blaminhor’s News

How to Manage User Roles and Capabilities in WordPress

Blaminhor,

WordPress ships with five user roles: Administrator, Editor, Author, Contributor, and Subscriber. Each has a fixed set of capabilities. For a simple blog, this is fine. But the moment you need a “Support Agent” who can edit pages but not publish them, or a “Shop Manager” who can manage products but not install plugins, you’re stuck.

Managing WordPress user roles beyond the defaults requires either custom code or a dedicated tool.

The Limitations of Default WordPress Roles

Out of the box, WordPress doesn’t let you:

  • Modify the capabilities of existing roles.
  • Create new roles from the admin interface.
  • Grant specific capabilities to individual users.
  • Export or backup your role configuration.

To do any of this, you’d need to write PHP code in your functions.php file — and remember to remove it after it runs once, because role changes are stored in the database.

How to Edit WordPress User Roles and Capabilities

Activate the User Role Editor module in Blaminhor Essentials.

Create Custom Roles

Click “Add Role,” name it, and select capabilities. Start from scratch or clone an existing role as a starting point. Cloning the Editor role and removing a few capabilities is often faster than building from zero.

Edit Capabilities Per Role

Every WordPress capability is listed with a human-readable label — not just technical slugs like edit_others_posts. Check or uncheck capabilities for any role.

Need your Editor to manage WooCommerce products? Add the relevant capabilities. Want to prevent Authors from deleting their own posts? Uncheck it.

Per-User Capability Overrides

Sometimes one user needs a specific permission that their role doesn’t include. Instead of creating a whole new role for a single person, grant or revoke individual capabilities for that specific user. The override takes priority over their role.

Import and Export Roles

Save your entire WordPress user roles configuration as a JSON file. Move it to another site, share it with a client, or keep it as a backup before making changes.

Reset to WordPress Defaults

If your role configuration gets messy — maybe after uninstalling a plugin that added custom roles and capabilities — reset everything to the WordPress defaults with one click.

A Practical Example

You run a site with three editors and one intern.

  1. Clone the “Editor” role.
  2. Name the clone “Intern.”
  3. Remove publish_posts, publish_pages, delete_others_posts, and delete_others_pages.
  4. Assign the intern to this new role.

The intern can write drafts and edit their own content, but can’t publish anything or delete other people’s work. No code, no functions.php edits, no risk of breaking something on update.

Full Control Over Who Can Do What

WordPress’s default roles are a starting point. For real-world sites with teams, clients, and specific access requirements, you need granular control over user roles and capabilities.

Part of Blaminhor Essentials, free on WordPress.org.

Leave a Reply

Your email address will not be published. Required fields are marked *