One of WordPress’ key features is its user management system, which allows website owners to control who can access their site and what they can do once they are logged in, two important aspects of security. In this article, we will explore how to create a custom WordPress role, in this case specifically to manage other users.
What is a WordPress Role?
A WordPress role is a predefined set of permissions that determine what a user can or cannot do on a WordPress site. WordPress comes with several built-in rolls, each with a specific set of capabilities:
- Administrator: Has the highest level of access in WordPress, with the ability to perform all tasks on the site, including creating and deleting users, adding and managing themes and plugins, and changing site settings.
- Editor: Can manage and publish all posts, pages, and custom post types, including those written by others. Can also moderate comments.
- Author: Can publish and manage their own posts, as well as upload media, but cannot edit or publish posts or pages written by others, nor can they moderate comments.
- Contributor: Can write and edit their own posts, but cannot publish them. They can submit posts for review but are not allowed to upload files.
- Subscriber: Can only read content on the site and manage their own profile.
(Read more about roles in the WordPress documentation.)
Why Create a WordPress Users Manager Role?
Sometimes the built-in WordPress roles do not provide enough flexibility for website owners to manage user capabilities. For example, you may want to allow a site manager to add and delete users. The only built-in WordPress role that allows managing users is the administrator role. However, you do not want to give this role to the site manager if you do not also want to allow him or her to manage plugins. Even though you trust your site manager, you may doubt that he or she could fix your website if installing a plug-in turns out to break your site.
Creating a custom role will help improve security by preventing your site manager from trying something he or she is not equipped to do, no matter how well-intentioned this person may be.
How to Create a Users Manager Role Using a Plugin
One of the easiest ways to create a custom users manager role is by using a WordPress plugin. There are several plugins available for this purpose, such as User Role Editor, Members, or User Role Manager. In this example, we will use the Members plugin.
Here are the steps to create this role using the Members plugin:
- Install and activate the Members plugin from the WordPress repository.
- Go to Users > Roles in the WordPress dashboard.
- Click the “Add New” button to create a new role.
- Enter a name for the new role, such as “Users Manager.”
- Select the capabilities you want to assign to the role from the checkboxes on the right-hand side.
- Click the “Save Role” button to save your changes.
- Go to Users > All Users in the WordPress dashboard.
- Find the user you want to assign the new role to and click the “Edit” button.
- Under the “Role” section, select the new “Users Manager” role from the dropdown menu.
- Click the “Update User” button to save your changes.
You can modify the capabilities assigned to the user manager role at any time by going to Users > Roles and editing the role you created.
Assigning Multiple Roles to the Same User
Another feature of the Members plugin, as well as similar plugins, is the ability to assign multiple roles to a single user. As an example, I wanted to assign to the same user both the “shop manager” capabilities provided by the WooCommerce plugin and the capability to manage users.
In this case, doing so caused a problem: While the dual role allowed both managing products and seeing all of the users, the “edit” link did not appear when viewing the list of user records. It turned out that the WooCommerce plug-in specifically denied to shop managers the ability to edit users. Otherwise, assigning these two roles to the same user would have worked beautifully.
When creating a custom role, you are presented with two columns of checkboxes: “Allow” and “Deny”. If a user is assigned one role that explicitly denies a capability (rather than simply not including “Allow” for that capability) and another role that allows it, “Deny” takes precedence.
There are two possible solutions to this problem. One is to create a custom role that copies all of the capabilities of WooCommerce’s shop manager but leaves out the explicit denial of user editing, and then assign to the same user both the new role and the custom users manager role. The other option is to combine both of those roles into a single custom roll.
I chose the first solution to keep the option of separately assigning the users manager role by itself. I foresaw a future possibility where I might want to assign this role to someone who should not also be managing products. Your own situation may be different.
How to Create a Users Manager Role Using PHP Code
If you prefer to create your custom users manager role using PHP code, you can do so by adding a few lines of code to the functions.php file of your child theme. (You could also create a custom plugin, giving you the option of retaining your custom roles even when you switch themes. How to do so is beyond the scope of this article, though it is not much more difficult. I am not talking here about a full-blown plug-in with lots of user options, such as the Members plugin has, but a simple plugin that adds a single new role.)
Adding the code:
- Open your functions.php file in a code editor.
- Add the following code to create a new role called “Users Manager”:
add_role(
'users_manager',
__( 'Users Manager' ),
array(
'read' => true,
'edit_users' => true,
'create_users' => true,
'delete_users' => true,
'list_users' => true,
'promote_users' => true
)
);
- Save your changes and refresh your WordPress dashboard.
You can modify the capabilities assigned to the user manager role by changing the values in the array above. For example, to allow the role to edit users but not create them or delete them, change these as follows (and be sure to keep those commas and single quotes):
'create_users' => false,
'delete_users' => false,
In case you are wondering, the ‘promote_users’ capability in the code above allows users to promote other users to any role lower than or equal to their own. For example, a users manager may need to promote a contributor to an author role to give them the ability to publish their own posts. With the ‘promote_users’ capability, the users manager can do this without needing the administrator role.
(For technical documentation about the WordPress add_role() function, read more at WordPress Developer Resources.)
Summary
WordPress roles are a powerful tool for managing user access to your website. By creating a custom users manager role, you can provide specific permissions to users who need to manage other users on your site. You can create this role using a plugin or by adding PHP code to your functions.php file. Whichever method you choose, make sure to test your new role thoroughly before putting it into production and assigning it to any of your users.
Need help customizing your WordPress site? Just contact me!