One of the key features in WordPress that is often overlooked is that there are a number of different user roles available. These user roles can help make insure that only the people have access to just the areas they need and also helps minimize the chances of any accidents happening that could potentially bring down the site. in this article we will look at those user roles briefly and also go into how to create your own custom roles.
User roles have been an important part of the WordPress experience since version 2.0. Most people don’t even know they exist and assign administrator rights to everyone who has access to their site dashboard (obviously not a good thing for a whole bunch of reasons). Off the shelf, WordPress comes with six default user roles:
- Administrator: someone who has access to all the administrative features and functions within a site.
- Editor: someone who can publish and manage posts of all users, including their own.
- Author: someone who can publish and manage their own posts.
- Contributor: someone who can write and manage their own posts but can’t publish them.
- Subscriber: someone who can only manage their profile.
Why Use Custom User Roles?
For the most part the default user roles are all that are needed. But there are cases where you need a user role that doesn’t fit in with the parameters of the default roles. And in this article I’ll show you how to create your own custom user roles without using a plugin.
Lets put a real world spin on why you would want to use Custom User roles. I typically use Custom User roles to make sure my clients only have access to what they need. I’m sure there are people who will debate that it is the client’s site and they should have admin access as the owner. And that’s fine if you don’t have a maintenance agreement with the client and are just handing the site over to the client and moving on to the next project.
But if you’re responsible for making sure the site stays up 24/7, then I recommend restricting the access of the client through a custom user role. That way I can give the client everything they need to make their site effective, like add content, maybe add events whatever they need to do. What they can’t do is things that can bring the site down or mess-up some functionality. I restrict things like access to add or remove plugins, themes, update core, all the kinds of things I’d want to do as part of my ongoing maintenance.
But lets start with a quick review of the basics, shall we?
Basic WordPress Functions
In order to manage roles and capabilities effectively, there are five very straightforward functions:
- add_role(): Enables you to add a custom role.
- remove_role(): Enables you to remove a custom role.
- add_cap(): Enables you to add a custom capability to a role.
- remove_cap(): Enables you to remove a custom capability from a role.
- get_role (): Gets information about a role as well as the capabilities associated with the role.
We are only going to use the add_role() function for this article as we are going to create a custom user role for our fictitious client.
Defining The User Role
..
// Add a custom user role
$result = add_role( ‘client’, __(
‘Client’ ),
array(
‘read’ => true, // true allows this capability
‘edit_posts’ => true, // Allows user to edit their own posts
‘edit_pages’ => true, // Allows user to edit pages
‘edit_others_posts’ => true, // Allows user to edit others posts not just their own
‘create_posts’ => true, // Allows user to create new posts
‘manage_categories’ => true, // Allows user to manage post categories
‘publish_posts’ => true, // Allows the user to publish, otherwise posts stays in draft mode
‘edit_themes’ => false, // false denies this capability. User can’t edit your theme
‘install_plugins’ => false, // User cant add new plugins
‘update_plugin’ => false, // User can’t update any plugins
‘update_core’ => false // user cant perform core updates)
);