WordPress uses a role-based permission system. This means each user account is assigned a role that determines what they can and cannot do inside the website.

Understanding roles is especially important for government websites, where access control, accountability, and content integrity matter.

This guide explains the most common WordPress roles and how they apply to municipal or government site management.

Why User Roles Matter

User roles help:

• Protect sensitive content

• Prevent accidental changes

• Maintain accountability

• Limit access to technical settings

• Ensure proper workflow approvals

Not every user should have full control over the website.

The Five Default WordPress Roles

WordPress includes five primary roles by default.

Administrator

Administrators have full control over the website.

They can:

• Edit all pages and posts

• Manage users and roles

• Install or remove plugins

• Change themes

• Adjust site-wide settings

• Modify URL structures

• Configure menus

• Access all content

On a government website, this role is typically reserved for:

• IT staff

• Web administrators

• Authorized vendor partners

Administrator access should be limited and carefully managed.

Editor

Editors can manage content but cannot change site settings.

They can:

• Create and edit all pages and posts

• Publish content

• Edit other users’ content

• Manage media files

• Moderate comments (if enabled)

On a government site, this role is often appropriate for:

• Communications directors

• Public information officers

• Department heads responsible for publishing content

Editors cannot install plugins or modify technical configurations.

Author

Authors can create and manage their own content.

They can:

• Write and edit their own posts

• Publish their own posts

• Upload media

They cannot:

• Edit other users’ content

• Change pages created by others

• Modify site settings

On a government website, this role may be appropriate for:

• Department staff submitting announcements

• Public affairs contributors

• Committee liaisons publishing updates

Note: Authors typically work with Posts, not Pages.

Contributor

Contributors can write content but cannot publish it.

They can:

• Create new posts

• Edit their own drafts

They cannot:

• Publish content

• Upload media

• Edit others’ content

On a government website, this role works well for:

• Staff drafting announcements

• Interns or temporary contributors

• Department representatives submitting updates for review

An Editor or Administrator must review and publish their work.

Subscriber

Subscribers have the lowest level of access.

They can:

• Log in

• Edit their profile

They cannot:

• Create or edit content

• Access site management areas

On most government websites, Subscribers are rarely used unless:

• The site includes restricted content

• There is a private portal area

Custom Roles

Some government websites include custom roles created by plugins or developers.

Examples might include:

• Department Editor

• Agenda Manager

• Clerk Access

• Board Member Access

These roles are tailored to specific workflows and responsibilities.

If your site includes custom roles, consult documentation before making changes.

Choosing the Right Role

Always assign the lowest role necessary for the job.

For example:

• If someone only drafts updates → Contributor

• If someone manages department pages → Editor

• If someone manages the entire site → Administrator

Limiting access protects the site from accidental or unauthorized changes.

What Roles Do Not Control

Roles do not:

• Change website design

• Automatically create approval workflows (unless configured)

• Control hosting or domain settings

Roles strictly control WordPress access.

How to See Your Role

To check your role:

1. Click Users in the left-hand menu.

2. Click your profile.

3. Look for the Role field.

If you do not see certain options in the Dashboard, it may be due to your role.

Why Government Websites Must Be Careful

Government websites often include:

• Public notices

• Legal documents

• Policy updates

• Council meeting agendas

• Emergency alerts

Improper permissions can:

• Publish incorrect information

• Delete critical content

• Disrupt compliance requirements

• Create public confusion

Roles help prevent these risks.

Best Practices for Government Site Access

• Limit Administrator accounts

• Review user access annually

• Remove access for former employees promptly

• Avoid sharing login credentials

• Use strong passwords

• Consider two-factor authentication

Access control is part of cybersecurity responsibility.

A Simple Access Model for Government Sites

Many municipalities use a structure like:

• IT / Vendor → Administrator

• Communications Director → Editor

• Department Staff → Author or Contributor

• Public Users → No login access

This keeps authority structured and accountable.

Summary

WordPress user roles determine what each person can do inside your website.

The five standard roles are:

• Administrator

• Editor

• Author

• Contributor

• Subscriber

On government websites, carefully assigning roles protects content accuracy, security, and compliance.