WordPress comes with preset user roles, but the default capabilities open vulnerabilities. By customizing permissions, you can reduce security risks and better structure teams.
Dangers of Default Roles
Out of the box, Authors and Editors have broad publishing and editing privileges. Even lesser roles like Contributors retain unnecessary abilities that pose security threats if their accounts are compromised.
According to Sucuri, compromised user credentials are the root cause behind 64% of WordPress infections. The more users, the more danger.
Here are some key statistics that highlight the prevalence of attacks on WordPress user accounts:
- Over 2 million WordPress sites are hacked per year (Jetpack)
- 83% of malware attacks target WordPress (Website Planet)
- Compromised user accounts drive 35% of these attacks (Wordfence)
By locking down permissions, removing unneeded capabilities, and monitoring user activity logs, you minimize vulnerabilities.
Capability Overview by Role
Here is a comparison of the different default user roles and what core actions they can perform:
| Capability | Administrator | Editor | Author | Contributor |
|---|---|---|---|---|
| Publish posts | ✅ | ✅ | ✅ | ❌ |
| Edit others posts | ✅ | ✅ | ❌ | ❌ |
| Delete/Unfiltered HTML | ✅ | ✅ | ❌ | ❌ |
| Upload media | ✅ | ✅ | ✅ | ❌ |
| Manage options | ✅ | ❌ | ❌ | ❌ |
Notice how even Contributors and Authors retain uploading and publishing abilities by default. This leaves them open to injecting malicious scripts, defacing sites, and launching spam campaigns if hacked.
By customizing these roles, removing unnecessary capabilities, and monitoring accounts, you can avoid becoming part of the negative WordPress security statistics mentioned earlier.
Customizing Roles for Certain Site Types
Here are two examples of sites that benefit from tailored user roles and permissions:
Ecommerce Sites
Ecommerce stores need to allow customers limited access to post reviews, manage orders, and view purchase history.
Rather than overload the default Subscriber role, it helps to create a custom Customer role. This role would grant abilities like:
- Read product reviews
- Publish/edit own reviews
- View own order history and details
- Manage address book and payment methods
But restrict sensitive publishing, media uploading, and admin capabilities. Certain plugins like WooCommerce have customer-specific roles to help stores configure this access.
Membership Sites
For sites with premium content, custom roles help manage member permissions once logged in.
A tailored Member role might grant access to:
- Read full article content
- Download digital media like ebooks/video
- Participate in community forums
- Edit own forum replies
Without providing backend editing or publishing rights. Plugins like MemberPress enable configuring these member roles.
In both examples above, custom roles provide just the right user access needed for the site functionality and purpose.
Technical Capability Reference
For developers and advanced users, the WordPress documentation provides a full Roles and Capabilities reference defining all permissions that can be managed.
Some examples capabilities include:
- activate_plugins – Activate plugins.
- delete_others_pages – Delete other authors pages.
- delete_private_pages – Delete private pages.
- edit_dashboard – Access the dashboard.
There are over 50 distinct capabilities that can be configured across user roles. Review this list to identify unnecessary capabilities for removal from lesser user roles.
Conclusion
Leaving default user roles intact introduces avoidable security holes. WordPress sites can leverage custom roles and permissions to properly structure teams and reduce vulnerabilities.
The key is to strike the right balance between usability for authors, members, admins and locking down permissions to just what is essential for each persona. Monitoring activity logs and running security checks regularly also helps harden sites against potential attacks.
Let us know in the comments if you have any other questions!
