Manage User Roles and Capabilities in WordPress
WordPress's five fixed roles rarely match a real team. Create custom roles, edit capabilities with plain-English labels, override per user, and undo any change from an automatic snapshot.
WordPress gives you exactly five roles, each with a fixed set of powers—and real sites almost never fit neatly into five boxes. The moment you need a “Support Agent” who can edit pages but not publish, or an intern who writes drafts but can’t delete anyone else’s work, or a shop manager who touches products but not plugins, the defaults run out. The usual fix is fiddly functions.php code you have to remember to remove afterward. There’s a safer, visual way—and it can undo its own mistakes.
The essentials
- WordPress has five fixed roles and no admin way to edit their capabilities or add new ones.
- The module lets you create, clone, rename and delete roles, and edit every capability with a human-readable label, grouped by area.
- Per-user overrides: grant or revoke a single capability for one user without inventing a new role.
- Automatic snapshots: it saves the previous role setup before changes, so you can restore it—plus a one-click reset to defaults.
- Safe by default: editing the Administrator role is locked, and you can only grant capabilities you hold yourself—no privilege escalation.
Why aren’t the default roles enough?
Out of the box, WordPress won’t let you modify an existing role’s capabilities, create a new role from the admin, grant a specific capability to one user, or export your configuration. The only native path is writing PHP into functions.php—and because role changes are written to the database once, you then have to remember to remove that code, or it keeps re-applying. It’s the kind of task that’s easy to get subtly wrong and awkward to reverse.
A proper role editor turns all of that into a visual, reversible interface. Before you start bending them, here are the five roles WordPress gives you and where each one stops:
| Core role | What it can do (per WordPress) | Don’t hand it to |
|---|---|---|
| Administrator | Full control—content, plugins, users, settings | Anyone who only needs to manage content |
| Editor | Manage all content, including others’ posts and pages | A writer who should only touch their own work |
| Author | Publish and manage their own posts | Someone who shouldn’t publish without review |
| Contributor | Write posts, but not publish them | Anyone who needs to publish directly |
| Subscriber | Manage their own profile only | Anyone who needs to create content |
How do you edit roles and capabilities?
Open the User Role Editor module and every role appears with its capabilities as plain-English checkboxes, grouped by area. From there you add, clone, rename or delete roles, toggle any capability, override permissions for a single user, and import or export the whole setup as JSON. An automatic snapshot lets you undo a bad change.
Activate the User Role Editor module in Blaminhor Essentials.
Capabilities grouped and labelled in plain English—so you’re toggling “Edit others’ posts,” not decoding edit_others_posts.
Create, clone and rename roles
Click Add Role, name it, and pick capabilities from scratch—or clone an existing role as a starting point (cloning Editor and removing a few powers is usually faster than building up from nothing). You can also rename roles and delete ones you no longer need.
Edit capabilities with real labels
Every capability is listed with a human-readable label and grouped by area, not just raw slugs like edit_others_posts. Check or uncheck to shape a role: add WooCommerce product capabilities to your Editor, or stop Authors from deleting their own posts. What each toggle does is legible at a glance.
Override capabilities per user
Sometimes one person needs one extra permission their role doesn’t include. Instead of creating a whole role for a single user, grant or revoke individual capabilities for that user—the override takes priority over their role. You can also assign multiple roles to a user right on the native WordPress profile screen when that fits better than a bespoke role.
Import, export and reset
Save your entire configuration as a JSON file to move to another site, hand to a client, or keep as a backup before a big change. You can also import from the standalone “User Role Editor” plugin if you’re migrating, and reset everything to WordPress defaults in one click when things get messy—say, after removing a plugin that left custom roles behind.
A practical example
You run a site with three editors and one intern:
- Clone the Editor role.
- Rename the clone “Intern.”
- Remove
publish_posts,publish_pages,delete_others_postsanddelete_others_pages. - Assign the intern to the new role.
The intern can write drafts and edit their own content, but can’t publish or delete other people’s work—no code, no functions.php edits, and if you got a capability wrong, the snapshot has your back.
Full control over who can do what
WordPress’s five roles are a starting point, not a straitjacket. For real teams, clients and specific access rules, you need capability-level control—and the confidence to change it knowing a snapshot can put things back. That combination is what makes granular permissions actually usable day to day.
If you’re shaping different experiences per role, it pairs well with the Classic Editor module’s per-role editor choice—decide not just what each role can do, but which editor they see.
User Role Editor is one of the 20+ tools in Blaminhor Essentials—free and open-source on WordPress.org.
– blaminhor
FAQ
What are the default WordPress user roles?
WordPress ships with five: Administrator (full control), Editor (manage all content), Author (publish their own posts), Contributor (write but not publish) and Subscriber (profile only). Each has a fixed set of capabilities, and core gives you no admin-interface way to change them or add new roles.
What's the difference between a role and a capability?
A capability is a single permission—like « publish posts » or « delete others' pages ». A role is a named bundle of those capabilities, such as Editor or Author. You assign roles to users for convenience, but under the hood WordPress is really checking individual capabilities on every action a user tries to take.
Can I give one user an extra permission without changing their role?
Yes. The module supports per-user capability overrides: you grant or revoke individual capabilities for a single user, and that override takes priority over their role. It's the clean way to handle a one-off—no need to invent a whole new role for one person who needs one extra permission.
What happens to custom roles if I deactivate the plugin?
They stay. Roles are written to the WordPress database once, not held in memory, so custom roles and edited capabilities survive deactivating the plugin. That's handy, but worth knowing: to fully remove a custom role you delete it in the editor or reset to defaults, not just switch the plugin off.
What happens to existing users when I delete their role?
Reassign those users first. If you delete a role while users are still assigned to it, they're left without a valid role and lose the matching capabilities until you give them another. The safe order is always: move everyone to a replacement role, then delete the now-empty one.
What if I break my role configuration?
The User Role Editor takes an automatic snapshot before role changes and lets you restore a previous configuration, so a bad edit is reversible. You can also reset everything to WordPress defaults in one click. As a safeguard, editing the Administrator role is disabled by default to prevent locking yourself out.
Comments