WordPress.org

Ready to get started?Download WordPress

Codex

Attention Interested in functions, hooks, classes, or methods? Check out the new WordPress Code Reference!

Roles and Capabilities

Contents

Description

WordPress uses a concept of Roles, designed to give the site owner the ability to control what users can and cannot do within the site. A site owner can manage the user access to such tasks as writing and editing posts, creating Pages, defining links, creating categories, moderating comments, managing plugins, managing themes, and managing other users, by assigning a specific role to each of the users.

WordPress has six pre-defined roles: Super Admin, Administrator, Editor, Author, Contributor and Subscriber. Each role is allowed to perform a set of tasks called Capabilities. There are many capabilities including "publish_posts", "moderate_comments", and "edit_users". A default set of capabilities is pre-assigned to each role, but other capabilites can be assigned or removed using the add_cap() and remove_cap() functions. New roles can be introduced or removed using the add_role() and remove_role() functions.

The Super Admin role allows a user to perform all possible capabilities. Each of the other roles has a decreasing number of allowed capabilities. For instance, the Subscriber role has just the "read" capability. One particular role should not be considered to be senior to another role. Rather, consider that roles define the user's responsibilities within the site.

Summary of Roles

  • Super Admin – somebody with access to the site network administration features and all other features. See the Create a Network article.
  • Administrator – somebody who has access to all the administration features within a single site.
  • Editor – somebody who can publish and manage posts including the posts of other users.
  • Author – somebody who can publish and manage their own posts.
  • Contributor – somebody who can write and manage their own posts but cannot publish them.
  • Subscriber – somebody who can only manage their profile.

Upon installing WordPress, an Administrator account is automatically created.

The default role for new users can be set in Administration Panels > Settings > General.

Roles

A Role defines a set of tasks a user assigned the role is allowed to perform. For instance, the Super Admin role encompasses every possible task that can be performed within a Network of virtual WordPress sites. The Administrator role limits the allowed tasks only to those which affect a single site. On the other hand, the Author role allows the execution of just a small subset of tasks.

The following sections list the default Roles and their capabilities:

Super Admin

Multisite Super Admins have, by default, all capabilities. The following Multisite-only capabilities are therefore only available to Super Admins:

In the case of single site WordPress installation, Administrators are, in effect, Super Admins. As such, they are the only ones to have access to additional admin capabilities.

Administrator

The capabilities of Administrators differs between single site and Multisite WordPress installations. All administrators have the following capabilities:

Additional Admin Capabilities

Only Administrators of single site installations have the following capabilities. In Multisite, only the Super Admin has these abilities:

Editor

Author

Contributor

Subscriber

Special Cases

The following capabilities are special cases:

  • unfiltered_upload - This capability is not available to any role by default (including Super Admins). The capability needs to be enabled by defining the following constant:
define( 'ALLOW_UNFILTERED_UPLOADS', true );

With this constant defined, all roles on a single site install will be given the unfiltered_upload capability, but only Super Admins will be given the capability on a Multisite install.

Capability vs. Role Table

Note that the capabilities of Administrators differs between single site and Multisite WordPress installations, as described above .

CapabilitySuper AdminAdministratorEditorAuthorContributorSubscriber
manage_network Y
manage_sites Y
manage_network_users Y
manage_network_plugins Y
manage_network_themes Y
manage_network_options Y
unfiltered_html Y
CapabilitySuper AdminAdministratorEditorAuthorContributorSubscriber
activate_plugins Y Y
create_users Y Y (single site)
delete_plugins Y Y
delete_themes Y Y (single site)
delete_users Y Y
edit_files Y Y
edit_plugins Y Y (single site)
edit_theme_options Y Y
edit_themes Y Y (single site)
edit_users Y Y (single site)
export Y Y
import Y Y
CapabilitySuper AdminAdministratorEditorAuthorContributorSubscriber
install_plugins Y Y (single site)
install_themes Y Y (single site)
list_users Y Y
manage_options Y Y
promote_users Y Y
remove_users Y Y
switch_themes Y Y
update_core Y Y (single site)
update_plugins Y Y (single site)
update_themes Y Y (single site)
edit_dashboard Y Y
CapabilitySuper AdminAdministratorEditorAuthorContributorSubscriber
moderate_comments Y Y Y
manage_categories Y Y Y
manage_links Y Y Y
edit_others_posts Y Y Y
edit_pages Y Y Y
edit_others_pages Y Y Y
edit_published_pages Y Y Y
publish_pages Y Y Y
delete_pages Y Y Y
delete_others_pages Y Y Y
delete_published_pages Y Y Y
delete_others_posts Y Y Y
delete_private_posts Y Y Y
edit_private_posts Y Y Y
read_private_posts Y Y Y
delete_private_pages Y Y Y
edit_private_pages Y Y Y
read_private_pages Y Y Y
CapabilitySuper AdminAdministratorEditorAuthorContributorSubscriber
edit_published_posts Y Y Y Y
upload_files Y Y Y Y
publish_posts Y Y Y Y
delete_published_posts Y Y Y Y
edit_posts Y Y Y Y Y
delete_posts Y Y Y Y Y
read Y Y Y Y Y Y
CapabilitySuper AdminAdministratorEditorAuthorContributorSubscriber

Capabilities

switch_themes

edit_themes

  • Since 2.0
  • Allows access to Appearance > Theme Editor to edit theme files.

edit_theme_options

install_themes

activate_plugins

edit_plugins

install_plugins

edit_users

edit_files

  • Since 2.0
  • Note: No longer used.

manage_options

  • Since 2.0
  • Allows access to Administration Panel options:
    • Settings > General
    • Settings > Writing
    • Settings > Reading
    • Settings > Discussion
    • Settings > Permalinks
    • Settings > Miscellaneous

moderate_comments

  • Since 2.0
  • Allows users to moderate comments from the Comments SubPanel (although a user needs the edit_posts Capability in order to access this)

manage_categories

manage_links

upload_files

import

unfiltered_html

  • Since 2.0
  • Allows user to post HTML markup or even JavaScript code in pages, posts, comments and widgets.
  • Note: Enabling this option for untrusted users may result in their posting malicious or poorly formatted code.
  • Note: In WordPress Multisite, only Super Admins have the unfiltered_html capability.

edit_posts

  • Since 2.0
  • Allows access to Administration Panel options:
    • Posts
    • Posts > Add New
    • Comments
    • Comments > Awaiting Moderation

edit_others_posts

  • Since 2.0
  • Allows access to Administration Panel options:
    • Manage > Comments (Lets user delete and edit every comment, see edit_posts above)
  • user can edit other users' posts through function get_others_drafts()
  • user can see other users' images in inline-uploading [no? see inline-uploading.php]
  • See Exceptions

edit_published_posts

  • Since 2.0
  • User can edit their published posts. This capability is off by default.
  • The core checks the capability edit_posts, but on demand this check is changed to edit_published_posts.
  • If you don't want a user to be able to edit their published posts, remove this capability. (see also this comment on the Role Manager Plugin Homepage).

publish_posts

  • Since 2.0
  • See and use the "publish" button when editing their post (otherwise they can only save drafts)
  • Can use XML-RPC to publish (otherwise they get a "Sorry, you can not post on this weblog or category.")

edit_pages

read

publish_pages

  • Since 2.1

edit_others_pages

  • Since 2.1

edit_published_pages

  • Since 2.1

delete_pages

  • Since 2.1

delete_others_pages

  • Since 2.1

delete_published_pages

  • Since 2.1

delete_posts

  • Since 2.1

delete_others_posts

  • Since 2.1

delete_published_posts

  • Since 2.1

delete_private_posts

  • Since 2.1

edit_private_posts

  • Since 2.1

read_private_posts

  • Since 2.1

delete_private_pages

  • Since 2.1

edit_private_pages

  • Since 2.1

read_private_pages

  • Since 2.1

delete_users

  • Since 2.1

create_users

  • Since 2.1

unfiltered_upload

  • Since 2.3

edit_dashboard

  • Since 2.5

update_plugins

  • Since 2.6

delete_plugins

  • Since 2.6

update_themes

  • Since 2.7

update_core

  • Since 3.0

list_users

  • Since 3.0

remove_users

  • Since 3.0

add_users

  • Since 3.0

promote_users

  • Since 3.0

delete_themes

  • Since 3.0

export

  • Since 3.0

edit_comment

  • Since 3.1

manage_network

  • Since 3.0
  • Multi-site only
  • Allows access to Super Admin menu
  • Allows user to upgrade network

manage_sites

  • Since 3.0
  • Multi-site only
  • Allows access to Network Sites menu
  • Allows user to add, edit, delete, archive, unarchive, activate, deactivate, spam and unspam new site/blog in the network

manage_network_users

manage_network_themes

manage_network_options

User Levels

Prior to version 2.0, WordPress used a user User Levels system. This was replaced in version 2.0 with the much improved and more extensible Roles and Capabilities system you see today. To maintain backwards compatibility with plugins that still use the user levels system (although this is very much discouraged), the default Roles in WordPress also include Capabilities that correspond to these levels. User Levels were finally deprecated in version 3.0.

CapabilityAdministratorEditorAuthorContributorSubscriber
level_10
level_9
level_8
level_7
level_6
level_5
level_4
level_3
level_2
level_1
level_0

User Level to Role Conversion

Change Log

  • 1.5: User Levels system was introduced.
  • 2.0: Roles and Capabilities system was introduced.
  • 3.0: User Levels system deprecated & Multisite Super Admins introduced.

Resources

Roles and Capabilities: