WORDPRESS ROLE AND CAPABILITIES

WordPress uses a concept of Roles, designed to give the site owner the ability to control what users
can and cannot do within the site. A site owner can manage the user access to such tasks as writing
and editing posts, creating Pages, defining links, creating categories, moderating
comments, managing plugins, managing themes, and managing other users, by assigning a specific
role to each of the users.

WordPress has six pre-defined roles: Super

Admin, Administrator, Editor, Author, Contributor and Subscriber. Each role is allowed to perform a
set of tasks called Capabilities. There are many capabilities including "publish_posts",
"moderate_comments", and "edit_users". A default set of capabilities is pre-assigned to each role, but
other capabilities can be assigned or removed using the add_cap() andremove_cap() functions.
New roles can be introduced or removed using the add_role() and remove_role() functions.

The Super Admin role allows a user to perform all possible capabilities. Each of the other roles has a
decreasing number of allowed capabilities. For instance, the Subscriber role has just the "read"
capability. One particular role should not be considered to be senior to another role. Rather, consider
that roles define the user's responsibilities within the site.

Summary of Roles
 Super Admin – somebody with access to the site network administration features and all other
features. See the Create a Network article.
 Administrator (slug: 'administrator') – somebody who has access to all the administration
features within a single site.
 Editor (slug: 'editor') – somebody who can publish and manage posts including the posts of other
users.
 Author (slug: 'author') – somebody who can publish and manage their own posts.
 Contributor (slug: 'contributor') – somebody who can write and manage their own posts but
cannot publish them.
 Subscriber (slug: 'subscriber') – somebody who can only manage their profile.
Upon installing WordPress, an Administrator account is automatically created.

The default role for new users can be set in Administration Panels > Settings > General.

You can see a listing of all defined roles by accessing the role_names property of the
global WP_Roles object (which you can retrieve with wp_roles(), or, prior to version 4.3,
with global $wp_roles;).

Roles
A Role defines a set of tasks a user assigned the role is allowed to perform. For instance, the Super
Admin role encompasses every possible task that can be performed within a Network of virtual
WordPress sites. The Administrator role limits the allowed tasks only to those which affect a single
site. On the other hand, the Author role allows the execution of just a small subset of tasks.

The following sections list the default Roles and their capabilities:

Super Admin
Multisite Super Admins have, by default, all capabilities. The following Multisite-only capabilities are
therefore only available to Super Admins:

 create_sites
 delete_sites
 manage_network
 manage_sites
 manage_network_users
 manage_network_plugins
 manage_network_themes
 manage_network_options
 upgrade_network
 setup_network
In the case of single site WordPress installation, Administrators are, in effect, Super Admins. As such,
they are the only ones to have access to additional admin capabilities.

Administrator
The capabilities of Administrators differs between single site and Multisite WordPress installations. All
administrators have the following capabilities:

 activate_plugins
 delete_others_pages
 delete_others_posts
 delete_pages
 delete_posts
 delete_private_pages
 delete_private_posts
 delete_published_pages
 delete_published_posts
 edit_dashboard
 edit_others_pages
 edit_others_posts
 edit_pages
 edit_posts
 edit_private_pages
 edit_private_posts
 edit_published_pages
 edit_published_posts
 edit_theme_options
 export
 import
 list_users
 manage_categories
 manage_links
 manage_options
 moderate_comments
 promote_users
 publish_pages
 publish_posts
 read_private_pages
 read_private_posts
 read
 remove_users
 switch_themes
 upload_files
 customize
 delete_site
Additional Admin Capabilities

Only Administrators of single site installations have the following capabilities. In Multisite, only the
Super Admin has these abilities:

 update_core
 update_plugins
 update_themes
 install_plugins
 install_themes
 upload_plugins
 upload_themes
 delete_themes
 delete_plugins
 edit_plugins
 edit_themes
 edit_files
 edit_users
 create_users
 delete_users
 unfiltered_html
Editor
 delete_others_pages
 delete_others_posts
 delete_pages
 delete_posts
 delete_private_pages
 delete_private_posts
 delete_published_pages
 delete_published_posts
 edit_others_pages
 edit_others_posts
 edit_pages
 edit_posts
 edit_private_pages
 edit_private_posts
 edit_published_pages
 edit_published_posts
 manage_categories
 manage_links
 moderate_comments
 publish_pages
 publish_posts
 read
 read_private_pages
 read_private_posts
 unfiltered_html (not with Multisite. See Unfiltered MU & RemoveKses)
 upload_files
Author
 delete_posts
 delete_published_posts
 edit_posts
 edit_published_posts
 publish_posts
 read
 upload_files
Contributor
 delete_posts
 edit_posts
 read
Subscriber
 read
Special Cases
The following capabilities are special cases:

 unfiltered_upload - This capability is not available to any role by default (including Super
Admins). The capability needs to be enabled by defining the following constant:

define( 'ALLOW_UNFILTERED_UPLOADS', true );

With this constant defined, all roles on a single site install can be given the unfiltered_upload
capability, but only Super Admins can be given the capability on a Multisite install.

Capability vs. Role Table

Note that the capabilities of Administrators differs between single site and Multisite WordPress
installations, as described above .

Capability Super Admin Administrator Editor Author Contributor

create_sites Y

delete_sites Y

manage_network Y

manage_sites Y

manage_network_users Y

manage_network_plugins Y

manage_network_themes Y

manage_network_options Y

upload_plugins Y

upload_themes Y

upgrade_network Y

setup_network Y

Capability Super Admin Administrator Editor Author Contributor

activate_plugins Y Y
(single site or
enabled by network setting)

create_users Y Y (single site)

delete_plugins Y Y (single site)

delete_themes Y Y (single site)

delete_users Y Y (single site)

edit_files Y Y (single site)

edit_plugins Y Y (single site)

edit_theme_options Y Y

edit_themes Y Y (single site)

edit_users Y Y (single site)

export Y Y

import Y Y

Capability Super Admin Administrator Editor Author Contributor

install_plugins Y Y (single site)

install_themes Y Y (single site)

list_users Y Y

manage_options Y Y

promote_users Y Y

remove_users Y Y

switch_themes Y Y

update_core Y Y (single site)

update_plugins Y Y (single site)

update_themes Y Y (single site)

edit_dashboard Y Y

customize Y Y

delete_site Y Y

Capability Super Admin Administrator Editor Author Contributor

moderate_comments Y Y Y

manage_categories Y Y Y

manage_links Y Y Y

edit_others_posts Y Y Y

edit_pages Y Y Y

edit_others_pages Y Y Y

edit_published_pages Y Y Y

publish_pages Y Y Y

delete_pages Y Y Y

delete_others_pages Y Y Y
 delete_published_pages Y Y Y

delete_others_posts Y Y Y

delete_private_posts Y Y Y

edit_private_posts Y Y Y

read_private_posts Y Y Y

delete_private_pages Y Y Y

edit_private_pages Y Y Y

read_private_pages Y Y Y

unfiltered_html Y Y (single site) Y (single site)

Capability Super Admin Administrator Editor Author Contributor

edit_published_posts Y Y Y Y

upload_files Y Y Y Y

publish_posts Y Y Y Y

delete_published_posts Y Y Y Y

edit_posts Y Y Y Y Y

delete_posts Y Y Y Y Y

Capability Super Admin Administrator Editor Author Contributor

read Y Y Y Y Y

Capabilities
switch_themes
 Since 2.0
 Allows access to Administration Panel options:
 Appearance
 Appearance > Themes
edit_themes
 Since 2.0
 Allows access to Appearance > Theme Editor to edit theme files.
edit_theme_options
 Since 3.0
 Allows access to Administration Panel options:
 Appearance > Widgets
 Appearance > Menus
 Appearance > Customize if they are supported by the current theme
 Appearance > Background
 Appearance > Header
install_themes
 Since 2.8
 Allows access to Administration Panel options:
 Appearance > Add New Themes
 activate_plugins
 Since 2.0
 Allows access to Administration Panel options:
 Plugins
edit_plugins
 Since 2.0
 Allows access to Administration Panel options:
 Plugins > Plugin Editor
install_plugins
 Since 2.7
 Allows access to Administration Panel options:
 Plugins > Add New
edit_users
 Since 2.0
 Allows editing other users' profiles.
 This allows changing roles independently of 'promote_users' capability.
edit_files
 Since 2.0
 Note: No longer used.
manage_options
 Since 2.0
 Allows access to Administration Panel options:
 Settings > General
 Settings > Writing
 Settings > Reading
 Settings > Discussion
 Settings > Permalinks
 Settings > Miscellaneous
moderate_comments
 Since 2.0
 Allows users to moderate comments from the Comments SubPanel (although a user needs
the edit_posts Capability in order to access this)
manage_categories
 Since 2.0
 Allows access to Administration Panel options:
 Posts > Categories
 Links > Categories
manage_links
 Since 2.0
 Allows access to Administration Panel options:
 Links
 Links > Add New
upload_files
 Since 2.0
 Allows access to Administration Panel options:
 Media
 Media > Add New
import
 Since 2.0
 Allows access to Administration Panel options:
 Tools > Import
 Tools > Export
unfiltered_html
 Since 2.0
 Allows user to post HTML markup or even JavaScript code in pages, posts, comments and
widgets.
 Note: Enabling this option for untrusted users may result in their posting malicious or poorly
formatted code.
 Note: In WordPress Multisite, only Super Admins have the unfiltered_html capability.
edit_posts
 Since 2.0
 Allows access to Administration Panel options:
 Posts
 Posts > Add New
 Comments
 Comments > Awaiting Moderation
edit_others_posts
 Since 2.0
 Allows access to Administration Panel options:
 Manage > Comments (Lets user delete and edit every comment, see edit_posts above)
 user can edit other users' posts through function get_others_drafts()
 user can see other users' images in inline-uploading [no? see inline-uploading.php]
 See Exceptions
edit_published_posts
 Since 2.0
 User can edit their published posts. This capability is off by default.
 The core checks the capability edit_posts, but on demand this check is changed
to edit_published_posts.
 If you don't want a user to be able to edit their published posts, remove this capability.
publish_posts
 Since 2.0
 See and use the "publish" button when editing their post (otherwise they can only save drafts)
 Can use XML-RPC to publish (otherwise they get a "Sorry, you can not post on this weblog or
category.")
edit_pages
 Since 2.0
 Allows access to Administration Panel options:
 Pages
 Pages > Add New
read
 Since 2.0
 Allows access to Administration Panel options:
 Dashboard
 Users > Your Profile
 Used nowhere in the core code except the menu.php
publish_pages
 Since 2.1
edit_others_pages
 Since 2.1
 edit_published_pages
 Since 2.1
delete_pages
 Since 2.1
delete_others_pages
 Since 2.1
delete_published_pages
 Since 2.1
delete_posts
 Since 2.1
delete_others_posts
 Since 2.1
delete_published_posts
 Since 2.1
delete_private_posts
 Since 2.1
edit_private_posts
 Since 2.1
read_private_posts
 Since 2.1
delete_private_pages
 Since 2.1
edit_private_pages
 Since 2.1
read_private_pages
 Since 2.1
delete_users
 Since 2.1
 Allows deleting users from the blog.
create_users
 Since 2.1
 Allows creating new users.
 Without other capabilities, created users will have your blog's New User Default Role.
unfiltered_upload
 Since 2.3
edit_dashboard
 Since 2.5
customize
 Since 4.0
 Allows access to the Customizer.
delete_site
 Since 3.1
 Allows the user to delete the current site (Multisite only).
update_plugins
 Since 2.6
delete_plugins
 Since 2.6
update_themes
 Since 2.7
update_core
 Since 3.0
list_users
 Since 3.0
 Allows access to Administration Panel options:
 Users
remove_users
 Since 3.0
add_users
 Since 3.0
 Replaced in 4.4 with promote_users
promote_users
 Since 3.0
 Enables the "Change role to..." dropdown in the admin user list.
 This does not depend on 'edit_users' capability.
 Enables the 'Add Existing User' to function for multi-site installs.
delete_themes
 Since 3.0
export
 Since 3.0
edit_comment
 Since 3.1
create_sites
 Since 3.1
 Multi-site only
 Allows user to create sites on the network
delete_sites
 Since 3.1
 Multi-site only
 Allows user to delete sites on the network
manage_network
 Since 3.0
 Multi-site only
 Allows access to Super Admin menu
 Allows user to upgrade network
manage_sites
 Since 3.0
 Multi-site only
 Allows access to Network Sites menu
 Allows user to edit, archive, unarchive, activate, deactivate, spam, and unspam sites on the
network
manage_network_users
 Since 3.0
 Multi-site only
 Allows access to Network Users menu
manage_network_themes
 Since 3.0
 Multi-site only
 Allows access to Network Themes menu
manage_network_options
 Since 3.0
 Multi-site only
 Allows access to Network Options menu
manage_network_plugins
 Multi-site only
 Allows access to Network Plugins menu
upload_plugins
 Since 4.0
 Multi-site only
 Allows user to upload plugin ZIP files from the Network Plugins -> Add New menu
upload_themes
 Since 4.0
 Multi-site only
 Allows user to upload theme ZIP files from the Network Themes -> Add New menu
upgrade_network
 Since 4.8
 Multi-site only
 is used to determine whether a user can access the Network Upgrade page in the network admin.
Related to this, the capability is also checked to determine whether to show the notice that a
network upgrade is required. The capability is not mapped, so it is only granted to network
administrators. See #39205 for background discussion.
setup_network
 Since 4.8
 Multi-site only
 is used to determine whether a user can setup multisite, i.e. access the Network Setup page.
Before setting up a multisite, the capability is mapped to the `manage_options` capability, so that it
is granted to administrators. Once multisite is setup, it is mapped to `manage_network_options`, so
that it is granted to network administrators. See #39206 for background discussion.

User Levels
Prior to version 2.0, WordPress used a user User Levels system. This was replaced in version 2.0
with the much improved and more extensible Roles and Capabilities system you see today. To
maintain backwards compatibility with plugins that still use the user levels system (although this is
very much discouraged), the default Roles in WordPress also include Capabilities that correspond to
these levels. User Levels were finally deprecated in version 3.0.
 Capability Administrator Editor Author Contributor Subscriber
level_10

level_9

level_8

level_7

level_6

level_5

level_4

level_3

level_2

level_1

level_0

User Level to Role Conversion

 User Level 0 converts to Subscriber
 User Level 1 converts to Contributor
 User Level 2 converts to Author
 User Level 3 converts to Editor
 User Level 4 converts to Editor
 User Level 5 converts to Editor
 User Level 6 converts to Editor
 User Level 7 converts to Editor
 User Level 8 converts to Administrator
 User Level 9 converts to Administrator
 User Level 10 converts to Administrator

Change Log
 1.5: User Levels system was introduced.
 2.0: Roles and Capabilities system was introduced.
 3.0: User Levels system deprecated & Multisite Super Admins introduced.

Resources
Plugins
 Members Plugin
 Role Scoper Plugin
 User Access Manager
 Advanced Access Manager
 User Role Editor
 WordPress User Role Editor
 Simple Membership Plugin
 View Admin As (manage & test roles)
Information
 Ryan Boren's What's New in 2.0: Roles and Capabilities
 WordPress Capabilities
 WordPress Roles and Capabilities at a Glance - A simplified visual representation of WordPress
roles and capabilities
Dev
 Hackers email list Original User Capability discussion
 related functions: current_user_can(), user_can()
 You can set and get a user's role and capabilities programmatically using the WP_User class.
Other Codex Articles
Roles and Capabilities:
 add_role()
 remove_role()
 get_role()
 add_cap()
 remove_cap()
Categories:
 Getting Started
 Installation
 UI Link