Codex tools: Log in
Languages: English • Français • 日本語 • (Add your language)
WordPress uses a concept of Roles, designed to give the blog owner the ability to control and assign what users can and cannot do in the blog. A blog owner can manage and allow access to such functions as writing and editing posts, creating Pages, defining links, creating categories, moderating comments, managing plugins, managing themes, and managing other users. The tool that gives the blog owner this control is the ability to assign a Role to a user.
WordPress has five pre-defined Roles: Administrator, Editor, Author, Contributor and Subscriber. Each Role is allowed to perform a set of tasks called Capabilities. There are many Capabilities including publish_posts, moderate_comments, and edit_users. The default Capabilities are pre-assigned to each Role.
The Administrator Role is allowed to perform all possible Capabilities. Each of the other Roles has a decreasing number of allowed Capabilities. For instance, the Subscriber Role has just the read Capability (in addition to the level_0 Capability for backward compatibility). One particular Role should not be considered to be senior to another Role. Rather, consider that Roles define the user's responsibilities within the blog.
The WordPress Plugin API allows Roles and Capabilities to be added, removed and changed. Since Plugins might change Roles and Capabilities, just the default ones are addressed in this article.
Lors de l'installation de WordPress, un compte administrateur muni de toutes les [Capabilities] est automatiquement créé.
Le rôle par défaut attribué aux nouveaux utilisateurs peut être défini depuis le Settings General SubPanel.
A Role defines the set of tasks a user is allowed to perform. For instance, the role of Administrator encompasses every possible task that can be performed within a WordPress blog. On the other hand, the Author role allows the execution of just a small subset of tasks.
The following sections list the default Roles and their Capabilities:
| Capability | Administrator | Editor | Author | Contributor | Subscriber |
|---|---|---|---|---|---|
| install_themes | |||||
| update_themes | |||||
| switch_themes | |||||
| edit_themes | |||||
| install_plugins | |||||
| activate_plugins | |||||
| edit_plugins | |||||
| update_plugins | |||||
| delete_plugins | |||||
| create_users | |||||
| edit_users | |||||
| delete_users | |||||
| edit_files | |||||
| manage_options | |||||
| import | |||||
| unfiltered_upload | |||||
| edit_dashboard | |||||
| moderate_comments | |||||
| manage_categories | |||||
| manage_links | |||||
| unfiltered_html | |||||
| edit_published_posts | |||||
| edit_others_posts | |||||
| edit_pages | |||||
| edit_others_pages | |||||
| edit_published_pages | |||||
| publish_pages | |||||
| delete_pages | |||||
| delete_others_pages | |||||
| delete_published_pages | |||||
| delete_others_posts | |||||
| delete_private_posts | |||||
| edit_private_posts | |||||
| read_private_posts | |||||
| delete_private_pages | |||||
| edit_private_pages | |||||
| read_private_pages | |||||
| upload_files | |||||
| publish_posts | |||||
| delete_published_posts | |||||
| edit_posts | |||||
| delete_posts | |||||
| read |
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
No longer used.
Allows access to Administration Panel options:
Allows users to moderate comments from the Comments SubPanel (although a user needs the edit_posts Capability in order to access this)
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Allows user to post HTML markup or even JavaScript code in pages, posts, and comments.
Note: Enabling this option for untrusted users may result in their posting malicious or poorly formatted code to your blog.
Allows access to Administration Panel options:
See Exceptions
User can edit their published posts. This capability is off by default.
The core checks the capability edit_posts, but on demand this check is changed to edit_published_posts.
If you don't want a user to be able edit his published posts, remove this capability. (see also this comment on the Role Manager Plugin Homepage).
User can
Allows access to Administration Panel options:
Allows access to Administration Panel options:
Used nowhere in the core code except the menu.php
Since 2.1
Since 2.1
Since 2.1
Since 2.1
Since 2.1
Since 2.1
Since 2.1
Since 2.1
Since 2.1
Since 2.1
Since 2.1
Since 2.1
Since 2.1
Since 2.1
Since 2.1
Since 2.1
Since 2.1
Since 2.3
Since 2.5
Since 2.6
Since 2.6
Prior to version 2.0, WordPress used a user level system. This was replaced in version 2.0 with the much improved and more extensible Roles and Capabilities system you see today. To maintain backwards compatibility with plugins that still use the user levels system (although this is very much discouraged), the default Roles in WordPress also include Capabilities that correspond to these levels.
| Capability | Administrator | Editor | Author | Contributor | Subscriber |
|---|---|---|---|---|---|
| level_10 | |||||
| level_9 | |||||
| level_8 | |||||
| level_7 | |||||
| level_6 | |||||
| level_5 | |||||
| level_4 | |||||
| level_3 | |||||
| level_2 | |||||
| level_1 | |||||
| level_0 |
WP 2.7.1 does not allow Editors to edit the posts of Administrators. Given that "One particular Role should not be considered to be 'senior to' another Role ... "*, this may be a bug in this release. Either that, or some clarification is required in this article.
