How to Create New User Roles in WordPress?

WordPress, like many other content management systems, groups users according to what permissions they are granted upon account creation. These groups are called “user roles” and are immensely useful to create a secure website. Each user should be only given enough permissions to perform the actions they are allowed to and nothing more.

In this article, we will examine WordPress default user roles and see a few ways on how to add additional user roles with a specific set of permissions each.

Our team at Themelocation is comprised of WordPress developers of high expertise

  • We can maintain, support and manage your single, or all your clients, website with dedication
  • Our skills are at your disposal.

Book a Call

Table of contents
Default user roles in WordPress and Woocommerce
Why create new user roles
Getting ready
Add a new user role
Fine-tune user roles with “User Role Editor”
Fine-tune user roles with “Members”
Wrapping up

Default user roles in WordPress and WooCommerce

WordPress default user roles

By default, WordPress has the following user roles:

  • Administrator
    The administrator of a site has almost full permissions to perform any action, including actions that could break the site. They can update WordPress core, themes and plugins, delete or install new themes and plugins, create or delete users and more. You should, ideally, use the administrator role only when necessary. The daily tasks of writing and publishing posts should be delegated to a user role with less permissions, even on a single-person site.
  • Editor
    The editor has most permissions related to publishing. They can update, publish, unpublish or delete posts and pages, even those created by other users.
  • Author
    Like the editor, the author has most necessary permissions related to publishing, however, these permissions are limited only to posts that they create. An author cannot publish or edit a page, or modify posts created by other users.
  • Contributor
    The contributor can write and edit posts, but cannot publish them. Contributor’s posts remain as drafts in the dashboard, until an editor or administrator reviews and publishes them.
  • Subscriber
    A subscriber can simply create an account and read posts. In some sites, the user must be at least a subscriber in order to leave a comment.
  • (for WordPress multisite only): Super Admin
    In a multisite, the Super Admin has all the capabilities of the Administrator, while the Administrator has limited abilities in comparison – a simple administrator in a multisite cannot update the core, themes or plugins, or install or delete themes and plugins.

WooCommerce default user roles

WooCommerce, when installed, adds the following user roles:

  • Customer
    A customer account is similar to the subscriber account, they can view posts and edit their own profile information. They have the additional ability to view their past orders
  • Shop Manager
    A user with the shop manager role is the equivalent to an editor. They can create and edit WooCommerce products, change WooCommerce settings and view reports.

You can find more information about user roles and capabilities in the WordPress and WooCommerce documentation

Why create new user roles

Why would you want to create new user roles? The two most important reasons would be:

  1. You need to create groups of users with a specific set of capabilities, for example, only users in this group can see some of your posts, or can buy some of your products. If that’s the case, you might also want to check our previous post on membership plugins, if you need a full-fledged solution to convert your site to a membership site.
  2. You want to add or remove one or two capabilities from a default user role. In this case, using a membership plugin might seem an overkill, so let’s explore some additional options in how to add a new user role.

Getting ready

Before doing any code modifications, it’s always a good idea to take a full backup of our site and make sure that we have FTP access or access to cPanel or Plesk or other control panel with access to a file manager.

If you wonder what is the best way to add code snippets to your site, have a look at our previous article about safely adding PHP code.

Add a new user role

Let’s create a new user role called “Team Member”, that can create, edit or delete their own pages and update WooCommerce products. You can find a full list of possible capabilities in the WordPress documentation.

Here is the snippet we will use:

function tl_my_custom_role() {
  $roles_set = get_option( 'my_roles_are_set' );
  if( !$roles_set ){
    add_role('team_member', 'Team Member', array(
      'read' => true,
      'delete_posts' => true,
      'edit_posts' => true,
      'edit_published_posts' => true,
      'publish_posts' => true,
      'delete_pages' => true,
      'edit_pages' => true,
      'edit_published_pages' => true,
      'publish_pages' => true,
      'read' => true,
      'upload_files' => true,
      'manage_woocommerce' => true
    ));
    update_option('my_roles_are_set',true);
  }
}
add_action('after_setup_theme','tl_my_custom_role');

In the add_role function, we can define the slug of the user role (here team_member) and the name used to display this role in the dashboard, that can have capitalization, or spaces (here Team Member). Then we define as true all the capabilities from the WordPress documentation that we want our user to have.

The edit_posts, edit_published_posts and publish_posts allow the user to write, edit and publish their own posts, while edit_pages, edit_published_pages, publish_pages allow them to edit and publish their own pages. The manage_woocommerce option gives them all the capabilities of the WooCommerce “Shop Manager” role.

Now the administrator can select the new user role from the “Role” drop-down at the user’s profile:

screenshot of user roles dropdown

Please note here that we just added this user role in the database, by hooking to the add_role function. If we later want to remove this role, removing the snippet won’t do; we need to programmatically delete the role from the database as well. The following snippet will remove the user role:

function tl_remove_my_role() {
  remove_role( 'team_member' );
}
add_action( 'init', 'tl_remove_my_role' );

Fine-tune user roles with “User Role Editor

Manually creating, updating and fine-tuning user roles can be tedious, and quite error prone. Fortunately, there is a plugin that allows us to do just that, from the dashboard. Let’s install the User Role Editor plugin.

Upon installing and activating the User Role Editor plugin, a new submenu appears under “Users” on the dashboard.

User Role Editor settings screenshot

This makes it much easier to edit capabilities, add or remove user roles, but, again, it pays off to be familiar with WordPress capabilities, as defined in the documentation.

Let’s try to add a new role. As you see in the following screenshot, the popup allows us to type the slug and the display name of the new role, but also to copy all the permissions of one of the existing roles. This gives us a huge headstart, if we want the new role to only differ in a few capabilities of an existing use role.

Add new role screenshot

This plugin can be considered as a graphical user interface to WordPress capabilies management, a bit spartan and requires to know what you are doing, but certainly can make things much easier.

Fine-tune user roles with “Members

Members – Membership & User Role Editor Plugin is another plugin that helps manage user roles. Written by a well acclaimed WordPress developer, Justin Tadlock and acquired by the same team that publishes the Memberpress plugin for membership sites, it is guaranteed to work well with your website.

Its main difference with the previous plugin is that the settings screen seems much more user-friendly. When you select the new “Members” entry on your dashboard and click on “Add new role”, you are presented with the following screen:

Screenshot of Members Add new role screen

The options are neatly arranged in categories, and the options are presented by default with human readable names.

Members, similarly to User Role Editor, gives the option to clone or edit an existing role, and allows to overview all the users in each specific role. Members has some additional features. It allows you to assign a user to more than one role, to apply content permissions (that is to restrict certain posts or pages from being viewed by certain user roles), and also to make the entire site private for all logged-out users.

Screenshot of content permissions on a page

It’s worth noting that Members comes with quite a few free addons, ready to be activated if you so wish. You will find addons for integration with WooCommerce, with Advanced Custom Fields, as well as addons to accept payment for your restricted content.

Wrapping up

In this article we examined the default user roles provided by WordPress and WooCommerce. The topic of WordPress built-in capabilities (essentially the permissions that each role has) is huge. In this tutorial, we saw how to add or remove a user role with a code snippet, as well as how to manage user roles with plugins such as the User Role Editor plugin or the Members – Membership & User Role Editor Plugin.

We hope this article was useful. Please leave a comment if you have used any of these methods and how they worked for you!

Waqas

I hope you enjoy reading this blog post. If you want my team to do WooCommerce Maintenance for you, click here.

Leave a Comment

Your email address will not be published. Required fields are marked *