • Cannot change global or advanced Yoast settings
  • Cannot edit the actual page content

WooCommerce Roles

If you run an online store, WooCommerce adds its own roles.

Shop Manager

A Shop Manager can run your store without full administrative access.

Shop Managers can:

  • Manage WooCommerce settings (shipping, payments, emails)
  • Create and manage products (pricing, inventory, images)
  • View WooCommerce reports (orders, customers, revenue)

They have Editor-level access plus WooCommerce-specific tools—making this role ideal for store managers.

Customer

Customers are automatically assigned this role when they create an account.

Customers can:

  • Manage their account information
  • View current and past orders

This role is similar to a Subscriber, with added store-related access.

Best Practices for WordPress User Roles

  • Start with the lowest access level possible
  • Increase access only if necessary
  • Assign Administrator roles only to essential personnel
  • Remove user access immediately when someone leaves your company
  • Require strong passwords for all users

A strong password should:

  • Be at least 8 characters (longer is better)
  • Include uppercase and lowercase letters
  • Include numbers and symbols ($, &, #, @)

Remember: you’re giving users the keys to your house. Weak passwords or incorrect access levels can open the door to serious problems.

We Keep Your Site Safe

Traverse Web offers secure website hosting with 99.9% uptime and multiple security measures in place to minimize risk. What we can’t control is a website owner using a weak password or giving the wrong level of access to the wrong person.

If you’re unsure what type of access an employee or contractor needs, give us a call at 231-409-5999 first. We’re happy to help set up the correct user role and recommend secure password options.

Don’t leave the door open for just anyone to stop by and have a party.

Download our quick reference guide for WordPress User Roles.