User Roles & Permissions in WordPress
It is important to understand the user roles and permissions assigned to them for a WordPress website with multiple contributors. This post explains the user roles and permissions in WordPress in a simple way.

WordPress comes with built-in user management, allowing us to assign specific roles to users and control what users can and cannot do on the website. WordPress user roles define actions, also known as capabilities, that users are assigned on the website. In this post, we will explore how to manage user roles and permissions in WordPress and enhance the website's security.
How to Manage User Roles and Permissions in WordPress
WordPress comes with some built-in user roles, giving basic control over user roles and permissions. However, it is also possible to manually add custom user roles and capabilities for extra roles and permissions needed. We will walk through some steps to create, assign and remove user roles and permissions. WordPress offers the following default user roles:
- Admin: This role is intended for website owners and allows them full access to administrative features such as installing plugins, changing themes, editing code and managing all content and users of the website.
- Editor: This role is for senior contributors and allows them to publish, edit or delete any post, also allows them to moderate comments, manage categories and tags.
- Author: This role is for regular contributors and allows them to write, publish and edit their own posts.
- Contributor: This role can be used for guest writers, and it allows them to write and edit their own posts, but they cannot publish them.
- Subscriber: This role is ideal for membership websites where restricted content areas are in play. Users with this role can only manage their own profile and read content, but they cannot access any administrative features.
Create a User Role in WordPress
It is possible to add a role in WordPress using the add_role() function. The code snippet below will add a new user role, "Custom Moderator", which only allows to moderate comments.
add_action('init', 'add_custom_moderator_role');
function add_custom_moderator_role(): void
{
add_role(
'custom_moderator', // Role slug
'Custom Moderator', // Display name
[
'read' => true,
'edit_posts' => false,
'delete_posts' => false,
'moderate_comments' => true,
]
);
}Remove a User Role in WordPress
Just as adding a new role, it is simple to remove a role in WordPress using the remove_role() function. The following example will remove the "Custom Moderator" role that we created above.
add_action('init', 'remove_custom_moderator_role');
function remove_custom_moderator_role(): void
{
remove_role('custom_moderator'); // Provide the role slug as parameter
}Add a Capability to User Role in WordPress
A WordPress capability is a permission to perform an action like publishing a post, managing settings, etc. The function add_cap() is used to add a capability in WordPress to an existing user role. With the following code snippet, the capability to manage website settings can be added to the "Editor" user role.
add_action('init', 'add_capability_to_editor');
function add_capability_to_editor(): void
{
$role = get_role('editor');
if ($role) {
$role->add_cap('manage_options');
}
}Remove a Capability from a User Role in WordPress
Just like removing a role, it is very simple to remove a capability from a user role with the help of the remove_cap() function. The code snippet below will remove the capability to manage website settings from the "Editor" user role.
add_action('init', 'remove_capability_from_editor');
function remove_capability_from_editor(): void
{
$role = get_role('editor');
if ($role) {
$role->remove_cap('manage_options');
}
}Assign a Role to a User in WordPress
The set_role() function can be utilized to assign a role to a user in WordPress, this will replace the existing roles assigned to the user. The code snippet below will assign the "Editor" role to a specific user.
add_action('init', 'assign_role_to_user');
function assign_role_to_user(): void
{
$user = get_user_by('email', '[email protected]');
if ($user) {
$user->set_role('editor'); // Replaces all existing roles
}
}Add a Role to a User in WordPress
The add_role() function is used to add a new role to a user without removing or replacing the existing roles assigned to the user. The following will add the "Custom Moderator" role to a specific user.
add_action('init', 'add_role_to_user');
function add_role_to_user()
{
$user = get_user_by('email', '[email protected]');
if ($user) {
$user->add_role('custom_moderator');
}
}Remove a Role From a User in WordPress
The remove_role() function is used to remove a role from a user in WordPress, providing the role slug as a parameter. The following will remove the "Custom Moderator" role from a specific user.
add_action('init', 'remove_role_from_user');
function remove_role_from_user(): void
{
$user = get_user_by('email', '[email protected]');
if ($user) {
$user->remove_role('custom_moderator');
}
}We demonstrated how to manage WordPress roles and permissions with code snippets. WordPress provides fine-grained control to manage user roles and permissions. With the help of a few PHP code lines, user roles and permissions in WordPress can be easily managed to fit your needs. It is recommended to take a backup of the website before implementing these code snippets for the first time.