December 04, 2020

User Roles & Permissions in WordPress

It becomes essential to understand the user roles and permissions assigned to them for WordPress website with multiple contributors. This post explain the user roles and permissions in WordPress in simple way.

User Roles & Permissions in WordPress

WordPress comes with built-in user management allowing to assign specific roles to user and control what users can and cannot do on website. WordPress user roles define actions also known as capabilities that users can perform on website. In this post we will explore how to manage user roles and permissions in WordPress and enhance website's security.


How to Manage User Roles and Permissions in WordPress

WordPress comes with some built-in user roles giving basic control over user role and permissions. However it is also possible to manually add custom user roles and capabilities for extra roles and permissions needed. We will walk through some step to create, assign and remove user roles and permissions. WordPress offers following default user roles:

  • Admin: This role is intended for website owners and allows full access to administrative features such as installing plugins, changing themes, editing code and manage all content and users of website.
  • Editor: This role is for senior contributors and allows to publish, edit or delete any post, also allows to moderate comments, manage categories and tags.
  • Author: This role is for regular contributors and allows to write, publish and edit their own posts.
  • Contributor: This role can used for guest writers and it allows to write and edit their own posts but they cannot publish them.
  • Subscriber: This role is ideal for membership websites where restricted content areas are in play. Users with role can only manage their own profile and read content but they cannot access any administrative feature.
 

Create a User Role

It is possible to add a role using in WordPress using the add_role() function. The code snippet below will add a new user role "Custom Moderator" which only allows to moderate comments.

add_action('init', 'add_custom_moderator_role');

function add_custom_moderator_role() {
    add_role(
        'custom_moderator', // Role slug
        'Custom Moderator', // Display name
        array(
            'read' => true,
            'edit_posts' => false,
            'delete_posts' => false,
            'moderate_comments' => true,
        )
    );
}
 

Remove a User Role

Same as adding a new role it is simple to remove a role in WordPress using the remove_role() function. The following example will remove the "Custom Moderator" role which we created above.

add_action('init', 'remove_custom_moderator_role');

function remove_custom_moderator_role() {
    remove_role('custom_moderator'); // Provide the role slug as parameter
}
 

Add a Capability to User Role

A WordPress capability is a permission to perform an action like publishing a post, managing settings etc. The function add_cap() is used to add a capability in WordPress to existing user role. With following code snippet capability to manage website settings can be added to "Editor" user role.

add_action('init', 'add_capability_to_editor');

function add_capability_to_editor() {
    $role = get_role('editor');
    
    if ($role) {
        $role->add_cap('manage_options');
    }
}
 

Remove a Capability from User Role

Just like removing a role it is very simple to remove a capability from user role with help of remove_cap() function. The code snippet below will remove the capability to manage website settings from "Editor" user role.

add_action('init', 'remove_capability_from_editor');

function remove_capability_from_editor() {
    $role = get_role('editor');
	
    if ($role) {
        $role->remove_cap('manage_options');
    }
}
 

Assign a Role to User

The set_role() function can be utilized to assign a role to user in WordPress, however this will replace the existing roles assigned to user. The code snippet below will assign the "Editor" role to specific user. 

add_action('init', 'assign_role_to_user');

function assign_role_to_user() {
    $user = get_user_by('email', 'john.doe@example.com');
	
    if ($user) {
        $user->set_role('editor'); // Replaces all existing roles
    }
}
 

Add a Role to User

The add_role() function used to add a new role to user without removing or replacing the existing roles assigned to user. The following will add the "Custom Moderator" role to specific user.

add_action('init', 'add_role_to_user');

function add_role_to_user() {
    $user = get_user_by('email', 'john.doe@example.com');
	
    if ($user) {
        $user->add_role('custom_moderator');
    }
}
 

Remove a Role from User

The remove_role() function is used to remove a role from user in WordPress providing the role slug as parameter. Following will remove the "Custom Moderator" role from specific user.

add_action('init', 'remove_role_from_user');

function remove_role_from_user() {
    $user = get_user_by('email', 'john.doe@example.com');
	
    if ($user) {
        $user->remove_role('custom_moderator');
    }
}

We demonstrated how to manage roles and permission in WordPress with code snippets. WordPress provides fine-grained control to manage user roles and permissions. With help of few PHP lines user roles and permissions in WordPress can be easily managed to fit your needs. As a developer it is advised to always take a backup of website before implementing these code snippets for first time.

Home