I always say the same thing, the WordPress user role system is very powerful, but it is hidden. Natively, without installing plugins, there is no easy way to modify permissions or create a new role, although there are some plugins that do those changes using functions in the code.

In the administration panel of our WordPress, we can create, edit and delete WordPress users. However, we cannot see all the capabilities of each role or modify the roles and capabilities of these users.

Now, although from the administration panel we cannot natively configure the roles, with the help of certain plugins we can solve this.

And this is precisely what we are going to talk about in this post, the permissions, roles, and capabilities of the WordPress user management system.

Create a new user role in WordPress

In order to create a new user role from the WordPress administration panel, we need to use a plugin.

Although there are many plugins to create a new WordPress user role, I personally prefer the Members plugin, a free plugin from the same developers as MemberPress.

The Members plugin for WordPress allows you to perform the following actions:

  • Complete management of user roles, from creating to deleting or assigning roles.
  • Possibility of assigning several different user roles to the same user in WordPress.
  • Edition of capabilities or capabilities from a very powerful and intuitive interface that even allows us to create new permissions if necessary.
  • Possibility of cloning user roles to modify them later with the capabilities and permissions that we need.

Additionally, without actually using MemberPress, the Members plugin allows us to perform some more actions through its “Extensions” :

  • Ability to block access to wp-admin and WordPress admin bar based on user roles.
  • Ability to separate content creation capabilities or capabilities from content editing content, to add another layer of customization to user roles. There is also another option to do the same with categories and tags.
  • It allows changing the classification of current “different” roles in a system of roles by levels, whereby each user can be assigned a role based on a level of permissions.
  • It allows changing the current WordPress role system for a hierarchical system.
  • Allows you to create and manage specific capabilities for ACF (Advanced Custom Fields).
  • It allows for creating and managing specific capabilities for EDD (Easy Digital Downloads).
  • Allows you to create and manage specific capabilities for WooCommerce.

While there are plenty of other WordPress user role plugins out there, I love the Members plugin, even on projects where I don’t use MemberPress to create a membership.

Default user roles

By default, WordPress comes with a series of user roles and their corresponding assigned capabilities.

As I have already said several times in this post, later the different “trunk” plugins declare custom roles to be able to configure specific capabilities for the different types of users.

Creating new roles in WordPress is really easy and, in addition, we can use default roles like the ones we are going to explain below as a base.

  • Administrator or administrator: Natively it has about 152-158 capabilities assignedI believe that this role does not need any explanation, it is the role with the most capabilities and with the greatest responsibility within the management of the website.
  • Author or author: By default, it usually has 11 capabilities assigned. It is typically used for users who can fully publish, moderate and manage content, albeit with limitations in terms of the technical website administration.
  • Editor: It is like the author, but different since it is aimed at moderating content from other users. It has more capabilities than the author (31 capabilities ), but it is a role with a different orientation.
  • Collaborator or contributor: It is an author role, but much more limited. It has only 3 capabilities assigned. This role is typically used for guest authors on most occasions.
  • Subscriber or subscriber: It is the default WordPress role that registered users enter since it is the most limited. The subscriber-only has 1 capability assigned, that of «Read». This is the role that is usually closed.

These are the default WordPress roles, but when we install a plugin others are added, such as those of WooCommerce:

  • Store manager: It is an intermediate role that has the ability to manage the online store in daily work, but not to make technical adjustments.
  • Client: It is the role assigned to clients. It is actually the same as “Subscriber”, but with a different name, since it has exactly the same capability assigned.

Capabilities or permissions in WordPress

As I said before, the WordPress role and permission system is very powerful, but in the dashboard, an admin cannot directly make changes to user roles without using a plugin.

When we install WordPress, the permissions system has 152-158 options, although these options increase when installing new plugins that declare new user roles and new permissions in WordPress.

Although you may think that the WordPress administrator user is the role that has all the capabilities activated, the truth is that this is not usually the case, since there are some that are always deactivated because they are for very special cases.

With the user role system managed by a plugin like Members, we can create a new user role on the WordPress website and then customize its user “powers” to use it exactly how we need it.

In the Members plugin interface, capabilities are grouped into sections for easy management.

Typically, each user role has certain inherited capabilities and may also have certain specific “powers.”

The WordPress user system is not the most powerful, but with its capabilities, it has nothing to envy a more advanced system.

On the other hand, as I have said, the simple fact of installing a “trunk” plugin in WordPress, such as WooCommerce, expands the capabilities that we can manage from the Members plugin interface

Even if we want to add a new capability for WordPress user roles it is possible, but to use it we must program or configure a plugin to use it.

Also, not only can we allow things, but we can also specifically deny things.

In this sense, the roles and capabilities system works like any other, a block always has more weight than an “allow” in case of overlapping in specific cases.

Modify user roles in WordPress

This is usually one of the most common needs within WordPress role management.

Normally, when we need to modify user roles in WordPress, it is because we want to remove capabilities from a certain role or we need to create a role and add or remove capabilities from an existing role.

With the Members plugin for WordPress, we can create a new role by cloning a role, we can also modify that cloned role or an existing one to adapt them to our needs.

Since I can’t exactly explain this to you with pictures, I’m going to do two things. The first is to leave you this video from my YouTube channel:

The second is to leave you the official documentation on WordPress roles and capabilities: https://wordpress.org/support/article/roles-and-capabilities/

Modifying user roles in WordPress is easy, the hard part is knowing exactly what to touch. For this reason, I recommend not touching the admin role and being very careful when touching the other user roles.

If we are not careful or make these changes to a production website, a user may see information that is “not allowed” for their user role.

WordPress admin role

As a final point, we are going to talk specifically about the WordPress administrator role, that is, the default role that administrators have in WordPress.

As I said before, although you can think of WordPress website administrators as having full WordPress user capabilities, the truth is that it is a user role (when plugins are installed) whose capabilities depend on the general settings.

WordPress does not have a user type called “Super admin”, although it does distinguish the administrator email specifically. All administration of the website falls on the role of administrators and their capabilities.

I have never needed to modify the administrator role of a website since it is quite natively adjusted. In any case, I do not recommend you to touch or modify the WordPress administrator role and its capabilities, since being the “administrator” can bring you problems on the website.

Private content based on the role in WordPress

We have reached the end of the post, and here I am simply going to comment on one thing that I am often asked about.

If we want to privatize or block content in WordPress based on the role of the users, we must use a membership plugin such as MemberPress or Paid Membership Pro.

Setting up these types of membership plugins is often more complex than changing roles.

Although there are other ways to manage access to content and user blocking, the WordPress role system is one of the most robust and solid methods that exist. MemberPress fully supports the use of roles and capabilities, although it supports other methods as well.

Categorized in:

Technology,

Last Update: June 4, 2023

Tagged in:

, , , , , , , , , ,