In the previous article, we’ve learned about user roles and how to add new users in WordPress. However, when dealing with user roles, you may find that WordPress has some limitations to add and remove the capabilities of user roles. For instance, by default, the Editor role in WordPress isn’t allowed to manipulate themes and plugins. But what if you want to give him / her these capabilities?
To solve this issue, you can use a plugin to customize user roles in WordPress. I’m going to use User Role Editor plugin to deal with the above case. However, keep in mind that your account must be Administrator or granted the capability for customizing user roles to work with this feature!
User Role Editor Plugin
There are a lot of plugins to customize user roles in the WordPress repository such as Members, Advanced Access Manager, Nav Menu Roles, WPFront User Role Editor, Capability Manager Enhanced, Role Scoper, … But the most popular and outstanding one is User Role Editor plugin.
This is a convenient and useful freemium plugin that is extremely easy to use. Note that I only use the free version in this article!
Configure User Roles in WordPress using Plugin
Step 1: Install and Activate the Plugin
User Role Editor plugin is free and available on wordpress.org, so just install and activate the plugin as usual. Go to Plugins > Add New on the Admin Dashboard, find the desired plugin, and then click Install Now.
Step 2: Set up the plugin
After you installed and activated the plugin, go to Settings > User Role Editor and set up the plugin before using it.
The settings interface will show up with five tabs below:
The General tab includes five options:
- Show Administrator role at User Role Editor: Changing the capabilities of this important role can cause security issues. Therefore, excerpt for really necessary cases, you should turn this feature off.
- Show capabilities in the human readable form: Typically, capabilities are displayed as code (for example,
edit_published_posts). This option renames the capabilities to make it easier for readers to understand (for example,
Edit published posts). Therefore, you should always check this box.
- Show deprecated capabilities: Previously, user roles in WordPress were named as levels 0 – 10. Nowadays, this naming method is no longer available. It only exists in some old themes and plugins. If you’re using such themes and plugins, enable this option to ensure User Role Editor plugin is compatible with them.
- Confirm role update: The plugin will require you to confirm before updating changes.
- Edit user capabilities: You should tick it by default to edit the capabilities.
Additional Modules Tab
This tab has only one item: Count users without role. In case there are users who haven’t received or registered a role yet, this option will help you find and manage these users easily.
Default Role Tab
When a new user registers an account, you can give him / her one (or some) default role in this tab.
In this tab, you can restore user roles to WordPress defaults. You should consider it carefully before clicking Reset because all the user data will be lost.
This tab contains some other information such as plugin version, author website link, FAQ page link, donate link, changelog, … If you have any questions about the plugin, contact the author or go to the FAQ page here.
Step 3: Configure the User Roles
To configure the user roles in WordPress, go to Users > User Role Editor. The plugin interface will show up like the below picture:
Select a User Role
In this section, choose the user role you want to customize. The list includes the WordPress default roles (Administrator, Editor, Author, Contributor, Subscriber) and other user roles added by users or plugins. For example, I choose the Editor role.
Additionally, on the right panel, you can also add new user roles (Add Role), rename the currently selected role (Rename Role), or delete user roles (Delete Role) – except for the WordPress default user roles.
Besides, after clicking Add Role, you can make a copy of the current user role.
Edit Capabilities of the Selected User Role
In the Group section, you can add / remove the capabilities of the selected user role. For example, I want to allow Editors to manipulate plugins, so I select Plugins in the All column on the left and tick the desired capabilities (install, delete, update plugins, …) in the right column.
There are two useful features that you can utilize to search for capabilities more quickly:
- Quickfilter: Use this feature to search for capabilities by their names.
- Granted Only: Each user role is granted different capabilities. This feature will filter out the capabilities that are currently granted for the selected user role.
In addition, you can add or delete capabilities yourself by these two buttons below:
- Add Capability: Note that the capability name is written only with Latin letters, numbers, and “_”. This option is quite advanced because it’s related to code, so if you aren’t an expert, skip it.
- Delete Capability: Note that User Role Editor plugin doesn’t support deleting the WordPress default capabilities
Finally, after you finished customizing user roles, don’t forget to click Update.
This is the Editor account on my website when I haven’t customize this user role yet:
And here is the result after I granted capabilities for the Editor role with User Role Editor plugin.
As you can see, after I customized the Editor role with User Role Editor plugin, the Plugin section showed up on the Admin Dashboard. From now on, Editors can install, activate, delete, edit, and update plugins on my site.
Utilizing User Role Editor plugin to appropriately add / remove capabilities and user roles in WordPress will help you manage users on your site easily, quickly, and efficiently. However, you should consider it carefully before granting some important capabilities to users (for example, install / uninstall themes and plugins; delete posts and pages; add / remove user roles; …) because they can unintentionally (or intentionally) cause some incidents. These incidents will affect the website operation and even lose your important data.
To prevent incidents caused by users on the site, you better should back up your website’s data.