Custom roles in wordpress
It is a known security suggestion that the website is better off without user with username “admin” in it’s back-end.
Another concern (on none security matter) is a site administrator with small or total lack of WordPress knowledge – something that can lead to mismanaged, messy content entering or even worse – layout breakage.
The best solutions I see is to create a user with less abilities than “Administrator” but still let the user access features which are not available in the next hierarchy user level – the “Editor”.
So… let’s create custom roles in WordPress…
In order to implement this we will use a snippet of code using add_role()
function to add a new role called “Site manager” to WordPress.
Creating new role
The following snippet need to be added to the functions.php file and executed by visiting any of the admin pages:
function add_site_manager_role() {
$site_manager = add_role( 'site_manager', 'Site Manager', array(
'read' => true,
'activate_plugins' => false,
'create_users' => false,
'delete_others_pages' => true,
'delete_others_posts' => true,
'delete_pages' => true,
'delete_plugins' => false,
'delete_posts' => true,
'delete_private_pages' => true,
'delete_private_posts' => true,
'delete_published_pages' => true,
'delete_published_posts' => true,
'delete_users' => false,
'edit_dashboard' => true,
'edit_files' => true,
'edit_others_pages' => true,
'edit_others_posts' => true,
'edit_pages' => true,
'edit_posts' => true,
'edit_private_pages' => true,
'edit_private_posts' => true,
'edit_published_pages' => true,
'edit_published_posts' => true,
'edit_theme_options' => true,
'export' => false,
'import' => false,
'list_users' => false,
'manage_categories' => true,
'manage_links' => false,
'manage_options' => true,
'moderate_comments' => true,
'promote_users' => false,
'publish_pages' => true,
'publish_posts' => true,
'read_private_pages' => true,
'read_private_posts' => true,
'remove_users' => false,
'switch_themes' => false,
'unfiltered_upload' => true,
'upload_files' => true
));
}
add_action( 'admin_init', 'add_site_manager_role' );
Now the newly created role should appear among the other roles in the drop-down of new user creation page.
List of available capabilities can be found at the codex.
Note that this will write the new role data to the database, so the snippet can be deleted or commented out from the functions.php file.
Managing role’s the capabilities
In order to add/remove capabilities, we use add_cap() and remove_cap() fiunctions against the role object:
$role = get_role( 'site_manager' );
$role->add_cap( 'upload_files' );
$role->remove_cap( 'edit_comment' );
Removing the role
In order to remove the role, remove_role() function is used: remove_role( 'site_manager' );
Note that this is also writes settings to the database, so this also may be commented out or deleted.
CONCLUSION
There are a lot of decent plug-ins available to manage roles at the back-end, but in case if only one role need to be created – one may choose to avoid plug-in installation and create custom roles in WordPress manually.