A wise man once said, “With great power comes great responsibility.” In WordPress this comes in the form of user roles which permit different access levels to parts of a WordPress site.
The principle of least privilege in IT is a good one to follow. Only the most trusted users should have the greatest access, so that the integrity and security of a site or network of sites can be preserved.
What are the WordPress user roles?
WordPress has six built-in user roles. They are:
Super Admin: multisite only; has network administration capabilities.
Administrator: the top-level role for a single site; can perform all actions, except where multisite is enabled.
Editor: can create, edit, publish and delete posts and pages, moderate comments and upload files.
Author: can publish their own posts, and upload files.
Contributor: can draft and edit their own posts.
Subscriber: can log in and edit their profile only.
Roles are associated with capabilities. The more capabilities a user role has, the more actions they can perform.
Imagine a school. A janitor will have keys to access different rooms in the school.