How to Create a Custom User Role in WordPress


By

When building a website with a CMS, flexibility is always welcome. Thankfully, WordPress has more than its share, with themes and plugins that allow us to create a highly custom experience.

But its flexibility goes beyond just those extra things we can install. It’s actually baked right into the core of the software.

The ability to create custom user roles is a shining example. Today, we’ll take a look at what they are, why you’d want to use them, and a few different techniques for creating them.



Fine Grain Control Over User Permissions

In every WordPress installation, you already have access to a selection of default user roles. They allow us to designate what users can and can’t do in the back end (a.k.a. Dashboard) of the website.

This makes perfect sense. Not everyone who manages content needs to have administrative privileges. Therefore, we can assign each user a role based on need. It’s a great security measure and can better ensure against mishaps or even someone binge-installing plugins.

This also works on the front end as well. If you only want logged-in users to see specific content, you can build this functionality into your theme or add it via a membership plugin.

But while the default user roles (Administrator, Editor, Author, Contributor, and Subscriber) are useful, there are times when you need that extra bit of control. That’s why WordPress provides the ability to create your own custom roles.

When to Use a Custom Role

A custom user role can come in handy in several scenarios. Here are a few of the more common ones you might face:

You Have Users Who Manage Different Content Types

By default, WordPress comes with two key public-facing content types: Posts and Pages. But it’s easy to add more through the use of custom post types. You might, for example, create post types for things like press releases or staff members. Plus, various plugins may also install their own post types as well.

Large organizations may have several different types of content, with specific people in mind to manage each one. In this case, a default user role wouldn’t be ideal, as it might provide access to the whole lot (or the opposite, depending on your setup). A custom role, however, would allow different users to see only the post type(s) you assign them.

A User Needs to Do Just One Thing

There are occasions where a user may need a unique level of access to features on your website. For instance, let’s say you run an online course. You might have a team member who needs access to the entire course on the front and back ends to ensure it works correctly and that the content is accurate.

If all this team member needs to do is focus on the course itself, an administrator account may be overkill. With a custom user role, they can do their job without wading through any unnecessary options.

You Need to “Level up” an Existing Role

Sometimes, an existing WordPress user role is near perfect. But maybe there is that one extra thing a user needs to access.

Take the Author role. By default, they can publish posts – but not pages. Normally, you’d have to bump the user up to Editor. That might be fine in some instances. However, there could be other capabilities included that you don’t want this particular user to access. Here, creating a custom role may be the best option.

How to Create a Custom User Role

There are two different methods for creating a custom WordPress user role. The first is by adding some code to a custom plugin or your theme’s functions.php file. The second is by installing one of the many available plugins that enable you to create and edit roles.

The method you utilize really depends on personal preference. If you want the ability to pick and choose user capabilities in a visual manner, a plugin makes the most sense. But if you’re comfortable with code and/or don’t want other administrators to play with settings, adding a snippet may be for you.

Either way, we’ll get you started with a few code examples and a selection of plugins as well.

First, it’s recommended that you study up on the various user capabilities that WordPress offers. Also note that custom post types can have their custom capabilities as well. This can come in handy in the first example scenario we mentioned above.

Method #1: Add a Code Snippet

In this example, we’re going to create a user role named “Staff Member.” This includes all of the capabilities of the Author role, but with the additional ability to edit and publish pages.

Each capability we’re assigning to the role is listed in the snippet below and is set to “true.” The exception here is that we don’t want users with this role to delete published pages, so we’re explicitly setting this to “false” – just to be safe.

Again, this code would go into your theme’s functions.php file or optionally into a custom plugin.

/* Create Staff Member User Role */
add_role(
    'staff_member', //  System name of the role.
    __( 'Staff Member'  ), // Display name of the role.
    array(
        'read'  => true,
        'delete_posts'  => true,
        'delete_published_posts' => true,
        'edit_posts'   => true,
        'publish_posts' => true,
        'upload_files'  => true,
        'edit_pages'  => true,
        'edit_published_pages'  =>  true,
        'publish_pages'  => true,
        'delete_published_pages' => false, // This user will NOT be able to  delete published pages.
    )
);

Once we’ve saved this code and refreshed our website in the browser, we can add a new user with this role.

WordPress Add New User screen.

When our user with the Staff Member role logs in, they can see both pages and posts.

The logged-in user sees Posts and Pages.

Another alternative would be to simply add a few capabilities to the existing Author role. We can do this via the add_cap() function:

/* Upgrade the Author Role */
function author_level_up() {
    // Retrieve the  Author role.
    $role = get_role(  'author' );
    
    // Let's add a set  of new capabilities we want Authors to have.
    $role->add_cap(  'edit_pages' );
    $role->add_cap(  'edit_published_pages' );
    $role->add_cap(  'publish_pages' );
}
add_action( 'admin_init', 'author_level_up');

Both of these code snippets essentially do the same thing. However, adding the new Staff Member role might be best in cases where you already have users with the Author role and don’t want them to have extra capabilities.

Method 2: Use a Plugin

The functionality above can be easily replicated through the use of a plugin. Several have been created for this type of user role and capability management. They offer an advantage in that they utilize a GUI and add a layer of convenience to the whole process.

Let’s take a look at a few of the more popular options:

User Role Editor

With User Role Editor, adding or removing capabilities for a role is as simple as checking or unchecking a box in the settings. You also have the ability to create your own custom user roles and set whatever capabilities are needed. The plugin also supports multisite installs of WordPress as well.

WPFront User Role Editor

WPFront User Role Editor offers similar capabilities, letting you add or edit user roles. But it also allows administrators to migrate users from one role to another and assign multiple roles to individual users.

Advanced Access Manager

If you’re looking for something with a broader scope, Advanced Access Manager may be a good choice for you. It offers role and capability management, plus the ability to control access to frontend and backend features like menus and widgets.

Know Your Roles

The ability to create custom user roles is just one more reason to love WordPress. It’s something very niche, yet it can be extremely helpful when you need something that goes beyond the default roles.

So, the next time you find yourself in a situation where control of user capabilities is needed, know that you have this powerful tool at your disposal.


Top
This page may contain affiliate links. At no extra cost to you, we may earn a commission from any purchase via the links on our site. You can read our Disclosure Policy at any time.