Set Up Your Team & Permissions
Learn how to invite team members, assign roles, and configure granular permissions to keep your WordPress environment secure and efficiently managed.
Step 1: Invite Team Members
Add users via email
Navigate to Settings > Team and click Invite Member. Enter the email addresses of developers, editors, or analysts who need access.
Invitations are valid for 7 days. Users will receive a secure link to set their password and complete SSO if enabled.
Step 2: Understand Built-in Roles
Wp Admin provides four default roles mapped to WordPress capabilities. Choose based on least-privilege principles.
| Role | Access Level | Key Permissions | Typical Use Case |
|---|---|---|---|
| Admin | Full | All settings, billing, team management | Agency owners, CTOs |
| Editor | Content | Posts, pages, media, plugins (safe updates) | Content teams, marketers |
| Developer | Technical | Theme files, database, staging, advanced settings | WP developers, engineers |
| Viewer | Read-only | Dashboard, reports, audit logs | Analysts, clients, auditors |
Step 3: Configure Custom Permissions
For teams requiring granular control, bypass default roles using our capability matrix. Toggle individual permissions under Settings > Permissions > Custom.
// wp-admin-permissions.json { "role_name": "Content_Lead", "capabilities": [ "edit_posts", "publish_pages", "upload_files", "view_reports", // Explicitly denied: "-delete_posts", "-install_plugins" ] }
Step 4: Verify & Lock Down Access
Run a permission audit
After assigning roles, use the Security Scanner to verify no unauthorized access points exist. Enable IP Restriction and Session Timeout for sensitive environments.
- Review active sessions in Team > Active Users
- Revoke expired tokens via Settings > API & Tokens
- Export audit logs for compliance (GDPR/HIPAA)
#marketing, #dev). This enables bulk permission updates and targeted notifications.Still have questions?
Our support team is available 24/7 to help you configure permissions correctly.