WordPress: What are User Roles?

WordPress: What are User Roles?

John Hewick

User roles are an important part of the WordPress platform. They give you ability to manage the backend of your site with clearly defied roles for users which reduce the risk of anyone making a mistake which can impact your entire website.

If you have a WordPress site, you need to be aware of what the different user roles are and how they work, particularly if you collaborate with a number of individuals in the backend. By knowing what each role is, you can give each person the correct permissions and restrictions for their input to the site.

What is a Role?

A role is a set of tasks which the person is allowed to do in WordPress administrator panel, also known as capabilities.

The default user roles in WordPress are:

  1. Administrator

The default user is the Administrator in WordPress. They can do everything, include update the core and add new users. They have control over the whole WordPress single site and can edit all of the pages, posts, tags, categories, and code.

  1. Super Administrator

If you have a multi-site, then you’ll come across the Super Administrator role. This role has the most capability with access to the entire network of sites. This means that they can add and delete sites from the network as well as having all the power of an Administrator on all the sites in the network.

  1. Editor

The Editor role has control over all content and media files on the site. This means that they can manage posts and pages, even the ones labelled ‘private’, as well as comments, tags, categories, links, and more, but they can’t make changes to the settings or code.

  1. Author

An Author can control their own posts, adding, editing and publishing them, but can’t change anyone else’s. They can’t edit, add or delete any pages. An Author can add media files and tags to their posts.

  1. Contributor

A contributor can only add posts to the backend for approval, writing and editing them in the backend without being able to publish them to the web. They can’t add media files but can add tags. This role is used by guest authors who need to have their work approved by an Admin or Editor.

  1. Subscriber

A subscriber can only read posts on your site and leave comments. They can also make changes to their own user profile. They can’t access the dashboard. All new users are Subscribers by default.

WordPress Functions to Manage Roles and Capabilities

There are five functions you need to know to manage capabilities and roles in WordPress.

  • add_role():To create a custom role to WordPress.
  • remove_role():For removing a custom role from WordPress.
  • add_cap():Give a role or user a custom capability.
  • remove_cap():Removes a custom capability from a role or specific user.
  • get_role():To fetch a role definition.

Let’s see these in action.

To Create a Custom Role to WordPress

The add_role() function takes three parameters –$role (the role name), $display_name (to display name for role) and $capabilities (list of capabilities).

Using the code snippet listed below in a plugin or in the functions.php file, you can add a new role called ‘comment moderator’. This role has three capabilities: read, ‘moderate_comments‘ and ‘edit_comment’. It also has four restrictions: ‘edit_themes‘, ‘install_plugins‘, ‘update_plugin‘ and ‘update_core‘.


$result = add_role(


__(‘Commment Moderator’, ‘testdomain’ ),


‘read’ => true,

‘moderate_comments’ => true,

‘edit_comment’ => true,

‘edit_themes’ => false,

‘install_plugins’ => false,

‘update_plugin’ => false,

‘update_core’ => false




If you want to remove a role, simply use the following code snippet.


remove_role( ‘comment_moderator’ );


Editing Capabilities for a Role

While there are defined capabilities for each role, you can add and remove them for the entire roles or for specific users using add_cap() and remove_cap()functions.


function add_capability() {

$role = get_role( ‘author’ );

$role->add_cap( ‘edit_others_posts’ );

$role->remove_cap( ‘upload_files’ );


add_action( ‘admin_init’, ‘add_capability’);


For a specific user:


function wp_specific_user() {

$user_id = 5;

$user = new WP_User( $user_id );

$user->add_cap( ‘delete_posts’ );

$user->remove_cap( ‘edit_posts’ );


add_action( ‘admin_init’, ‘wp_specific_user’);


If you want to define what a user is allowed to do, use user_can()  with the user ID as the first parameter. You can find the user ID with a plugin like Reveal IDs.


if ( user_can( 5, ‘moderate_comments’ ) ) {

echo ‘The current user is able to moderate comments’;


?> Changing the Name of a User Role

You can change the name of a User Role to something more suitable by using the following code snippet:

function change_default_role_name () {

global $wp_roles;

if ( ! isset( $wp_roles ) )

$wp_roles = new WP_Roles();

$wp_roles->roles[‘editor’][‘name’] = ‘Owner’;

$wp_roles->role_names[‘editor’] = ‘Owner’;


add_action(‘init’, ‘change_default_role_name’);

John Hewick

Author John Hewick

More posts by John Hewick