How to Set User Permissions in WordPress

If you are the only person managing a WordPress website, you probably never had to worry about user roles. However, when you need to grant other people access to the website or accounts to contribute posts, it is essential that you learn about user roles and permissions. Here's a guide to control what each user can or cannot do on the website.

The Basics of User Permissions and Roles in Wordpress

WordPress has over 70 permission options and 6 pre-defined roles. The website owner can add new user roles and permissions and edit user groups. Here are the six default WordPress user roles. 

1. Subscriber

The subscriber is the least capable user with the most limited permissions. This user can view content on the site and create and edit their own accounts on the WordPress platform. 

2. Contributor

In addition to the capabilities of a subscriber, a contributor can also create posts on a WordPress platform. However, that is about all a contributor can do since they cannot publish their posts or edit and delete them once published.

3. Author

An Author has all the permissions of a contributor but with greater autonomy. An author has complete control over the posts they create, and they can publish and even edit or delete them once published. An author can also add files to content and edit or delete comments left on their posts.

4. Editor

The role of an editor in WordPress is to manage content created by subscribers and authors. Some of the permissions of an editor include creating, publishing, modifying, or deleting posts and pages. They also have the permission to moderate comments and manage tags and categories on the platform.

5. Admin

The admin, or administrator, is in charge of the entire WordPress website. This user has complete control over the website or blog content, including plugins, updates, themes, and backend code. In addition, the administrator can add, modify, and remove users, including other administrators.

6. Super Admin

The super admin user oversees all WordPress sites in a network. In addition to all the permissions of an administrator, this user can also make network-wide changes to the platform, such as adding and removing sites, themes, and plugins across a network of sites.

WordPress makes it easy for the administrator to create, modify, and remove user permissions. As the website owner, you can also assign custom user permissions with elevated or limited privileges specific to individual users or user groups.

How to Create New User Permissions in WordPress

WordPress makes it easy to create users with new permissions using its User Role Editor tool. You must be logged in with administrator permissions to make these changes.

Step 1: On Admin Dashboard, go to Plugins > Add New and enter 'User Role Editor' in the 'Search plugins…' textbox.

Install the User Role Editor plugin. When installation is complete, click 'Activate' to… well, activate.

Step 2: Once the User Role Plugin is installed and activated, go to Users -> User Role Editor then click on Add Role button

Step 3: Assign the new user role a Role name (ID) and a Display Role Name. To duplicate permissions of an existing user, simply choose the user role in the 'Make copy of' dropdown.

Click Add Role to create the role.

How to Edit User Permissions in WordPress

You can use the User Role Editor plugin to modify the permissions of a user on the website.

Step 1: Go to Users > User Role Editor and select the user whose permissions you wish to modify. In this example, Proofreader.

Step 2: Check the permissions you wish to accord this user and uncheck those you wish to deny. You can check the 'Show capabilities in human readable form' just below the role to view permissions better.

Step 3: Click Update to apply the new permission changes and click Yes to confirm.

How to Add User Filters in WP Backend

Suppose your WordPress site has two sets of users. These could be mentors and mentees. The individual set of users should be set in the user meta. Here are the steps to achieve this:

Step 1: Access your WordPress site's backend code by going to Appearance > Theme File Editor.

Step 2: Click on the Theme Functions (functions.php) file on the right column of the screen.

Step 3: Create a filter dropdown filter function with a 'top' and 'bottom' arguments passed based on whether the user wants to filter user roles above or below the user list. Here is the code:

function filter_users($which)


// This is the filtering template

$st='<select name="user_role_%s" style="float:none;margin-left:10px;">

  <option value="">%s</option>%s</select>';

//Generate user options

$options = '<option value="mentor">Mentor</option>

    <option value="mentee">Mentee</option>';

// Combine the template with options

$select = sprintf( $st, $which, __( 'User Role...' ), $options);

// Output the <select> and submit buttons

echo $select;

 submit_button(__( 'Filter' ), null, $which, false);


Step 4: Add the function to 'restrict_manage_users' action using this code:

add_action('restrict_manage_users', 'filter_by_user_role');

Step 5: Create a new function to filter users by role and add it  to pre-get users using this code:

add_filter('pre_get_users', 'filter_by_user_role');

function filter_users_by_role($query)


  global $pagenow;

  If (is_admin() && 'users.php' == $pagenow){

// Move the filtering code in here.



Step 6: Click on the Update File button at the bottom of the screen to save it.

When the WordPress loads, you should be able to filter users by roles defined in the code.

Use 'meta_query' to Filter Users by Roles

WordPress stores user data in a custom user meta field. You can use meta_qury variable in the WP_User_Query instance to filter users by the custom roles set.

The meta_query variable requires that you pass an array of arrays, even when there is a single condition. Here, we can add it to the code snippet above like this:

add_filter('pre_get_users', 'filter_by_user_role');

function filter_users_by_role($query){

if (!is_admin()) {

return $query;


global $pagenow;

if ('users.php' === $pagenow){

// This ensures that we are modifying the query that triggers wp-admin/users.php page

$meta_query = array(


'Key' => 'user_role',

'Value' => mentor,

'Compare' => '='



$query->set('meta_query', $meta_query);


return $query;


This code returns a table that shows users whose key values are set to 'mentor'. You can copy the code and edit the value to 'mentee' to add another that returns users with the roles set to 'mentee'.