How to Create Custom User Roles in WordPress

One of the key features in WordPress that is often overlooked is that there are a number of different user roles available. These user roles can  help make insure that only the people have access to just the areas they need and also helps minimize the chances of any  accidents happening that could potentially bring down the site. in this article we will look at those user roles briefly and also go into how to create your own custom roles.

User roles have been an important part of the WordPress experience since version 2.0. Most people don’t even know they exist and assign administrator rights to everyone who has access to their site dashboard (obviously not a good thing for a whole bunch of reasons). Off the shelf, WordPress comes with six default user roles:

  • Administrator: someone who has access to all the administrative features and functions within a site.
  • Editor: someone who can publish and manage posts of all users, including their own.
  • Author: someone who can publish and manage their own posts.
  • Contributor: someone who can write and manage their own posts but can’t publish them.
  • Subscriber: someone who can only manage their profile.

Why Use Custom User Roles?

For the most part the default user roles are all that are needed. But there are cases where you need a user role that doesn’t fit in with the parameters of the default roles. And in this article I’ll show you how to create your own custom user roles without using a plugin.

Lets put a real world spin on why you would want to use Custom User roles. I typically use Custom User roles to make sure my clients only have access to what they need. I’m sure there are people who will debate that it is the client’s site and they should have admin access as the owner. And that’s fine if you don’t have a maintenance agreement with the client and are just handing the site over to the client and moving on to the next project.

But if you’re responsible for making sure the site stays up 24/7, then I recommend restricting the access of the client through a custom user role. That way I can give the client everything they need to make their site effective, like add content, maybe add events whatever they need to do. What they can’t do is things that can bring the site down or mess-up some functionality. I restrict things like access to add or remove plugins, themes, update core, all the kinds of things I’d want to do as part of my ongoing maintenance.

But lets start with a quick review of the basics, shall we?

Basic WordPress Functions

In order to manage roles and capabilities effectively, there are five very straightforward functions:

  • add_role(): Enables you to add a custom role.
  • remove_role(): Enables you to remove a custom role.
  • add_cap(): Enables you to add a custom capability to a role.
  • remove_cap(): Enables you to remove a custom capability from a role.
  • get_role (): Gets information about a role as well as the capabilities associated with the role.

We are only going to use the add_role() function for this article as we are going to create a custom user role for our fictitious client.

Defining The User Role

..

 

// Add a custom user role

$result = add_role( ‘client’, __(

‘Client’ ),

array(

‘read’ => true, // true allows this capability
‘edit_posts’ => true, // Allows user to edit their own posts
‘edit_pages’ => true, // Allows user to edit pages
‘edit_others_posts’ => true, // Allows user to edit others posts not just their own
‘create_posts’ => true, // Allows user to create new posts
‘manage_categories’ => true, // Allows user to manage post categories
‘publish_posts’ => true, // Allows the user to publish, otherwise posts stays in draft mode
‘edit_themes’ => false, // false denies this capability. User can’t edit your theme
‘install_plugins’ => false, // User cant add new plugins
‘update_plugin’ => false, // User can’t update any plugins
‘update_core’ => false // user cant perform core updates

)

);

Failed to set referrer policy error

Not sure if it was the latest update or not, but I just noticed this error popping up. When I deactivate W3 Total Cache, it goes away. I have tried uninstalling and reinstalling the plugin with same results. I have searched and found no fix, only descriptions of the error.

 

Me too.

For now in the browser cache tab, check the new additions and uncheck referrer policy.

ACF 5.8 – Introducing ACF Blocks for Gutenberg

There has been a lot of excitement surrounding Gutenberg, the new block-based WordPress editing experience. One of its most compelling features is the ability for developers to create their own custom block types. This opens up an endless array of possibilities for customization.

There’s just one little problem. Creating custom blocks is extremely complicated. How complicated? Well, even a simple testimonials block requires a massive amount of code.

.. We believe that ACF Blocks is one of the more important features ever added to our plugin. It levels the playing field and allows more developers to take advantage of Gutenberg’s key feature.

How to run a multi-tenant WordPress platform on Google Kubernetes Engine

As a service provider running WordPress sites, it is all about density, density, density

WordPress is said to run 28% of all websites on the Internet. That is a phenomenal installed base of some 75 million sites. While some of these are massive sites like TechCrunch or The New Yorker, the vast majority of WordPress sites are much smaller.

That means as a WordPress hoster, your business probably follows the 80-20 rule. 80% of your revenue comes from 20% of your sites. Or said another way, 80% of your sites only account for 20% of your traffic.

That means that you need to think about your business in two ways:

  1. You need to provide a reliable service to a large number of low-traffic sites while minimizing infrastructure costs since your margins come in large part by placing more sites on the same physical infrastructure.
  2. You need to provide a white-glove, highly performant and reliable experience to a small number of sites that make up the bulk of your revenue.

At the same time, you need a migration path for some sites to move from low-volume to high-volume plan, without disrupting the customer or your own internal operations teams.

 

..“Our clusters are highly dense, meaning we run a lot of containers per host. On AWS, we use huge instances. The recommendation from Kubernetes is 100 pods per VM. Already, we’re running 200-300 pods per host. Also, since most of the apps that we run are stateful, we can easily have 200-300 volumes per host as well. And we’re working to push these limits even further. Because of these densities enabled by Kubernetes and Portworx, we’re easily saving 60-90% on our compute costs. Portworx itself was between 30-50% cheaper than any other storage solution we tested.”

 

.. If you categorically knew which 20% of your customers would account for 80% of your traffic at all times, solving the noisy neighbor problem would be a one-time migration. But, because traffic patterns change over time, this is a hard problem to solve. Portworx does a few critical things to help.

First, in addition to using Kubernetes to limit pod resources like Memory and CPU, you can use Portworx to automatically place different workloads on different storage hardware for different classes of service. For instance, you might sell your customers a premium “performance” plan if they are expecting heavy usage and they are performance sensitive. Alternatively, cost-conscious customers might opt for a “budget” plan that offers reliability but doesn’t guarantee blazing fast performance. On the backend, these plans can be mapped to Portworx “storage classes” that automatically place high-end plans on SSDs and low-end plans on HHDs.

 

.. Often a hosting customer will call their service provider the day before they are going to be on a national TV and say “I really need my site to work tomorrow.” This often leads to a lot of scrambling around and manual tuning, but with PX-Motion, moving the customer to an environment with more resources is as easy as kubectl apply -f wp-migration.yaml.

The above described moving one heavy load site off a multi-tenant cluster. This is often the best option if you have some advance warning before a large traffic spike. However, in the middle of a large traffic event, it is often better to move low traffic sites away from the heavy traffic site, instead of vice versa. This is also possible with PX-Motion.