How to Create a Custom User Role in WordPress

Question

How do I make a new type of user for my website that can do specific things?

What steps should I follow to programmatically create a custom user role in WordPress with specific capabilities using the add_role function?

Answer 1

Andy answered • Jan 2, 2025

Creating Custom User Roles in WordPress

Basic Approach

Creating custom user roles in WordPress can be done in two ways:

Programmatically using add_role()
Using role management plugins

Programmatic Solution

Here's how to create a custom role during theme/plugin activation:

Basic role creation with essential capabilities:

function create_custom_editor_role() {
    add_role(
        'custom_editor',
        'Custom Editor',
        array(
            'read' => true,
            'edit_posts' => true,
            'delete_posts' => true,
            'upload_files' => true
        )
    );
}
register_activation_hook(__FILE__, 'create_custom_editor_role');

Adding more specific capabilities to the role:

function create_advanced_editor_role() {
    $capabilities = array(
        'read' => true,
        'edit_posts' => true,
        'edit_others_posts' => true,
        'edit_published_posts' => true,
        'publish_posts' => true,
        'delete_posts' => true,
        'delete_published_posts' => true,
        'upload_files' => true,
        'moderate_comments' => true
    );
    
    add_role('advanced_editor', 'Advanced Editor', $capabilities);
}

Best Practices

Always check if role exists before creating:

function safely_add_role() {
    $role = get_role('custom_editor');
    if (!$role) {
        add_role('custom_editor', 'Custom Editor', array(
            'read' => true,
            'edit_posts' => true
        ));
    }
}

Remove roles when plugin/theme is deactivated:

function remove_custom_roles() {
    remove_role('custom_editor');
}
register_deactivation_hook(__FILE__, 'remove_custom_roles');

Security Considerations

Never grant manage_options capability unless absolutely necessary
Follow the principle of least privilege
Test thoroughly before deployment
Consider capabilities inheritance

Common Pitfalls

Not checking for existing roles
Forgetting to remove roles on deactivation
Granting too many capabilities
Not testing role capabilities thoroughly

Using Plugins

For non-developers, these plugins offer user-friendly interfaces:

User Role Editor

Visual role management
Easy capability editing
https://wordpress.org/plugins/user-role-editor/

Members

Role management
Content permissions
https://wordpress.org/plugins/members/

Additional Tips

Check existing role capabilities:

function check_role_caps($role_name) {
    $role = get_role($role_name);
    if ($role) {
        return $role->capabilities;
    }
    return false;
}

Update existing role capabilities:

function update_role_capability($role_name, $capability, $grant = true) {
    $role = get_role($role_name);
    if ($role) {
        $role->add_cap($capability, $grant);
        return true;
    }
    return false;
}

Debugging

Test if a user has specific capabilities:

function test_user_capability($user_id, $capability) {
    $user = get_user_by('id', $user_id);
    if ($user && user_can($user, $capability)) {
        return true;
    }
    return false;
}

Remember to clear your browser cache and possibly refresh WordPress permissions by logging out and back in after making role changes.