User Roles in WordPress, How to Create and Manage User Roles

WordPress comes with five default user roles: Administrator, Editor, Author, Contributor, and Subscriber. Each role has specific permissions. However, there are times when you may need to create a custom user role with specific permissions. Let’s explore how you can do that in WordPress.

Why Create Custom User Roles?

For example, if you want to create a user group that only has access to edit your website’s theme, you can do that by defining a custom role. You can name it Designer or anything else you prefer.

In this tutorial, we’ll show you how to create custom user roles with different capabilities using code, ensuring better control over user access without relying on additional plugins.

How to Add a Custom User Role in WordPress

By creating custom user roles, you can define different permissions for different users. This allows you to manage your WordPress site more efficiently.

Important Considerations

Before proceeding, keep in mind that assigning roles and permissions requires careful attention. Granting unnecessary access can compromise security, so always review the permissions you provide to each user.

Please Do Not Change Capabilities of Administrator role , it may cause accessing problem to your website and you will be locked out of your website.

After adding custom roles, you can also edit or delete them as needed. Defining proper user roles is an essential step when setting up a WordPress site.

Adding a Custom User Role in WordPress

To start, log in to your WordPress admin panel. Then navigate to Appearance > Theme Editor to access your theme files. Look for the functions.php file in the left-hand column and open it.

Or You can use Koolak Custom Code Plugin to add PHP code effectively.

Now, add the following code inside the functions.php or custom code plugin :


$result = add_role( 'designer', __('Designer'), array(
    'read'              => true,
    'edit_posts'        => false,
    'edit_pages'        => false,
    'edit_others_posts' => false,
    'create_posts'      => false,
    'manage_categories' => false,
    'publish_posts'     => false,
    'edit_themes'       => false,
    'install_plugins'   => false,
    'update_plugins'    => false,
    'update_core'       => false,
));

Explanation of the Code

  • add_role(‘designer’, __(‘Designer’)…): Creates a new user role named “Designer.”
  • read: Allows the user to read the website content.
  • edit_posts: Denies permission to edit posts.
  • edit_pages: Denies permission to edit pages.
  • edit_others_posts: Prevents editing other users’ posts.
  • create_posts: Restricts the creation of new posts.
  • manage_categories: Blocks access to category management.
  • publish_posts: Prevents publishing posts.
  • edit_themes: Blocks access to theme editing.
  • install_plugins: Restricts installing new plugins.
  • update_plugins: Prevents plugin updates.
  • update_core: Blocks WordPress core updates.

Setting a permission to true grants access, while false denies it.

Manage Capabilities Easily with User Role Editor Plugin

How to Create and Manage User Roles in WordPress - USER ROLE EDITOR

You can also use the User Role Editor plugin to manage capabilities easily without writing code. This plugin allows you to modify roles, assign custom permissions, and fine-tune user access effortlessly.

By testing different capabilities, you can configure the best access levels for your specific roles and users.

Can I Create Any Custom Role I Want with WordPress Roles and Capabilities?

Short answer: No. While WordPress roles and capabilities offer flexibility, they may not cover every specific requirement.

For example, you cannot grant a user permission to edit only products while restricting them from editing posts. However, you can set up capabilities that fulfill 90% of your needs and then use WordPress admin URL redirections to manage the rest.

To block specific roles to different sections of the admin panel, use this code snippet:


function restrict_author_access_to_admin_pages() {
    if (current_user_can('author')) {
        $restricted_pages = [
            'edit.php?post_type=product',  // Products list page
            'post.php?post_type=product',  // Editing a single product
            'post-new.php?post_type=product', // Adding a new product
        ];

        $current_url = $_SERVER['REQUEST_URI'];

        foreach ($restricted_pages as $page) {
            if (strpos($current_url, $page) !== false) {
                wp_redirect(admin_url()); // Redirect to dashboard
                exit;
            }
        }
    }
}
add_action('admin_init', 'restrict_author_access_to_admin_pages');

Adding a New User in WordPress

To assign a custom role to a user, navigate to Users > Add New in your WordPress dashboard.

Steps to Add a New User

  1. Go to Users > Add New.
  2. Enter the username, email, and other required details.
  3. Set a strong password for security.
  4. Choose the appropriate role (e.g., Designer).
  5. Click Add New User to save the changes.
  6. Optionally, send an email notification to the user with their login details.

Conclusion

Custom user roles in WordPress provide better control over user permissions, enhancing security and workflow efficiency. While plugins like User Role Editor simplify role management, adding custom roles through code keeps your website lightweight and optimized.

By understanding user roles and capabilities, you can manage access effectively and ensure a secure and well-structured WordPress website.

1 thoughts on “User Roles in WordPress, How to Create and Manage User Roles

  1. Pingback: Create a WordPress Admin User via phpMyAdmin: Step-by-Step

Leave a Reply

Your email address will not be published. Required fields are marked *