Projects Engine

roles and capabilities

Roles and Capabilities allow you to restrict what other users can and cannot do on your website. They may be used to handle user operations such as writing articles, creating new pages, moderating comments, installing plugins, limiting access to the dashboard, and limiting access to frontend content, among other things.

Home / Dictionary / roles and capabilities

Roles and Capabilities allow you to restrict what other users can and cannot do on your website. They may be used to handle user operations such as writing articles, creating new pages, moderating comments, installing plugins, limiting access to the dashboard, and limiting access to frontend content, among other things.

WordPress has six roles by default:

  • Super Admin
  • Administrator
  • Editor
  • Author
  • Contributor
  • Subscriber

Understanding user roles and capabilities is critical when managing a WordPress site. For example, if you’re creating a site for a customer, you wouldn’t want them to update or edit the installed theme, especially if their technical experience is non-existent. In the same manner, allowing authors of a multi-author blog to install or uninstall plugins is a bad idea.

WordPress defines a capability as any activity that a user can perform:

  • create_sites
  • delete_sites
  • manage_network
  • manage_sites
  • manage_network_users
  • manage_network_plugins
  • manage_network_themes
  • manage_network_options
  • upgrade_network
  • setup_network

You can create your own custom role:

function wporg_simple_role() {
    add_role(
        'custom_role',
        'Custom Role',
        array(
            'read'         => true,
            'edit_posts'   => true,
            'upload_files' => true,
        ),
    );
}
 
// Add the custom role.
add_action( 'init', 'wporg_simple_role' );

You can remove a role with the command shown below:

function wporg_simple_role_remove() {
    remove_role( 'custom_role' );
}
 
// Remove the custom_role.
add_action( 'init', 'wporg_simple_role_remove' );

You want to be able to do that, especially if you don’t use it on your website. You can remove a default role as well.