Easy MCP AI
Download Plugin
Home / Blog / WordPress User Roles: The Complete Guide (2026)
Guides 10 min read

WordPress User Roles: The Complete Guide (2026)

Table of Contents

Every WordPress site operates on a role-based permission system. When someone registers or is added to your site, they get a role — and that role determines exactly what they can and cannot do inside the WordPress admin. Get roles right and your site runs with the right people having the right access. Get them wrong and you either lock contributors out or hand too much power to the wrong accounts.

This guide covers all six default WordPress user roles, what capabilities each one includes, how to assign and change roles, when custom roles make sense, and how AI via Easy MCP AI can help you audit and manage WordPress users through conversation.

What Are WordPress User Roles?

WordPress user roles are predefined access levels that control what actions a logged-in user can perform. Each role bundles together a set of capabilities — individual permissions with names like publish_posts, edit_others_posts, or manage_options. When a user is assigned a role, they inherit every capability that role includes.

WordPress ships with six default roles:

  1. Super Admin
  2. Administrator
  3. Editor
  4. Author
  5. Contributor
  6. Subscriber

These are not a strict hierarchy where each role is simply “more powerful” than the next. Rather, roles define different areas of responsibility. An Editor has broad content control but no access to site settings or plugins. An Author can publish and manage their own posts but cannot touch anyone else’s.

The default role assigned to new registrants is controlled under Settings → General → New User Default Role. By default, this is set to Subscriber.

The 6 Default WordPress User Roles Explained

1. Super Admin

Super Admin is a Multisite-only role. On a WordPress Multisite network, the Super Admin has access to all capabilities across all sites in the network — including network-wide capabilities that no other role can access:

  • create_sites — create new sites on the network
  • delete_sites — delete sites from the network
  • manage_network — access the Super Admin menu and upgrade the network
  • manage_sites — add, edit, delete, archive, activate, and deactivate sites
  • manage_network_users — manage users across the entire network
  • manage_network_plugins, manage_network_themes, manage_network_options
  • upgrade_network, setup_network

On a single-site WordPress installation, there is no Super Admin role. The Administrator takes on all available administrative capabilities instead.

2. Administrator

The Administrator role gives full control over a single WordPress site. An Administrator can do everything the site’s WordPress installation supports, including:

  • Install, activate, update, and delete plugins and themes
  • Edit plugin and theme files directly
  • Create, edit, and delete any user account
  • Manage all site settings (manage_options)
  • Publish, edit, and delete any post or page — including other users’ content
  • Switch and customize themes
  • Import and export site data
  • Moderate comments
  • Manage categories, tags, and links

On a single-site install, Administrators also have capabilities like install_plugins, edit_users, create_users, delete_users, and unfiltered_html — capabilities that belong exclusively to the Super Admin in a Multisite environment.

When to use it: Only for site owners and trusted technical staff. Never assign Administrator to guest authors, clients reviewing content, or anyone who doesn’t need full site access.

3. Editor

The Editor role is built for content management. Editors can publish, edit, and delete any post or page on the site — not just their own — and moderate comments. They do not have access to plugins, themes, settings, or user management.

Key Editor capabilities (per official WordPress documentation):

  • edit_posts, edit_others_posts, edit_published_posts, edit_pages, edit_others_pages, edit_published_pages
  • publish_posts, publish_pages
  • delete_posts, delete_others_posts, delete_published_posts, delete_pages, delete_others_pages, delete_published_pages
  • read_private_posts, read_private_pages
  • moderate_comments
  • manage_categories, manage_links
  • upload_files
  • unfiltered_html (single-site only — not available in Multisite)

When to use it: Managing editors, content leads, or anyone responsible for quality-controlling and publishing other people’s drafts.

4. Author

Authors can write, edit, publish, and delete their own posts only. They can upload files and media. They cannot touch anyone else’s content, moderate comments, or access site settings.

Author capabilities:

  • edit_posts, edit_published_posts
  • publish_posts
  • delete_posts, delete_published_posts
  • upload_files
  • read

When to use it: Regular contributors who publish their own content independently, without needing editorial oversight over other authors.

5. Contributor

Contributors can write and edit their own posts, but cannot publish them. When a Contributor submits a post, it enters a “Pending Review” state and requires an Editor or Administrator to publish it. Contributors also cannot upload media files.

Contributor capabilities:

  • edit_posts
  • delete_posts (their own unpublished posts only)
  • read

When to use it: Guest writers, new team members on probation, or anyone whose content needs editorial approval before going live.

6. Subscriber

The Subscriber role has the single capability: read. A Subscriber can log in, access the dashboard, and manage their own profile. They cannot create, edit, or delete any content.

When to use it: Members-only sites where registered users need to log in to access gated content — but shouldn’t have any publishing or admin access.

Capability vs. Role: Quick Reference Table

CapabilitySuper AdminAdministratorEditorAuthorContributorSubscriber
manage_networkyes
manage_optionsyesyes
install_pluginsyesyes*
edit_usersyesyes*
create_usersyesyes*
switch_themesyesyes
moderate_commentsyesyesyes
edit_others_postsyesyesyes
publish_pagesyesyesyes
upload_filesyesyesyesyes
publish_postsyesyesyesyes
edit_postsyesyesyesyesyes
readyesyesyesyesyesyes

*Single-site installs only. In Multisite, these belong to Super Admin.

Managing and Changing WordPress User Roles

Changing a user’s role

  1. Go to Users → All Users in the WordPress admin
  2. Click the user’s name to open their profile
  3. Scroll to the Role dropdown
  4. Select the new role and click Update User

You can also bulk-change roles: check multiple users on the Users list screen, use the Change role to… dropdown at the top, and click Change. This requires the promote_users capability.

Setting the default role for new registrations

Go to Settings → General and find the New User Default Role dropdown. The default is Subscriber. If you run a membership site or community where new users should be able to publish, you can change this — but exercise caution with Author or higher.

Adding users to your site

Administrators (and Super Admins on Multisite) can invite new users via Users → Add New. You set the role at the time of invitation. The create_users capability controls this.

Custom Roles and Role Plugins

The six default roles cover most use cases, but there are situations where you need something more precise — a “Shop Manager” who can edit WooCommerce orders but not touch posts, or a “SEO Editor” who can update post meta but not publish. WordPress lets you create custom roles using the add_role() function and modify existing role capabilities with add_cap() / remove_cap().

For a no-code approach, the official WordPress documentation lists several plugins for role management, including:

  • Members — granular capability assignment per role
  • User Role Editor — modify existing roles and add custom ones
  • Advanced Access Manager — fine-grained per-user and per-role control

These plugins expose WordPress’s native capability system through a UI, letting you build bespoke roles without writing code.

Managing WordPress Users with AI via Easy MCP AI

User management is part of WordPress’s 96 core WordPress tools in Easy MCP AI — the free, open-source plugin that turns your WordPress site into a fully compliant remote MCP server. Once connected to an AI client like Claude, you can audit and manage your users through plain-language conversation rather than clicking through admin screens.

This is the genuine angle: Easy MCP AI does not change WordPress’s role system — it gives you conversational access to the WordPress user management APIs that already exist. The 96 core tools cover posts, pages, media, menus, users, taxonomy, comments, blocks, revisions, meta, site settings, themes, templates, and custom post types.

What you can do with AI + Easy MCP AI

  • Audit who has what role — ask Claude to list all users with a specific role, spot misassigned Administrator accounts, or find users who have no role set
  • Find inactive accounts — surface users who registered but never posted, or who haven’t logged in recently
  • Check role distribution — get a count of how many users exist per role across your site
  • Gather user info — retrieve display name, email, registration date, and assigned role for any user in plain language

Example prompts after connecting

  • “List all users who have the Administrator role on this site.”
  • “How many users are registered as Subscribers versus Contributors?”
  • “Show me the user profile for [username] — what role do they have?”
  • “Which users were registered in the last 30 days and what roles were they assigned?”
  • “Are there any users with the Editor role who haven’t published any posts?”

Setup

Step 1 — Install Easy MCP AI from the WordPress plugin directory (free, no paid tiers).

Step 2 — Copy your MCP server URL from Easy MCP AI → Dashboard.

Step 3 — In Claude, go to Settings → Connectors → Add custom connector, paste the URL, and authorize via OAuth.

Step 4 — Open a conversation and start asking about your users.

All operations run through WordPress’s own capability checks — the same permission layer that governs every other admin action. Credentials are encrypted AES-256-GCM and stay on your own server.

For an overview of what MCP is and how the protocol works, see our MCP guide.

Key Facts

  • WordPress has 6 default roles: Super Admin, Administrator, Editor, Author, Contributor, Subscriber
  • Super Admin is Multisite-only — on a single site, the Administrator takes all available capabilities
  • Capabilities are the atomic permissions (e.g., publish_posts, edit_others_posts); roles are bundles of capabilities
  • Contributors can write posts but cannot publish them — content goes into Pending Review
  • Subscribers have only the read capability — dashboard access and profile editing, nothing more
  • Custom roles can be created with add_role() and modified with add_cap() / remove_cap()
  • The default role for new registrants is set under Settings → General
  • promote_users is the capability that enables the “Change role to…” bulk action in the Users list
  • Easy MCP AI’s 96 core tools include user management, giving AI clients conversational access to WordPress user data

Conclusion

WordPress user roles give you precise control over who can do what on your site. The six default roles — Super Admin, Administrator, Editor, Author, Contributor, Subscriber — cover the full spectrum from network administration down to read-only access. Understanding what each role can and cannot do prevents both over-permissioning (giving an Author administrator access) and under-permissioning (locking a managing editor into Contributor status).

For teams managing a WordPress site at scale, Easy MCP AI adds a conversational layer on top of your existing user management — letting you audit roles, check user data, and surface access issues through natural language rather than manual admin-screen searches.

Get Easy MCP AI from the WordPress plugin directory

Official Sources

Ready to control WordPress with AI?

Install Easy MCP AI on your site and connect Claude, Cursor, or any AI assistant in minutes.

Download Free Plugin Setup Guides →

Related Posts

Guides

WordPress SEO Plugins: The Complete Guide (2026)

Compare the best WordPress SEO plugins — Yoast, Rank Math, AIOSEO, SEOPress, and more — and learn how to edit SEO meta at scale with AI via Easy MCP AI.

 Guides

Claude MCP WordPress: The Complete Integration Guide (2026)

Connect Claude to WordPress via MCP in under 10 minutes. Step-by-step setup for self-hosted and WordPress.com sites, with security best practices, real prompts, and troubleshooting.

 Guides

What Is MCP? The Complete Guide to the Model Context Protocol (2026)

The Model Context Protocol (MCP) is the open standard that lets AI assistants like Claude take real actions in your tools. Here's how it works, why it matters, and how to use it on WordPress.

Newsletter

The AI + WordPress space moves fast. Keep up.

New tools, workflow ideas, and product updates — be the first to know what's next.

No spam, unsubscribe anytime.