User Management

What user management is used for

User Management allows administrators to control who can access the site and what they can do. This helps maintain site security and ensures that people only have access to the tools they need. Because user permissions affect the entire site, managing users should always be done carefully.

You may use it to:

• Create accounts for new team members
• Assign or update user roles
• Update a user’s name, email, or password
• Remove users who no longer need access
• Transfer content ownership when staff changes

Each user account should belong to a single person. Shared accounts should be avoided to maintain accountability and security.

Some sites only create accounts for their content editors and administrators, while others may include customers or members who have accounts on the site. For example, ecommerce stores, learning platforms, or membership sites may include large numbers of registered users who log in to access services or purchases. In these cases, user accounts may serve different purposes than content editing.

---

Accessing user management

User management is located in the dashboard.

1. Go to Users → All Users
2. The Users list will display all registered accounts on the site

From this screen you can:

• View all users
• Edit user profiles
• Change roles
• Add new users
• Remove users

Depending on your user role, you may have limited access to these features.

---

Key sections of user management

Users list

The Users list displays all registered users on the site.

From this screen you can:

• View user names and email addresses
• See each user’s role
• Search for specific users
• Edit user accounts
• Delete users (administrators only)

This screen is primarily used by administrators to manage access to the site.

Adding a new user

New users can be added from the Users → Add New screen.

When creating a new account, you will typically provide:

• Username — unique login name for the user
• Email address — used for login and password reset
• First and last name (recommended)
• User role — determines permissions

WordPress can automatically send the new user an email allowing them to set their password.

User profile settings

Each user has a profile page where personal account information can be updated. Users can also edit their own profiles from the top toolbar user menu → Profile.

Profile settings include:

• Display name
• Email address
• Password
• Personal profile information
• Biographical Info

These settings control how the user appears within the site and how they access their account.

---

Understanding user roles

User roles determine what actions a user is allowed to perform in WordPress.

WordPress includes several default roles, such as Administrator, Editor, Author, and Contributor. However, some sites may include custom roles created by plugins or site-specific functionality. These roles are designed to give users very specific permissions based on how the site is used.

The exact roles available on your site may vary depending on its features and configuration.

Default WordPress roles

WordPress includes several built-in roles that define common permission levels.

Administrator

Administrators have full access to the site. Because this role has the highest level of access, it should be assigned carefully.

They can:

• Manage users
• Change site settings
• Install or configure plugins
• Edit all content

Editor

Editors can manage and publish content across the site. Editors typically cannot change site settings or manage users.

They can:

• Create and edit pages and posts
• Publish and update content
• Manage content created by other users

Author

Authors can create and publish their own content. They cannot edit content created by other users.

They can:

• Create and edit their own posts
• Upload media files
• Publish their own content

Contributor

Contributors can write content but cannot publish it. An Editor or Administrator must review and publish the content.

They can:

• Create and edit their own posts
• Submit content for review

Subscriber

Subscribers have the most limited access.This role is commonly used on sites with member accounts, customer accounts, or restricted content.

They can:

• Log in to the site
• Manage their own profile

Custom roles

Some websites include additional roles beyond the default WordPress roles.

These roles are often created by plugins or custom functionality to support specific workflows such as:

• Ecommerce management
• Membership systems
• Course platforms
• Customer accounts

Because these roles are site-specific, their permissions and capabilities may vary.

---

Best practices

Create individual user accounts

Each person should have their own login. Shared accounts make it difficult to track changes and reduce site security.

Assign the lowest role necessary

Give users the minimum permissions they need to perform their work. This helps prevent accidental changes to site configuration.

Remove access when it is no longer needed

If someone leaves the organization or no longer needs access, remove their account to maintain site security.

Keep user information updated

Ensure email addresses and display names are accurate so that authorship and notifications function properly.

Transfer content ownership when removing users

When removing a user from the site, make sure their content is reassigned to another user. Many WordPress sites include pages, posts, or other content tied to the user who created them. If a user account is deleted without reassigning this content, it may also be removed from the site.

When deleting a user, WordPress will prompt you to Delete all content, or Attribute all content to another user. In most cases, you should attribute the content to another user so that existing pages, posts, or media remain available. This is especially important when staff members leave an organization or change roles.

---

Related learning resources

• https://wordpress.org/documentation/article/users-screen/