Roles and Capabilities (original) (raw)

WordPress uses a concept of Roles, designed to give the site owner the ability to control what users can and cannot do within the site. A site owner can manage the user access to such tasks as writing and editing posts, creating Pages, creating categories, moderating comments, managing plugins, managing themes, and managing other users, by assigning a specific role to each of the users.

WordPress has six pre-defined roles: Super Admin, Administrator, Editor, Author, Contributor and Subscriber. Each role is allowed to perform a set of tasks called Capabilities. There are many capabilities including “publish_posts“, “moderate_comments“, and “edit_users“. A default set of capabilities is pre-assigned to each role, but other capabilities can be assigned or removed using the add_cap() and remove_cap() functions. New roles can be introduced or removed using the add_role() and remove_role() functions.

The Super Admin role allows a user to perform all possible capabilities. Each of the other roles has a decreasing number of allowed capabilities. For instance, the Subscriber role has just the “read” capability. One particular role should not be considered to be senior to another role. Rather, consider that roles define the user’s responsibilities within the site.

Summary of Roles

Super Admin – somebody with access to the site network administration features and all other features. See the Create a Network article.
Administrator (slug: ‘administrator’) – somebody who has access to all the administration features within a single site.
Editor (slug: ‘editor’) – somebody who can publish and manage posts including the posts of other users.
Author (slug: ‘author’) – somebody who can publish and manage their own posts.
Contributor (slug: ‘contributor’) – somebody who can write and manage their own posts but cannot publish them.
Subscriber (slug: ‘subscriber’) – somebody who can only manage their profile.

Upon installing WordPress, an Administrator account is automatically created.

The default role for new users can be set in Administration Screens > Settings > General.

Roles

A Role defines a set of tasks a user assigned the role is allowed to perform. For instance, the Super Admin role encompasses every possible task that can be performed within a Network of virtual WordPress sites. The Administrator role limits the allowed tasks only to those which affect a single site. On the other hand, the Author role allows the execution of just a small subset of tasks.

The following sections list the default Roles and their capabilities:

Super Admin

Multisite Super Admins have, by default, all capabilities. The following Multisite-only capabilities are therefore only available to Super Admins:

create_sites
delete_sites
manage_network
manage_sites
manage_network_users
manage_network_plugins
manage_network_themes
manage_network_options
upgrade_network
setup_network

In the case of single site WordPress installation, Administrators are, in effect, Super Admins. As such, they are the only ones to have access to additional admin capabilities.

Administrator

The capabilities of Administrators differs between single site and Multisite WordPress installations. All administrators have the following capabilities:

activate_plugins
delete_others_pages
delete_others_posts
delete_pages
delete_posts
delete_private_pages
delete_private_posts
delete_published_pages
delete_published_posts
edit_dashboard
edit_others_pages
edit_others_posts
edit_pages
edit_posts
edit_private_pages
edit_private_posts
edit_published_pages
edit_published_posts
edit_theme_options
export
import
list_users
manage_categories
manage_links
manage_options
moderate_comments
promote_users
publish_pages
publish_posts
read_private_pages
read_private_posts
read
remove_users
switch_themes
upload_files
customize
delete_site

Additional Admin Capabilities

Only Administrators of single site installations have the following capabilities. In Multisite, only the Super Admin has these abilities:

update_core
update_plugins
update_themes
install_plugins
install_themes
delete_themes
delete_plugins
edit_plugins
edit_themes
edit_files
edit_users
add_users
create_users
delete_users
unfiltered_html

Special Cases

The following capabilities are special cases:

unfiltered_upload – This capability is not available to any role by default (including Super Admins). The capability needs to be enabled by defining the following constant:

define( 'ALLOW_UNFILTERED_UPLOADS', true );

With this constant defined, all roles on a single site install can be given the unfiltered_upload capability, but only Super Admins can be given the capability on a Multisite install.

Capability vs. Role Table

Note that the capabilities of Administrators differs between single site and Multisite WordPress installations, as described above .

Capability	Super Admin	Administrator	Editor	Author	Contributor	Subscriber
create_sites	yes	x	x	x	x	x
delete_sites	yes	x	x	x	x	x
manage_network	yes	x	x	x	x	x
manage_sites	yes	x	x	x	x	x
manage_network_users	yes	x	x	x	x	x
manage_network_plugins	yes	x	x	x	x	x
manage_network_themes	yes	x	x	x	x	x
manage_network_options	yes	x	x	x	x	x
upload_plugins	yes	x	x	x	x	x
upload_themes	yes	x	x	x	x	x
upload_network	yes	x	x	x	x	x
upgrade_network	yes	x	x	x	x	x
setup_network	yes	x	x	x	x	x
activate_plugins	yes	yes (single site or enabled by network setting)	x	x	x	x
create_users	yes	yes (single site)	x	x	x	x
delete_plugins	yes	yes (single site)	x	x	x	x
delete_themes	yes	yes (single site)	x	x	x	x
delete_users	yes	yes (single site)	x	x	x	x
edit_files	yes	yes (single site)	x	x	x	x
edit_plugins	yes	yes (single site)	x	x	x	x
edit_theme_options	yes	yes	x	x	x	x
edit_themes	yes	yes (single site)	x	x	x	x
edit_users	yes	yes (single site)	x	x	x	x
export	yes	yes	x	x	x	x
import	yes	yes	x	x	x	x
install_plugins	yes	yes (single site)	x	x	x	x
install_themes	yes	yes (single site)	x	x	x	x
list_users	yes	yes	x	x	x	x
manage_options	yes	yes	x	x	x	x
promote_users	yes	yes	x	x	x	x
remove_users	yes	yes	x	x	x	x
switch_themes	yes	yes	x	x	x	x
update_core	yes	yes (single site)	x	x	x	x
update_plugins	yes	yes (single site)	x	x	x	x
update_themes	yes	yes (single site)	x	x	x	x
edit_dashboard	yes	yes	x	x	x	x
customize	yes	yes	x	x	x	x
delete_site	yes	yes	x	x	x	x
moderate_comments	yes	yes	yes	x	x	x
manage_categories	yes	yes	yes	x	x	x
manage_links	yes	yes	yes	x	x	x
edit_others_posts	yes	yes	yes	x	x	x
edit_pages	yes	yes	yes	x	x	x
edit_others_pages	yes	yes	yes	x	x	x
edit_published_pages	yes	yes	yes	x	x	x
publish_pages	yes	yes	yes	x	x	x
delete_pages	yes	yes	yes	x	x	x
delete_others_pages	yes	yes	yes	x	x	x
delete_published_pages	yes	yes	yes	x	x	x
delete_others_pos	yes	yes	yes	x	x	x
delete_private_posts	yes	yes	yes	x	x	x
edit_private_posts	yes	yes	yes	x	x	x
read_private_posts	yes	yes	yes	x	x	x
delete_private_pages	yes	yes	yes	x	x	x
edit_private_pages	yes	yes	yes	x	x	x
read_private_pages	yes	yes	yes	x	x	x
unfiltered_html	yes	yes (single site)	yes (single site)	x	x	x
unfiltered_html	yes	yes	yes	x	x	x
edit_published_posts	yes	yes	yes	yes	x	x
upload_files	yes	yes	yes	yes	x	x
publish_posts	yes	yes	yes	yes	x	x
delete_published_posts	yes	yes	yes	yes	x	x
edit_posts	yes	yes	yes	yes	yes	x
delete_posts	yes	yes	yes	yes	yes	x
read	yes	yes	yes	yes	yes	yes

Capabilities

switch_themes

Since 2.0
Allows access to Administration Screens options:
- Appearance
- Appearance > Themes

edit_themes

Since 2.0
Allows access to Appearance > Theme Editor to edit theme files.

edit_theme_options

Since 3.0
Allows access to Administration Screens options:
- Appearance > Widgets
- Appearance > Menus
- Appearance > Customize if they are supported by the current theme
- Appearance > Header

install_themes

Since 2.8
Allows access to Administration Screens options:
- Appearance > Add New Themes

activate_plugins

Since 2.0
Allows access to Administration Screens options:
- Plugins

edit_plugins

Since 2.0
Allows access to Administration Screens options:
- Plugins > Plugin Editor

install_plugins

Since 2.7
Allows access to Administration Screens options:
- Plugins > Add New

edit_users

Since 2.0
Allows access to Administration Screens options:
- Users

edit_files

Since 2.0
Note: No longer used.

manage_options

Since 2.0
Allows access to Administration Screens options:
- Settings > General
- Settings > Writing
- Settings > Reading
- Settings > Discussion
- Settings > Permalinks
- Settings > Miscellaneous
Since 2.0
Allows users to moderate comments from the Comments Screen (although a user needs the edit_posts Capability in order to access this)

manage_categories

Since 2.0
Allows access to Administration Screens options:
- Posts > Categories
- Links > Categories

manage_links

Since 2.0
Allows access to Administration Screens options:
- Links
- Links > Add New

upload_files

Since 2.0
Allows access to Administration Screens options:
- Media
- Media > Add New

import

Since 2.0
Allows access to Administration Screens options:
- Tools > Import
- Tools > Export

unfiltered_html

Since 2.0
Allows user to post HTML markup or even JavaScript code in pages, posts, comments and widgets.
Note: Enabling this option for untrusted users may result in their posting malicious or poorly formatted code.
Note: In WordPress Multisite, only Super Admins have the unfiltered_html capability.

edit_posts

Since 2.0
Allows access to Administration Screens options:
- Posts
- Posts > Add New
- Comments
- Comments > Awaiting Moderation

edit_others_posts

Since 2.0
Allows access to Administration Screens options:
- Manage > Comments (Lets user delete and edit every comment, see edit_posts above)
user can edit other users’ posts through function get_others_drafts()
user can see other users’ images in inline-uploading [no? see inline-uploading.php]
See Exceptions

edit_published_posts

Since 2.0
User can edit their published posts. This capability is off by default.
The core checks the capability edit_posts, but on demand this check is changed to edit_published_posts.
If you don’t want a user to be able to edit their published posts, remove this capability.

publish_posts

Since 2.0
See and use the “publish” button when editing their post (otherwise they can only save drafts)
Can use XML-RPC to publish (otherwise they get a “Sorry, you can not post on this weblog or category.”)

edit_pages

Since 2.0
Allows access to Administration Screens options:
- Pages
- Pages > Add New

read

Since 2.0
Allows access to Administration Screens options:
- Dashboard
- Users > Your Profile
Used nowhere in the core code except the menu.php

publish_pages

Since 2.1

edit_others_pages

Since 2.1

edit_published_pages

Since 2.1

delete_pages

Since 2.1

delete_others_pages

Since 2.1

delete_published_pages

Since 2.1

delete_posts

Since 2.1

delete_others_posts

Since 2.1

delete_published_posts

Since 2.1

delete_private_posts

Since 2.1

edit_private_posts

Since 2.1

read_private_posts

Since 2.1

delete_private_pages

Since 2.1

edit_private_pages

Since 2.1

read_private_pages

Since 2.1

delete_users

Since 2.1

create_users

Since 2.1
Allows creating new users.
- Without other capabilities, created users will have your blog’s New User Default Role.

unfiltered_upload

Since 2.3

edit_dashboard

Since 2.5

customize

Since 4.0
Allows access to the Customizer.

delete_site

Since 4.0
Allows the user to delete the current site (Multisite only).

update_plugins

Since 2.6

delete_plugins

Since 2.6

update_themes

Since 2.7

update_core

Since 3.0

list_users

Since 3.0
Allows access to Administration Screens options:
- Users

remove_users

Since 3.0

add_users

Since 3.0
Replaced in 4.4 with promote_users

promote_users

Since 3.0
Enables the “Change role to…” dropdown in the admin user list.
- This does not depend on ‘edit_users‘ capability.
Enables the ‘Add Existing User’ to function for multi-site installs.

delete_themes

Since 3.0

export

Since 3.0
Since 3.1

create_sites

Since 3.1
Multi-site only
Allows user to create sites on the network

delete_sites

Since 3.1
Multi-site only
Allows user to delete sites on the network

manage_network

Since 3.0
Multi-site only
Allows access to Super Admin menu
Allows user to upgrade network

manage_sites

Since 3.0
Multi-site only
Allows access to Network Sites menu
Allows user to add, edit, delete, archive, unarchive, activate, deactivate, spam and unspam new site/blog in the network

manage_network_users

Since 3.0
Multi-site only
Allows access to Network Users menu

manage_network_themes

Since 3.0
Multi-site only
Allows access to Network Themes menu

manage_network_options

Since 3.0
Multi-site only
Allows access to Network Options menu

manage_network_plugins

Multi-site only
Allows access to Network Plugins menu

upload_plugins

Since 4.0
Multi-site only
Allows user to upload plugin ZIP files from the Network Plugins -> Add New menu

upload_themes

Since 4.0
Multi-site only
Allows user to upload theme ZIP files from the Network Themes -> Add New menu

upgrade_network

Since 4.8
Multi-site only
is used to determine whether a user can access the Network Upgrade page in the network admin. Related to this, the capability is also checked to determine whether to show the notice that a network upgrade is required. The capability is not mapped, so it is only granted to network administrators. See #39205 for background discussion.

setup_network

Since 4.8
Multi-site only
is used to determine whether a user can setup multisite, i.e. access the Network Setup page. Before setting up a multisite, the capability is mapped to the `manage_options` capability, so that it is granted to administrators. Once multisite is setup, it is mapped to `manage_network_options`, so that it is granted to network administrators. See #39206 for background discussion.