User management with WordPress

Everything about the user administration in WordPress - understandable and compactly explained in the WordPress Tutorial of

WordPress is designed so that you can use the blog system with several users at the same time. Different user roles and user rights allow users to be assigned special editing rights. The administrator is able to control the user administration, create and remove users. The rights management can be granularly controlled by additional plug-ins.

Creating Users in WordPress

WordPress is designed as a multi-user system so that different users can simultaneously edit a WordPress blog and, for example, write articles. However, since not every user should have the same rights, you can assign different rights or roles to your users in WordPress - for example, if only certain users are allowed to publish articles or change the basic settings of your blog. More about this later, now we will create a new user. Click on "User" in the left navigation bar:

User management in WordPress
User management in WordPress

The button "Add new" appears in the main display area, the same link can also be found in the left navigation. The dialog for creating a new user follows.

In the following screenshot all fields are already filled out, we will go into the meaning of the individual fields in more detail.

Create new user in WordPress
Create new user in WordPress


With the user name the user logs in to WordPress. The user name must not contain any spaces and should not (as in the screenshot) allow conclusions to be drawn about the name of the user. Security tip: Use a "nonsensical" string for the user name, because if hackers know the user name, they only have to find out the password.


Enter the user's e-mail address here, and the password and login will also be sent to this e-mail address. Each e-mail address may only be used once in a WordPress installation.

First name and surname

Enter the first name and surname here. If you do not enter a name here, the user name will appear in the contributions of the user. Security tip: As described above, the username is half the battle for hackers to hack your blog. If the user does not want to publish his name on the blog, he can define a nickname in his profile, this will then appear instead of the real name under the posts


The user's website appears in the comments made by the user. The field does not need to be filled in. It makes sense, especially for guest authors, to specify a website here, as links to the author/commentator are created.


WordPress generates (as you can see in the screenshot) very strong passwords. After saving the user data, the new user receives a mail with his login. The user is asked to enter a new password when logging in for the first time - it is important that a strong, i.e. secure password is chosen here as well.

The blog operator also receives a mail informing him of the new user. The mail contains the user name and e-mail address, but not the password. The users are therefore solely responsible for their passwords.

User roles in WordPress

As already mentioned, different roles can be specified for each user. The roles grant different rights to the users.


A subscriber is an (almost) normal frontend user who can read and comment on posts, and can also edit his or her own profile. However, comments from subscribers must be activated by the blog operator itself if comments are not automatically activated.


Employees are allowed to do whatever a subscriber is allowed to do, in addition you have the right to write articles. However, they are not allowed to publish these articles themselves. Employees" cannot upload pictures to the media library, an author is required.


In addition to the employee rights, an author may publish and edit his own contributions, upload and delete images. Authors' comments are published directly.


Like authors, editors may publish articles and upload images to the media library. Since the editor is only one level away from the administrator, he can create pages and edit categories in addition to author rights. The administrator is not allowed to make deeper changes to the themes or the basic settings.

Tip: Even if you run your blog as a solo entertainer, you should create an editor user for your daily work. This way you can be sure that you don't "mouse-slide" in the heat of battle with your administrator user and accidentally change important settings of your blog.


The users with the role "Administrator" have all rights! An administrator can also change themes, administer the basic settings and delete the entire WordPress blog. This user role is usually only assigned to one person. Use this role only if you want to set basic things in your blog, otherwise you should work with an editor user as mentioned above.

To create the new user now, simply click on the blue button "Create new user". You can later grant or revoke different roles and therefore additional rights for each user.

Edit users - from the user's point of view

Users can edit their own settings by clicking on the "Profile" link in the left-hand navigation bar:

Edit user profile
Edit user profile

In addition to the fields already described, the user can provide information about his instant messenger services and leave "biographical information". These biographical data appear in some templates in the author box.

Further down the user can create or change a new profile picture via the service "" and create a new password. .

Change profile picture and password
Change profile picture and password

The function "Log off everywhere else" is not immediately visible to everyone. Actually, it's easy: You're a globetrotter and recently signed up for your WordPress blog in an internet cafe in Mumbai, but didn't sign off? With this function you can unsubscribe the computer in Mumbai from your blog..

The screenshot shows how important it is to choose a meaningful title for your WordPress blog. The title should clearly describe to the user which topic the page is about. In addition, the title is also relevant for the search engine findability of your site. An important keyword that your users are looking for should also be included.

Edit users - from the administrator's point of view

As administrator you click on the link "user" in the main navigation on the left side, you get an overview of the created users. If you hover your mouse over the user name, links to edit, delete and view the profile will appear.

User table in WordPress
User table in WordPress

Click on "Edit" to edit the user. As administrator you can change all settings of the user. Here you can now also assign a different role to the user in the "Role" field. The following screenshot shows a section of a user's profile:

Profile settings of a user in WordPress
Profile settings of a user in WordPress

Additional plugins for user management

The rights management in WordPress is simple and absolutely sufficient for most applications. For those who want a little more control over their users, there are numerous plugins, a few of which we would like to introduce to you.

User Role Editor

The "User Role Editor" allows you to easily change user roles and functions. Select the check boxes of the features you want to add to the selected role and click the "Update" button to save your changes.

Differenzierte Rechteverwaltung im UserRole Editor
Differentiated rights management in the "User Role Editor"

After installing the plugin the user menu gets a new sub-item. Via the navigation point "User Role Editor" you get to the settings. You can also access the settings via the "User rights" link in the user table.

Add new roles and adjust the functions to your needs. Superfluous roles can be deleted if there are no users assigned this role. The role assigned by default to each newly created user can also be changed. The rights can also be assigned at user level. Several roles can also be assigned to the user at the same time.

To the plugin website:


"Members" is a user and role management plugin that gives you full control over the permissions of your website. This plugin allows you to edit roles and their permissions, duplicate existing roles, assign one or more roles to each user, or block post content. It's even possible to make your website completely private.

Role creation in Members
Role creation in "Members"

The administration of the roles with "Members" is somewhat easier than with "User Role Editor", since the individual authorizations are listed in plain text and not as a cryptic "database field". Also a further submenu appears under "User". Via the link "Roles" and "Add roles" the existing roles are administered respectively new roles are created

Zur Plugin-Website:

Press Permit Core

Press Permit is an advanced content permission system. It is based on the Role Scoper, but features major improvements in versatility, performance and ease of use.

Press Permit with own role administration
Press Permit with own role administration

Press Permit is much more extensive and complex to use than the plugins presented here so far. With the installation a new navigation point is created in the left main navigation "Permissions".

To the plugin website:


In the user administration you set up users and edit their rights. Via different roles you can assign individual roles to each user. For more detailed rights structures you can install additional plugins. When creating users, you should pay attention to the following safety instructions:

Safety instructions

  • Choose a username that does not allow any inferences about your real name.
  • Enter the real name for each user, otherwise the user name will be displayed in his contributions. Hackers can try to log in with the username. Users can also enter nicknames that are displayed instead of their real name.
  • Choose a secure password, it's best to use the suggested passwords from WordPress
  • Create an additional user with the role "editor". With this user you can follow your daily work in the blog, but you don't run the risk of accidentally "breaking something".

Further articles:

We are pleased if we could arouse your interest in WordPress. The following list contains some links to get started with your WordPress page:

Other products you might be interested in
Website Builder
Create your own website without any programming knowledge.
Create a Website
Concentrate fully on your project! Performance and security included.
Optimize your Web site and achieve top rankings.
Website optimization
SSL Certificates
For your site, more safety protect yourself from hacker attacks.
Quickly protect