Roles and Capabilities

WordPress uses a concept of Roles, designed to give the site owner the ability to control what users can and cannot do within the site. A site owner can manage the user access to such tasks as writing and editing posts, creating Pages, creating categories, moderating comments, managing plugins, managing themes, and managing other users, by assigning a specific role to each of the users.

WordPress has six pre-defined roles: Super Admin, Administrator, Editor, Author, Contributor and Subscriber. Each role is allowed to perform a set of tasks called Capabilities. There are many capabilities including “publish_posts“, “moderate_comments“, and “edit_users“. A default set of capabilities is pre-assigned to each role, but other capabilities can be assigned or removed using the add_cap() and remove_cap() functions. New roles can be introduced or removed using the add_role() and remove_role() functions.

The Super Admin role allows a user to perform all possible capabilities. Each of the other roles has a decreasing number of allowed capabilities. For instance, the Subscriber role has just the “read” capability. One particular role should not be considered to be senior to another role. Rather, consider that roles define the user’s responsibilities within the site.

Summary of Roles #Summary of Roles

Super Admin – somebody with access to the site network administration features and all other features. See the Create a Network article.
Administrator (slug: ‘administrator’) – somebody who has access to all the administration features within a single site.
Editor (slug: ‘editor’) – somebody who can publish and manage posts including the posts of other users.
Author (slug: ‘author’) – somebody who can publish and manage their own posts.
Contributor (slug: ‘contributor’) – somebody who can write and manage their own posts but cannot publish them.
Subscriber (slug: ‘subscriber’) – somebody who can only manage their profile.

Upon installing WordPress, an Administrator account is automatically created.

The default role for new users can be set in Administration Screens > Settings > General.

Roles

A Role defines a set of tasks a user assigned the role is allowed to perform. For instance, the Super Admin role encompasses every possible task that can be performed within a Network of virtual WordPress sites. The Administrator role limits the allowed tasks only to those which affect a single site. On the other hand, the Author role allows the execution of just a small subset of tasks.

The following sections list the default Roles and their capabilities:

Super Admin

Multisite Super Admins have, by default, all capabilities. The following Multisite-only capabilities are therefore only available to Super Admins:

In the case of single site WordPress installation, Administrators are, in effect, Super Admins. As such, they are the only ones to have access to additional admin capabilities.

Administrator

All administrators have the following capabilities:

Additional Admin Capabilities

Only Administrators of single site installations have the following capabilities.

Editor

Top ↑

Author

Contributor

Subscriber

read

Capability vs. Role Table

Capability	Administrator	Editor	Author	Contributor	Subscriber
activate_plugins	Y (single site or enabled by network setting)
create_users	Y (single site)
delete_users	Y (single site)
edit_files	Y (single site)
edit_users	Y (single site)
export	Y
import	Y
Capability	Administrator	Editor	Author	Contributor	Subscriber
list_users	Y
manage_options	Y
promote_users	Y
remove_users	Y
edit_dashboard	Y
customize	Y
delete_site	Y
Capability	Administrator	Editor	Author	Contributor	Subscriber
moderate_comments	Y	Y
manage_categories	Y	Y
manage_links	Y	Y
edit_others_posts	Y	Y
edit_pages	Y	Y
edit_others_pages	Y	Y
edit_published_pages	Y	Y
publish_pages	Y	Y
delete_pages	Y	Y
delete_others_pages	Y	Y
delete_published_pages	Y	Y
delete_others_posts	Y	Y
delete_private_posts	Y	Y
edit_private_posts	Y	Y
read_private_posts	Y	Y
delete_private_pages	Y	Y
edit_private_pages	Y	Y
read_private_pages	Y	Y
unfiltered_html	Y (single site)	Y (single site)
unfiltered_html	Y	Y
Capability	Administrator	Editor	Author	Contributor	Subscriber
edit_published_posts	Y	Y	Y
upload_files	Y	Y	Y
publish_posts	Y	Y	Y
delete_published_posts	Y	Y	Y
edit_posts	Y	Y	Y	Y
delete_posts	Y	Y	Y	Y
Capability	Administrator	Editor	Author	Contributor	Subscriber
read	Y	Y	Y	Y	Y

Capabilities

edit_theme_options

Allows access to Administration Screens options:
- Appearance > Widgets
- Appearance > Menus
- Appearance > Customize if they are supported by the current theme
- Appearance > Header

activate_plugins #>span class="screen-reader-text">activate_plugins

Allows access to Administration Screens options:
- Plugins

edit_users

Allows access to Administration Screens options:
- Users

manage_options

Allows access to Administration Screens options:
- Settings > General
- Settings > Writing
- Settings > Reading
- Settings > Discussion
- Settings > Permalinks
- Settings > Miscellaneous

moderate_comments #moderate_comments

Allows users to moderate comments from the Comments Screen (although a user needs the edit_posts Capability in order to access this)

manage_categories

Allows access to Administration Screens options:
- Posts > Categories
- Links > Categories

manage_links

Allows access to Administration Screens options:
- Links
- Links > Add New

upload_files

Allows access to Administration Screens options:
- Media
- Media > Add New

import

Allows access to Administration Screens options:
- Tools > Import
- Tools > Export

edit_posts

Allows access to Administration Screens options:
- Posts
- Posts > Add New
- Comments
- Comments > Awaiting Moderation

edit_others_posts

Allows access to Administration Screens options:
- Manage > Comments (Lets user delete and edit every comment, see edit_posts above)
user can edit other users’ posts through function get_others_drafts()
user can see other users’ images in inline-uploading [no? see inline-uploading.php]
See Exceptions

edit_published_posts

User can edit their published posts. This capability is off by default.
The core checks the capability edit_posts, but on demand this check is changed to edit_published_posts.
If you don’t want a user to be able to edit their published posts, remove this capability.

publish_posts

See and use the “publish” button when editing their post (otherwise they can only save drafts)
Can use XML-RPC to publish (otherwise they get a “Sorry, you can not post on this weblog or category.”)

edit_pages

Allows access to Administration Screens options:
- Pages
- Pages > Add New

read

Allows access to Administration Screens options:
- Dashboard
- Users > Your Profile

publish_pages

edit_others_pages

edit_published_pages

delete_pages

delete_others_pages

delete_published_pages

delete_posts

delete_others_posts

delete_published_posts

delete_private_posts

edit_private_posts

read_private_posts

delete_private_pages

edit_private_pages

read_private_pages

delete_users

create_users

Allows creating new users.
- Without other capabilities, created users will have your blog’s New User Default Role.

unfiltered_upload

edit_dashboard

customize

Allows access to the Customizer.

delete_site

Allows the user to delete the current site.

list_users

Allows access to Administration Screens options:
- Users

remove_users

promote_users

Enables the “Change role to…” dropdown in the admin user list.
- This does not depend on ‘edit_users‘ capability.

export

edit_comment

create_sites

Allows user to create sites on the network

delete_sites

Allows user to delete sites on the network

Resources

Information

WordPress Capabilities
WordPress Roles and Capabilities at a Glance – A simplified visual representation of WordPress roles and capabilities