PHPMatters Help You Better Hosting Your PHP-based Sites
How to Control WordPress User Permissions - Roles Management Tricks

How to Control WordPress User Permissions – Roles Management Tricks

WordPress is a powerful CMS that can limit the access rights for different users in a single website. By default, the roles offered by WordPress include Administrator, Editor, Author, Contributor, and Subscriber. To put it detail, Author is the role that allows users to publish posts, while the Contributor is a role that allows users to write posts,but not to post, for users can only submit the posts for review.

Without doubt, limiting the role is a good idea to control and manage your website. But now, the default roles in WordPress may not be sufficient for some webmasters. For instance, if you would like to allow the contributors to publish the posts without review, the default version cannot allow you to do so. In this case, you can make use of some WordPress plugins to control WordPress user permissions in a free way. In the following, we’d like to take User Role Editor as an example.

Control WordPress User Permissions with User Role Editors

Firstly, you need to install this plugin from your WordPress Admin area. Also, you can download it from the official website of the WordPress.org and use the file transfer protocol to upload the ZIP files manually. After you have installed and activated the User Role Editor, you can find it under the User menu.

Now, you can select the user roles at the setting page. The list contains all the default and custom user roles. By moving the mouse on the question marks of the roles or loading the user role profile, you can know clearly what the role can do, and thus decide whether to choose it or not.

In order to change the user permissions, you need to check or uncheck the capability boxes. Also, there is a “Select All” function on the right-hand side, with which you can enable all capabilities at a time.

User Role Editor Core Capability

In addition to the core capabilities, the User Role Editor also lists the capabilities about additional functions that you can define via themes or plugins. For this, simply check the Custom Capabilities, and use the buttons of Add Role, Add Capability and Delete Role to meet your needs.

User Role Editor Custom Capability

Here, you can add or delete new roles and the associated capabilities. If you would like create a new role based on the existing one, you can select and copy the permission from those options from the drop down menu of “Make copy of”. This action helps to save much time for you to enable the necessary capabilities again.

Here is a situation that you have multiple authors for the blog posting, and only one author does not fulfill your requirements. Therefore, you would like to restrict him not to publish posts. Note that you only have one author bearing such issue, so you do not want to update the capabilities for the author role, and even create the new user role for all authors. In this case, User Role Editor allows you to control the user permissions at a user level.

Change Capabilities

You can do this from WordPress user list page by clicking the Capabilities link next to the username of your website users. Then, as the following image shows, you can simply remove the permission of that author on the page based on your needs.

Change Capabilities Page

In fact, from WordPress admin > Settings > User Role Editor, you can multiple settings including the display of the administrator within the User Role Editor, the capabilities in a readable format, the capabilities that have been previously removed. Also, in the Default Roles tab, you can decide the default permissions that you can assign to users when they sign up your website.

Introduction of the 3 Alternatives to User Role Editor

In addition to the User Role Editor, there are other alternatives for you to select, which all have its advanced features.

Advanced Access Manager – Advanced Access Manager can be regarded as one of the strongest security tools for access control in WordPress. It defines the access of your posts, backend areas and pages and eventually improves the security. In addition to the single blog post, Advanced Access Manage gives a chance for you to customize the control over multisite network.

Role Scoper – Role Scoper is a great solution for access security, which is a comprehensive tool offering control over editing and reading permissions. Through Role Scoper, you can assign restrictions and roles for specific posts, categories and pages as you wish.

WPFront User Role Editor – WPFront User Role Editor is easy to use for you to manage user roles. Via this plugin, you can edit, create, manage and delete capabilities, as well as copying the existing roles if needed.