Codex tools: Log in / create account
Languages: English • 日本語 • (Add your language)
The WordPress Roles feature is designed to give the blog owner the ability to control and assign what users can and cannot do in the blog. A blog owner must manage and allow access to such functions as writing and editing Posts, creating Pages, defining Links, creating Categories, moderating Comments, managing Plugins, managing Themes, and managing other users. The tool that gives the blog owner that control is the ability to assign a Role to a user.
WordPress Version 2.0 introduces the concept of Roles. The WordPress distribution comes delivered 'standard' with five pre-defined Roles: Administrator, Editor, Author, Contributor, and Subscriber. Each Role is allowed to perform a set of tasks called Capabilities. There are fifty (40 + 10 for backward compatibility) Capabilities including publish_posts, moderate_comments, and edit_users. The Capabilities are pre-assigned to each Role.
The Administrator Role is allowed to perform all possible Capabilities. Each of the other Roles has a decreasing number of allowed Capabilities. For instance, the Subscriber Role is allowed just the read and level_0. One particular Role should not be considered to be 'senior to' another Role. Rather, consider that Roles define the user's responsibilities within the blog.
Plugin developers will likely revise the 'standard' Roles and Capabilities because WordPress Developers left open the future possibility of assigning a user to one or more Roles, or assigning Capabilities directly to a User. Since Plugins might change Roles and Capabilities, just the 'standard' Roles and Capabilities are addressed in this article.
The person with the most important Role is that of blog owner. Typically, the blog owner is the person responsibile for maintaining and backing up the WordPress MySQL database as well as managing the WordPress repository of files (programs, scripts, plugins, themes, images, uploads). Ultimately, the smooth operation of a blog depends on the blog owner fulfilling this 'ultimate role'. Note: The blog owner, in many cases, also acts the Role of Administrator but may choose to assign other users the Administrator Role.
The default role for a new user can be set using the Settings General SubPanel.
The identity a particular user assumes in a blog is called their Role. A Role essentially describes the set of tasks, called Capabilities, a person is allowed to perform. For instance, the role of Administrator encompasses every possible task that can be performed within a WordPress blog. On the other hand, the Author role allows the execution of just a small subset of tasks.
WordPress 2.0 simplifies the User Level approach of WordPress 1.5 by rolling up adjacent levels with similar permissions into logical, named roles. For example, Level 0 is now assigned to the Subscriber role, while Levels 5-7 together make up the Editor role; The levels have been kept purely for backwards compatibility with older plugins, Plugin and Theme authors are strongly encouraged to use roles and/or capabilities in preference to using the older "level" style checking.
The following sections list the Roles and their Capabilities:
| Capability | admin | editor | author | contributor | subscriber |
|---|---|---|---|---|---|
| install_themes | |||||
| update_themes | |||||
| switch_themes | |||||
| edit_themes | |||||
| install_plugins | |||||
| activate_plugins | |||||
| edit_plugins | |||||
| update_plugins | |||||
| delete_plugins | |||||
| create_users | |||||
| edit_users | |||||
| delete_users | |||||
| edit_files | |||||
| manage_options | |||||
| import | |||||
| unfiltered_upload | |||||
| edit_dashboard | |||||
| moderate_comments | |||||
| manage_categories | |||||
| manage_links | |||||
| unfiltered_html | |||||
| edit_published_posts | |||||
| edit_others_posts | |||||
| edit_pages | |||||
| edit_others_pages | |||||
| edit_published_pages | |||||
| publish_pages | |||||
| delete_pages | |||||
| delete_others_pages | |||||
| delete_published_pages | |||||
| delete_others_posts | |||||
| delete_private_posts | |||||
| edit_private_posts | |||||
| read_private_posts | |||||
| delete_private_pages | |||||
| edit_private_pages | |||||
| read_private_pages | |||||
| upload_files | |||||
| publish_posts | |||||
| delete_published_posts | |||||
| edit_posts | |||||
| delete_posts | |||||
| read | |||||
| Level | admin | editor | author | contributor | subscriber |
| level_10 | |||||
| level_9 | |||||
| level_8 | |||||
| level_7 | |||||
| level_6 | |||||
| level_5 | |||||
| level_4 | |||||
| level_3 | |||||
| level_2 | |||||
| level_1 | |||||
| level_0 |
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
No longer used.
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows user to post HTML markup or even Javascript code in pages, posts, and comments.
Note: Enabling this option for untrusted users may result in their posting malicious code to your blog.
Allows access to Administration Panel options:
See Exceptions
User can edit his published posts. This capability is off by default.
The core checks the capability edit_posts, but on demand this check is changed to edit_published_posts.
If you don't want a user to be able edit his published posts, remove this capability. (see also this comment on the Role Manager Plugin Homepage).
User can
Allows access to Administration Panel options:
As far as I see all editors can edit each others' pages. [[[User:Scoop0901|Dave J. (Scoop0901)]] 16:38, 30 Jan 2007 (UTC) fixed typo]
Allows access to Administration Panel options:
Used nowhere in the core code except the menu.php
Since 2.1
Since 2.1
Since 2.1
Since 2.1
Since 2.1
Since 2.1
Since 2.1
Since 2.1
Since 2.1
Since 2.1
Since 2.1
Since 2.1
Since 2.1
Since 2.1
Since 2.1
Since 2.1
Since 2.1
Since 2.3
Since 2.5
Since 2.6
Since 2.6
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
User Level 0
User Level 1
User Levels 2, 3, and 4
User Levels 5, 6, and 7
User Level 8, 9, and 10
WP 2.7.1 does not allow Editors to edit the posts of Administrators. Given that "One particular Role should not be considered to be 'senior to' another Role ... "*, this may be a bug in this release. Either that, or some clarification is required in this article.