WordPress provides many different user authorizations for your needs. For example, an authorized user can create a post, create a page or upload a plugin, while another user can only publish a post. For some security reasons, we may need to change the privileges of users. However, WordPress does not provide detailed configuration options for this in the admin panel. If you have coding knowledge, you can do it through the code or you can easily change your authorization settings with the plugin that we will explain in this article.
First, let’s explain the authorizations of the default roles in WordPress.
User roles and their authorizations in WordPress
This is the highest-level user role, having all of the permissions in WordPress. Users with the administrator role can perform all kinds of operations in the WordPress administration panel. For example, they can create posts, create pages, install plugins and change other users’ privileges.
It is the user role that has the authority to create, edit and publish posts in the WordPress administration panel. They cannot do other actions in the panel. For example, they cannot install plugins and change other users’ privileges.
It is the user role that only has the authority to create, edit and publish their own posts in the WordPress administration panel. Users with the Author role can only create and publish their own posts, but cannot edit other users’ posts.
It is the user role that is authorized to log in to the WordPress administration panel, but not authorized to create and publish posts. Subscribers can only edit their own profiles.
Changing permissions of user roles in WordPress
The User Role Editor plugin can be used to change user privileges. You can read how to install and use the plugin in the continuation of the article. In this scenario, we will add an authorization rule to grant the Editor role to install, deactivate and remove plugins.
Step 1: Find the User Role Editor plugin
Click the Add New button in the Plugins section. Type “User Role Editor” in the Search field. Install the add-on by clicking the Install Now button.
Step 2: Activate the plugin
After the installation is completed, activate the plugin by clicking the Activate button.
Step 3: Go to User Role Editor settings
A section called User Role Editor has been added to the Users section in order to make the plugin settings; go to this area.
Step 4: Choose the role to change its permissions
We will perform the authorization change on the Editor role. To view the relevant rule set, select it from the Select Role and change its capabilities field. By default, Editor users cannot manage plugins. Go to Core > Plugins and check the settings.
Step 5: Change the permissions of the role
Here you can grant detailed permissions for the target user role. We are activating the plugin management for the Editor role; tick all the options and press the Update button.
Step 6: Check the permission changes on the role
All the above changes were made on an admin user. To view the change you have made, log in as an Editor user and check that the Plugins section has arrived. When we check in the demo environment, we see that the Plugins section is visible to the Editor role.