Implementing Custom Roles and Permissions in WordPress

Posted on 16th June 2023

As a WordPress developer, you may have come across a time where you need to give a client or another user on your site a role with specific permissions. For example, you may want to create a role for an editor that can only edit and publish posts, but cannot delete them. In this article, we will show you how to easily create custom roles and permissions in WordPress.

Creating Custom Roles in WordPress

The first thing you need to do is install and activate the Members plugin. Upon activation, you need to visit Users » Add New Role page to create a new role.

You will first need to provide a role name. After that, you need to select the capabilities that you want to grant to this role. Once you are finished, click on the Add Role button to save your changes.

Adding Permissions to Existing WordPress User Roles

In some cases, you may want to add more permissions to an existing user role in WordPress. For example, you may want to give Editors the ability to delete posts as well.

First, you need to visit the Users » Add New Role page and select the role you want to add permissions to. After that, you need to select the capabilities that you want to grant to this role and click on the Update Role button to save your changes.

Removing Permissions from Existing WordPress User Roles

If you want to remove capabilities from an existing user role, then you need to visit the Users » Remove Capabilities page. On this page, you need to select the role from the dropdown field. After that, you need to select the capabilities that you want to remove from this role and click on the Update Role button to save your changes.

Assigning User Role to WordPress Users

Once you have created custom roles and assigned permissions, the next thing you need to do is assign these roles to users.

First, you need to visit the Users » All Users page and then click on the Edit link below any user that you want to change the role.

This will bring you to the user profile editor page. Here you need to select the new role from the Role dropdown field and then click on the Update Profile button to save your changes.

That’s all, we hope this article helped you learn how to easily create custom roles and permissions in WordPress. You may also want to see our list of the most essential WordPress plugins for business websites.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Facebook and Twitter.

In the previous article, we saw how to create custom roles and map them to capabilities using the add_role() function. In this article, we will see how to add custom capabilities to existing roles and how to map them to specific users.

Adding Custom Capabilities

We can add custom capabilities to existing roles using the add_cap() function. This function takes two arguments – the role to which the capability needs to be added and the capability itself.

For example, let’s say we want to add a new capability called ‘manage_options’ to the ‘administrator’ role. We can do this using the following code:

add_cap( ‘administrator’, ‘manage_options’ );

Similarly, we can add capabilities to other roles as well.

Mapping Capabilities to Users

Once we have added the custom capability to a role, we need to map it to specific users. This can be done using the add_cap() function. This function takes two arguments – the user ID and the capability.

For example, let’s say we want to map the ‘manage_options’ capability to the user with ID 1. We can do this using the following code:

add_cap( 1, ‘manage_options’ );

Similarly, we can map capabilities to other users as well.

Removing Custom Capabilities

We can remove custom capabilities from roles and users using the remove_cap() function. This function takes two arguments – the role/user ID and the capability.

For example, let’s say we want to remove the ‘manage_options’ capability from the ‘administrator’ role. We can do this using the following code:

remove_cap( ‘administrator’, ‘manage_options’ );

Similarly, we can remove capabilities from other roles and users as well.

Conclusion

In this article, we saw how to add custom roles and map them to capabilities using the add_role() function. We also saw how to add custom capabilities to existing roles and how to map them to specific users.

In order to create custom roles and permissions, you need to first understand the WordPress security model. WordPress uses a concept called Capabilities to control what a user can do on a site. A Capability is a specific action that a user is allowed to perform. For example, the publish_posts Capability allows a user to publish posts.

There are two ways to add custom Capabilities to a WordPress site:

1. Add a new Capability to an existing Role.
2. Create a new Role with custom Capabilities.

Adding a new Capability to an existing Role is the simplest way to add a new Capability to a WordPress site. To do this, you need to use the add_cap() function. The add_cap() function takes two parameters: the Capability you want to add, and the Role you want to add it to. For example, to add the publish_posts Capability to the Editor Role, you would use the following code:

add_cap( ‘editor’, ‘publish_posts’ );

Creating a new Role is a little more complicated than adding a new Capability to an existing Role. To create a new Role, you need to use the add_role() function. The add_role() function takes two parameters: the name of the Role you want to create, and an array of Capabilities that Role should have. For example, to create a new Role called “Contributor” with the publish_posts Capability, you would use the following code:

add_role( ‘contributor’, ‘Contributor’, array( ‘publish_posts’ => true ) );

Once you’ve added a new Capability or Role, you can then use the WordPress functions is_user_logged_in() and current_user_can() to check if a user has a particular Capability or Role. For example, the following code would check if the current user has the publish_posts Capability:

if ( is_user_logged_in() && current_user_can( ‘publish_posts’ ) ) {
// The user can publish posts
} else {
// The user can’t publish posts
}

You can also use the WordPress function get_role() to get a list of all the Capabilities a particular Role has. For example, the following code would get a list of all the Capabilities the Editor Role has:

$role = get_role( ‘editor’ );
$capabilities = $role->capabilities;
foreach ( $capabilities as $capability => $value ) {
echo $capability . ‘
‘;
}

Adding custom Roles and Capabilities to a WordPress site is a relatively simple process. By understanding the WordPress security model and using the appropriate functions, you can easily add custom Roles and Capabilities to your site.

Previous Post - How to Use Apple Maps on the iPhone 14

Next Post - Adding Custom CSS and JavaScript to Your WordPress Plugin