User role in wordpress
October 27, 2017
Default User roles in wordpress
User roles in wordpress are one of the first things you learn about when working with a team inside WordPress. When you install a WordPress site, you also create a user with the user role administrator. I will show you how you can create different roles and add custom capabilities of users.
when you install WordPress, there are five default user roles:
You may wonder why would you use the code and pro grammatically set some of the WordPress user roles or capabilities. In my career as a developer, especially WordPress developer, I have encountered various projects where I needed custom user roles.
A user role defines permissions for users to perform a group of tasks. In a default WordPress installation there are some predefined roles with a predefined set of permissions. These roles are Super Admin, Administrator, Editor, Author, Contributor, and Subscriber. Each roles has a certain number of set tasks it is allowed to perform that are known as “capabilities”. There are numerous capabilities including “moderate_comments”, “publish_posts”, and “edit_users”. Although every role has a predefined set of capabilities, new capabilities can be added and removed from each role. User roles are very handy when it comes to multi-author WordPress sites.
On a regular WordPress install, Administrator is the most powerful user role. Users with the administrator role can add new posts, edit any posts by any users on the site, and even delete those posts.
They can install, edit, and delete plugins as well as themes. Most importantly an administrator user can add new users to the site, change information about existing users including their passwords as well as delete any user (yes other administrators too).
This role is basically reserved for site owners and gives you the full control of your WordPress site. If you are running a multi-user WordPress site, then you need to be very careful who you assign an administrator user role.
Users with the editor role in WordPress have full control on the content sections your website. They can add, edit, publish, and delete any posts on a WordPress site including the ones written by others. An editor can moderate, edit, and delete comments as well.
Editors do not have access to change your site settings, install plugins and themes, or add new users.
As the name suggests, users with the author role can write, edit, and publish their own posts. They can also delete their own posts, even if they are published.
When writing posts, authors cannot create categories however they can choose from existing categories. On the other hand, they can add tags to their postsAuthors can view comments even those that are pending review, but they cannot moderate, approve, or delete any comments.
They do not have access to settings, plugins, or themes, so it is a fairly low-risk user role on a site with the exception of their ability to delete their own posts once they’re published.
Contributors can add new posts and edit their own posts, but they cannot publish any posts not even their own. When writing posts they can not create new categories and will have to choose from existing categories. However, they can add tags to their posts.
The biggest disadvantage of a contributor role is that they cannot upload files (meaning they can’t add images on their own article).
Contributors can view comments even those awaiting moderation. But they cannot approve or delete comments.
They do not have access to settings, plugins, or themes, so they cannot change any settings on your site.
Users with the subscriber user role can login to your WordPress site and update their user profiles. They can change their passwords if they want to. They cannot write posts, view comments, or do anything else inside your WordPress admin area.
This user role is particularly useful if you require users to login before they can read a post or leave a comment.
Basic WordPress Functions
In order to manage roles and capabilities effectively, there are five very straightforward functions:
add_role(): Enables you to add a custom role.
remove_role(): Enables you to remove a custom role.
add_cap(): Enables you to add a custom capability to a role.
remove_cap(): Enables you to remove a custom capability from a role.
get_role (): Gets information about a role as well as the capabilities associated with the role.
We are only going to use the add_role() function for this article as we are going to create a custom user role for our fictitious client.
Defining The User Role
before we dive into the code we need to have a plan, because diving into code without a plan is never a good idea.
So we need to give the user role a name. We’ll keep it simple and call the user role ‘Client’.
So what can the user role ‘Client’ actually do? There are over 50 different capabilities available in a clean install of WordPress (the number increases once you start adding plugins, but we’ll go over that in another article). For our purposes we want the client to be able to do the following:
Edit Others posts
Equally important is what we don’t want them to be able to do:
Add or Remove Plugins
User roles can be accessed through the global variable $wp_roles. This variable is actually an object of WP_Roles.
‘roles’ => array(
‘administrator’ => array(
‘name’ => ‘administrator’,
‘capabilities’ => array(
‘switch_themes’ => true,
‘edit_themes’ => true,
‘activate_plugins’ => true,
// Much more
// Other roles
‘role_names’ => array(
‘administrator’ => ‘Administrator’,
// Other role names
get current user role by ID WordPress
You can’t get current user role directly. First, you have to get the user_meta_data, and it will return an Object that will contain user roles.
$user_roles=$user_meta->roles; //array of roles the user is part of.
Adding a User Role
To add a new WordPress user role, we need to use the function add_role:
‘edit_posts’ => true,
// Various Capabilities
Updating a User Role
To update a WordPress user role, you will need to get the role using the function get_role. This function will return an object of WP_Role. You can use the methods from that object to update the role.
// Remove a capability from role
$administrator_role->remove_cap( ‘custom_capability’ );
Removing a User Role
WordPress user roles can be easily removed by using the function remove_role.
* Removing the role
remove_role( ‘administrator’ );
if its useful then please share this post