Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Customizing User Roles in WordPress

DZone's Guide to

Customizing User Roles in WordPress

There are five default user roles in WordPress with their own set of configurable capabilities. Let's look at what they are and how to customize them.

· Web Dev Zone ·
Free Resource

Deploying code to production can be filled with uncertainty. Reduce the risks, and deploy earlier and more often. Download this free guide to learn more. Brought to you in partnership with Rollbar.

wp user roles

WordPress works with 'Roles', which can be best explained to a novice as 'Employee designations' in a company. The site owner, usually the Administrator, assigns these 'Roles' to site users to give them a set of 'capabilities', i.e., what they can or cannot do within the site.

There are 5 default user roles in WordPress with their own set of (configurable) capabilities:

Administrator — who has control over everything on the site (content, taxonomy, themes, plugins, users)

Editor — controls content on your website, can publish their own posts and publish/edit/delete other people’s posts, moderate comments (cannot control plugins, themes, and other users)

Author — can publish/edit/delete and add tags to their own posts, view unapproved comments

Contributor — can submit/edit their own posts (but not publish them)

Subscriber — can access/edit their own user profiles

Multisite in WordPress 3.0 introduced multisite network to the users and created a new default role called the Super-Admin who has Admin capabilities on every site in a network of virtual WordPress sites along with network management. This is not to be confused with Admin, who is only limited to one site in a Multisite network.

While WordPress has a default set of capabilities for these roles, these can be changed via code/plugin like User Role Editor or Members. The Capability vs Role table on WordPress Codex is a complete chart depicting the default roles and capabilities. Note that the roles themselves aren’t strictly hierarchical; they only describe (loosely) what a user can or cannot do, and since it is easy to change them (really easy); there is no 'hierarchy' to speak of, regardless of what the Capability-Role Table looks like.

Image title

Source: Codex

Custom Roles

Custom roles give you the power to create additional 'employee designations' on a WordPress website for a client. For example, an e-commerce website may have custom roles like 'Vendor' or 'Manager' who have special capabilities regarding products and orders. Similarly, a site owner himself may only want to function as 'Editor' while leaving the more technical aspects of plugins/themes that come with Administration to their IT guys.

So, how do you add new roles and assign them their 'powers' (sorry, I’ve been caught up in the Marvel Cinematic Universe too much lately)? This is the code that makes it happen:

$result = add_role('advanced_contributor', 'Advanced Contributor', array(
    'read' => true, // True to allow this capability
    'edit_posts' => true,
    'delete_posts' => false, // False to explicitly deny this specific capability
));

This code may be put within the functions.php file of your theme, but I recommend writing a plugin for custom functionalities, and that includes custom roles too. This simplifies matters during day-to-day administration, and that’s something you/clients will appreciate.

Custom Capabilities

New capabilities can be assigned to roles.

Check out the following bit of code:

function add_capability() {
        $role = get_role( 'author' ); // This gets the author role
    $role->add_cap( 'edit_others_posts' ); }
add_action( 'admin_init', 'add_capability');

This code gives Authors the capability to edit_others_posts on a WordPress website.

If you want to limit this to a specific user (because you trust them) instead of adding an additional capability to a group of people who have a role, this is how you do it:

$user = new WP_User( $user_id ); 
$user->add_cap( 'can_edit_posts');

This bit gives the capability of editing posts to a particular user_id. You can use plugins like Reveal IDs here to find out the specific user_id.

Custom Post Types and Capabilities

WordPress maps meta capabilities (3 powers on a per-post basis: edit_post, read_post, delete_post) automatically to certain users based on their roles, but only when you’re using default post types. On Custom post types, you have to create, assign, and devise a method to map them yourself (by filtering through the map_meta_cap hook).

Plugins:

There are easier (read: no coding required) ways to manage user roles and capabilities, and that’s plugins. Here are some of the best:

Capability Manager Enhanced

This plugin lets you create roles and manage capabilities (of course), but the best things I like about this plugin is its capability negation, role-copying to all websites on a network, delegate role_management, and ability to work with custom post types. Overall, it’s a pretty well-rounded plugin with an easy to use UI.

Members

This one is created by Justin Tadlock (a WordPress wiz-kid from Alabama.) Apart from usual role/capability creation and management, this plugin packs quality content-specific permissions, shortcodes and widgets, and 'private site' option (no 'read' allowed to anyone.) Multiple user-roles and role-cloning are also possible with Members. Generally, an extensive plugin we have used ourselves.

There are other plugins out there that help make management of user roles and capabilities easier.

Endnote

I hope this article brought you a step closer to WordPress by clearing the air on its user roles and capabilities. They are really not that difficult: just visualize them as the characters of the sitcom The Office and be a little picky about what you let your users do.

This article was written by Tracey Jones. She is a front-end WordPress developer at HireWPGeeks Ltd. and a blogger by hobby. She provides HTML website to WordPress conversion services and has a team of developers to assist her in every project.

Deploying code to production can be filled with uncertainty. Reduce the risks, and deploy earlier and more often. Download this free guide to learn more. Brought to you in partnership with Rollbar.

Topics:
wordpress ,wordpress tutorial ,web dev

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}