How to change WordPress User Role capabilities

User Roles

User Roles

Every WordPress blog owner knows that WordPress 2.8 and higher user standard roles are: Administrator, Editor, Author, Contributor, Subscriber.
What is the difference? What the “Author” can do but “Contributor” can not? Comprehensive information about it can be found here, at
But where all that data are stored? How to change the role if you really need it? Interested? Read this article and you will get some answers on that questions. Recently I met with the following problem at the multi-authored blog. User with role “Author” can upload images to the blog server, but can not use it in his/her posts. Any HTML tags are immediately removed from post text after “Author” saves his draft or post. The same user with role “Editor” stores post with all HTML tags he includes in it with success. The problem is that WordPress automatically applies HTML filters to all author’s content if he has not “unfiltered_html” capability in his role. The “Author” role has not such capability in WordPress by default. So if you wish to give your authors the ability to include images or other media staff into their posts, you are in the right place.
First of all, user roles data are stored in the MySQL database table which is named ‘wp_options’ by default. You need to have one of MySQL client software (MyPHPAdmin, MySQLyog, etc.) to connect to your blog MySQL database and go ahead with text of this post further.
This SQL command help you find the record containing information about WordPress user roles:

SELECT * FROM wp_options WHERE option_name="wp_user_roles"

As the result we can see that user roles data is stored in the option_value field as the text string of the special format. To be exact, it is a format which can be used to read from and write to the PHP array.


Here we see that:

  • a:number:{ is the begin of array and “number” is the number of array elements. For example “a:5:{” at the begin of the string means that roles array consists of 5 element. Remember that WordPress has exactly 5 roles.
  • s:number:"string"; – “s” is the type of string element, number is the quant of chars in the string. E.g. s:6:"author";
  • b:1; – means the Boolean element with value “1” or “True”
  • That’s almost all. We can see that capabilities are stored inside roles in the “Name-Boolean value” format. Now we should to find the “unfiltered_html” capability in the “Editor” role, copy the sequence s:15:"unfiltered_html";b:1; from there and paste it into the “Author” role, just after s:12:"upload_files";b:1; capability. To finish the role change we have to increase to 1 the quant of elements in the “Author” role array. By default the “Author” role has 10 capabilities or in this special format a:10:{s:12:"upload_files". To finish the role update we need to change 10 to 11, and finally have this a:11:{s:12:"upload_files" inside the “Author” role.
    What is left? Just update MySQL table wp_options to store your changes. Use this SQL command for that:

     UPDATE `wp_options` 
    SET option_value='changed value here' WHERE option_id=NN;

    Do not forget to replace ‘changed value here’ with modified user roles data from the previous query and ‘NN’ on the wp_options table record Id from the same query.
    Warning! Make a backup of wp_options table first. Just after making the fresh backup go ahead with any update SQL command.

    Congratulations, we changed WordPress user role without change the line of PHP code.

    I got the information about WordPress user roles storage mechanism from this file wp-admin\includes\schema.php
    If you wish to change user role capabilities for the WordPress MU blog please read “How to change WordPress MU user role capabilities” post.

    If material shown above is little difficult for you or you have new ideas about user role capabilities valid list more often than 1 time a year consider to use my “User Role Editor” WordPress plugin.
    It offers user interface to make the correction of the user role data easy and convenient way.
    Thank you.

    Tags: ,

  • You should develop plugins instead of writing posts 😉
    Just kidding! Nice job!

  • shinephp

    Thanks. I describe my actions. Just to not forget if I need to make the same thing in the future :).

  • You should develop plugins instead of writing posts 😉
    Just kidding! Nice job!

  • shinephp

    Thanks. I describe my actions. Just to not forget if I need to make the same thing in the future :).

  • Glen

    Shinephp –

    BRILLIANT post, and U've got me looking @ my problem from a different angle.
    You wouldn't happen to have any idea what the command is when looking in a WordPressMU database would you?
    I need to add media upload capability to “Contributors”, but I can't use a plug in r Module as WPMU been integrated into Joomla.
    Any thoughts?

  • Pingback: How to change WordPress MU User Role capabilities |

  • shinephp

    Thanks. I made a new post to answer on your question about WPMU user role changing. Please read it at “How to change WordPress MU user role capabilities” post.

  • Jason

    I tried this to add ability to edit pages for 'authors', but it did not have any effect. I tired about 10 times, read the post again and again, but was unsuccessful. It seems there is some other spot where the roles are controlled in addition to this. Thoughts? Thanks!

  • shinephp

    Hi Jason,
    What version of WordPress do you use? Is it WordPress MU?
    Please show me the SQL query you use to update the user role options value. I will try to help you.

  • Pingback: User Role Editor WordPress plugin |

  • András Jacsó

    Nice post mate! You might have some thoughts on this:
    Table: wp_usermeta
    umeta_id: 10
    user_id: 1
    meta_key: wpshpcrt_usr_profile
    meta_value: a:14:{i:3;s:6:”Jacsó”;i:2;s:7:”András”;i:7;s:4:”1066″;i:5;s:8:”Budapest”;i:4;s:20:”Weiner Leó u. 18.”;i:17;s:12:”+36703820022″;i:8;s:26:””;i:11;s:8:”Jacsó”;i:10;s:9:”András”;i:16;s:4:”1066″;i:14;s:0:””;i:13;s:8:”Budapest”;i:12;s:20:”Weiner Leó u. 18.”;i:15;s:2:”HU”;}

    as you can see my first and last name written okay at the beginning.
    But my address is wrong: Weiner Leó u. 18.
    it should read: Weiner Leó u. 18.
    Additionally my name (after my email is wrong as well): Jacsó András

    If I try to amend it the values are not showing up in wp-e-commerce my account form fields.
    Any idea how to correct this?

  • shinephp

    Thanks for the feedback.
    1st thought I have: you may have mistake in the string length values when edit this code. Pay attention on the number after s:, like 6 at s:6:”Jacsó. This number is the quant of characters in the following string. And it seems that special letters like 'ó', or 'á' counts more than 1 character in length. So, you should correct s:8:”Jacsó” not to s:8:”Jacsó” but to s:6:”Jacsó. I think you catched the idea. I hope it will help.

  • Flash Arcade Games

    I am having some problem with my wp. 2.8. I can't delete any user/posts/pages or upgrade any plugins using the dashboard. I keep getting messages like –
    1)You do not have sufficient permissions to access this page.
    2)You do not have sufficient permissions to update plugins for this blog.
    2)You can’t delete users.
    I would appreciate if somebody could help me to resolve this.

  • Glen

    Sounds like Ur not in there as Admin. Just a guess though. I'm on WPMU.

  • shinephp

    I suppose that you write about no WordPress MU. Can you create new user?
    If you can create one and assign him the administrator role. Relogin under new admin user and check what role is assigned to your old admin user. If it was changed restore it.
    If you can not create new user you need to check your user current role using SQL queries like
    1) select ID from wp_users where user_login='admin'
    change wp_ to your WordPress database prefix and admin to your user name
    2) select * from wp_usermeta where user_id=1 and meta_key='wp_capabilities'
    change wp_ to your WordPress database prefix and 1 to your user ID from the previous query
    Check the result, to edit those items you wrote about you need to have administrator role, that is the result for meta_value field must be
    If you have it but still can not do admin tasks in your blog, your administrator role is edited by someone.
    Do you have URE plugin installed already? Can you see its Settings page? Check the Administrator role capabilities with help of URE. If you can not, you can to edit administrator role capabilities directly via SQL query. Tell me if you need more help.

  • Flash Arcade Games

    Thank you very much for your response.
    I should have also mentioned, I can't add/delete/modify users, infact I can't even see the option to add a new user in the left panel, its just view profile/users.
    In the roles, I can see – a:1:{s:13:”administrator”;b:1;}. which is correct.
    As far a URE is concerned, I haven't come across this before, do you where I can download this from, meanwhile I will search the plugin. I tried changing the administrator role via SQL query similar to my new created blog, but still no luck. Is there a way I can attach the screenshot for better view?
    Any other clue?
    Much appreciate your help.

  • shinephp

    It seems that your administrator role lost its capabilities somehow and you failed to restore it. Please show me the result of this SQL query:
    SELECT * FROM wp_options WHERE option_name=”wp_user_roles”
    If you wish to show me some sceenshot you can send it directly to my e-mail vladimir[at]this domain name.

  • Flash Arcade Games

    hi there,
    I tried the command as suggested, I get blank screen.
    SELECT * FROM XXX_options WHERE option_name=”XXX_user_roles”;
    – XXX is my domain name, before all tables and entries.

    Since I was getting blank screen and no errors at all, So I searched for the entry in the table XXX_options,

    – heres the extract.


    any clue?
    Thanks for your time

  • shinephp

    It is normal data for the 1st glance.
    Is it possible for you to export wp_users, wp_usermeta, wp_options tables and email it to me? You can delete from wp_users exported data all users except one which you have permissions trouble and change user_login, user_pass field values to whatever you wish for your security. I could install it to my test WP, try to reproduce your situation and search the decision then.

  • Flash Arcade Games

    Hi Vladimir,
    I have emailed 3 files _options, _users and _usermeta as requested.
    Thanks a ton

  • shinephp

    It seems I found the decision after looking to your data. I sent SQL script with problem fixing command to your e-mail. Please let me know if it helped you to resolve your problem.

  • Flash Arcade Games

    I tried this morning and unfortunately it did not work. The problem remains unchanged.
    Any other clue?
    Much appreciate you time and help.

  • shinephp

    It's strange. Did you check the result of SQL command execution? Something as “1 row is affected”?
    Your wp_options table record with roles staff has option_id=96.
    Please check if it is true and try to execute the same SQL command just change where cluster to more exact
    where option_id=96 limit 1
    Please take special attention that before run update SQL command I sent to you, you should change the default database prefix from 'wp_' to yours in TWO places: in table name, that is user 'yourdbprefix_options' instead of 'wp_options' and in where cluster 'yourdbprefix_user_roles' instead of default 'wp_user_roles' as I sent to you. I suppose that query did not update record for that reason.
    Earlier I put attention that something is wrong with your query:
    SELECT * FROM XXX_options WHERE option_name=”XXX_user_roles”;
    – XXX is my domain name, before all tables and entries
    That query should return one record not blank screen if it is valid. Please double check.

    Thanks for your courtesy.

  • Flash Arcade Games

    sorry for any confusion. I did make those necessary changes before running the sql query and it did work – rows affected, but from the wp panel point of view there was no change. I still can't see add new user, etc.

  • shinephp

    May be I didn't take something into account… In this situation I can propose just on-site help (free of any charge). I will need FTP access for it to analyse your situation directly in place. If you consider that it is possible for you, please send domain name, ftp address, ftp user and pswd to my email.

  • Flash Arcade Games

    Thank you so much for helping me out.I have emailed you all the access you may require to troubleshoot.The password for the attachment – “hidden”Again thanks for your time and effort.Regard

  • Flash Arcade Games

    WOW!!! Excellent. I see you have fixed it ;-).
    I will email you.

  • cikkus

    Hi Vladimir need you help:
    After an hacker's attack I had to clean several file and renamed all suffix database's tables. But when i tried to modify “wp_user_roles” can't find it in my SQL under wp_options this record. I stay amazed and I checked several time into the row to find user_roles, but i didn't have it! So after configuring wp-config.php I visited the site. All perfect, but when I tried to log as admin it return me the classical ” you dont'have right permission…”
    So I thing it depend for the user-roles lacks but can't understand as it's possible. I used your query . SELECT * FROM wp_options WHERE option_name=”wp_user_roles” but i hadn't any result…
    Could you please help me? Couls i recreate the missing table? Thanks!

  • Hi,
    First, try to check your existing options table, of course with use of new db_prefix using wildcard %, e.g.
    SELECT * FROM wp_options WHERE option_name like “%user_roles”
    “wp_” in the query you use is the default db prefix as in table name, as in the option_name both.
    After you find/rename/restore this record. You should to check wp_usermeta table and change your admin user capability record meta_key from 'wp_' to your new db prefix.
    try this query
    SELECT * FROM wp_usermeta WHERE meta_key like “wp_%” and user_id=1
    and change all 'wp_' in the records to your new db prefix.
    I hope that will help you.

  • Great! You are great! Thank alot! Just when I launched the query you have suggested me it appeared the record with the old suffix…So i changed the old with the new suffix and I finally could enter my site as administrator! Thanks from Italy! Francesco

  • You are welcome! 🙂

  • Pingback: » Blog Archive » How to change WordPress User Role capabilities |

  • zyan

    hi there can you help figuring this out? i am new in this stuff and dont have any idea what are meta key are… it gives me headache… i want to change my site into new i google and search the easiest way and found out your site….
    i only need to change this..

    UPDATE `newprefix_usermeta` SET `meta_key` = REPLACE( `meta_key` , ‘oldprefix_’, ‘newprefix_’ );

    where i can get those code? or please suggest anything that i will just copy and paste in my php tool.. pls… thannk you soo much..i will be glad if you will help me… 🙂


  • zyan

    hi there can you help figuring this out? i am new in this stuff and dont have any idea what are meta key are… it gives me headache… i want to change my site into new i google and search the easiest way and found out your site….
    i only need to change this..

    UPDATE `newprefix_usermeta` SET `meta_key` = REPLACE( `meta_key` , 'oldprefix_', 'newprefix_' );

    where i can get those code? or please suggest anything that i will just copy and paste in my php tool.. pls… thannk you soo much..i will be glad if you will help me… 🙂


  • Hi,
    If you wish to change site to new URL only, what is the reason to change WP database prefix? Why not to use the old one? Please give me more details about what do you wish to complete? What do you wish to make? And I will help you with SQL commands you need to use for that, possibly.

  • Eugene

    Dear Vladimir–

    I'm working on a communal site based on WordPress 3.0 platform. I'm using your great plug-in designing a page for my users to upload, to view, to edit, and to delete downloads. However, I want to limit my users to deleting only their own downloads that they, and nobody else, uploaded. Is it possible? If so, how?



  • Francesco

    Hi Vladimir, after a haker attack I installed on my WP Antivirus and Firewall plugin. It's since a week that I daily receive on my email alert messages such this:

    Content preview: WordPress Firewall has detected and blocked a potential attack!
    Web Page: Warning: URL may contain dangerous content!
    Offending IP: [ Get IP location ] Offending Parameter: wassup_screen_res
    = 1920×1200 This may be a “WordPress-Specific SQL Injection Attack.” […]

    I deactivated Wassup” plugin, the site seems working without problems but both Antivirus and Firewall alert me every day…

    Can you help me?

  • Pingback: Your Gate To Better & Faster Internet » How to change WordPress User Role capabilities()

  • Pingback: User Switching WordPress plugin review |

  • Stynsk

    I found that the capabilty manager plugin is based on this concept. If your are not familiar with sql, i suggest to use this plugin.

  • And do not forget about ‘User Role Editor’ plugin, which could help you at this field too.

  • Tamer

    Finaly!!!!!! Thanks to really help, not just link a f… plugin!!

  • Kaye

    Awesome. I’ve been playing with this for a few days (I’m fairly green with ripping into databases) and have killed a few set up in the name of learning! LOL

    I’m trying this – but wanted to ask (incase I failed) is it possible to take everything about the Admin abilities (copy it all), kill everything about the editor’s roles, and then give the editor every role the admin has, then go thru and kill off the ones you don’t want (like updating the core).

    I’d remove less than I’d be adding, doing it this way.

    Anyhow, off I go to give it a wack. Thanks for taking the time to post this ‘tutorial’ and helping out others.

  • Thanks for the good words :).
    The easiest way to achieve that what you wish is to setup and use “User Role Editor” plugin. You can find a link to post about it at sidebar to the right. This plugin provides you a graphical interface to add/remove capabilities to/from selected or custom created role.

  • Kaye

    Welp, I did it the DB way already and it worked great. The only thing I don’t want them to do is update the core, run updates on themes or plug-ins, or install any new themes/plug-ins, delete their theme.

    I got everything working great, removed these:



    However, the one snafu I hit is seeing plug-in ‘panels’ (for lack of better word) that load under the SETTINGS panel (in the admin area – plug-ins such as ‘testimonials’ and things like that).

    Yeah, the plug-in may be the easier way, but I learned something pretty cool and felt accomplished doing it this way. If seeing the additional plug-in panels won’t be possible with the edit I made to the DB, then I’ll revert and go with the plug-in. 🙂

    Thanks sir!

  • Kaye

    Coming back to say that I went back into the database, gave the Editor every single permission the Administrator has, and still no viewing the ‘panels’ to any plug-ins that load after the last ‘settings’ tab. Hmmm. Does it have something to do with the numbers that prior to the role names?

    s:13:”Administrator” vs s:6:”Editor” (sorry, I’m just a very curious person 🙂

  • Kaye

    Came back one more time to say I installed the User Role plug-in on one of my other sites, created a new user, gave it every single permission and I still can’t see the control panel for “LessThanWeb – Testimonials” that loads under the SETTINGS tab. 🙁 Is it the testimonials plug in that is at fault?

  • What WordPress version do you use? Is it WordPress multi-site configuration?

  • Kaye

    Nope, just 3.0.5 as a single install. 🙂 I’ve tried the plug-in and editing the database (no doing both on one site mind you) and any plug-in (the testimonials one I mentioned, also I have a site that runs a discussion board) that puts it’s ‘control panel’ under the ‘settings panel’ won’t show up, no matter how many permissions I give the editor. Hmmm.

  • If you use single install, it simplifies the things. Try to reassign ‘Editor’ role to the user with which you make your test, e.g. assign it ‘Subscriber’, update, then assign ‘Editor’ back.

  • Pingback: Плагин Редактор Ролей Пользователей WordPress | - русское зеркало()

  • 1st, I tried to insert image into post as contributor and it is shown with lightbox effect successfully. But not from the 1st try :). Check if your contributor user fill the “Link URL” parameter when insert image from media library to the post. Lightbox plugin automatically insert rel=”lightbox” attribute to the link then and image could be open with special effect. If image is inserted without link – lightbox effect doesn’t work. Is it your case?

  • Dolendro

    I have a multiuser site. I’m using this plugin for roles and capabilites part, this is a great plugin. I want to create a capability for listing the users for a same roles and lower roles. I don’t have any idea how to do this one. I don’t want to listing the upper roles when a lower roles login. Please help.

  • Give me more details please about your purpose. From where do you wish to exclude users with higher roles? Is it standard WordPress users list at admin menu?
    We know what role is higher from built-in WordPress roles, but how to sort (higher/lower) custom created roles if you have such at your blog?
    Generally it is a programming task. It’s not enough just to add new capability.

  • Rockdizmusic

    I was changing a few options on the User’s rolls and I decided to reset all the options. I’m the admin of my blog and now I can’t check my wordpress updates, nor do i have permission to access “wp-admin/widgets.php”
    is there a fix?? 

    please contact me at the following address:
    rockdizmuisc [at]

  • You need to use MySQL access to your blog. Extract roles from your blog according this post recomendation. Extract roles from fresh test WordPress installation. Compare Administrator role capabilities. Replace your blog administrator role with one from test installation. That should help.

  • wahidaus

    Hi Vladimir,

    Thanks for this nice plugin. I have got a question on “Adding a new capability”.

    I would like to add up a part from my theme for others to see it. If I enable Manage options then it brings up that part but then all others options appears with it.

    For your better understanding I have added the screenshot from the WP CMS.

    I would appreciate if you could help.

  • Hi Wahidaus,

    Could you be more exact, please, what you wish to achieve? What menu item(s) do you wish to hide/show to the users?
    Is ‘Photos’ a custom post type or this submenu is added by some active image gallery plugin? What plugin do you use in that case?

  • Alex

    Hi Vladimir,

    This is a great plug-in thank you for sharing it. I have a question about access to the Media Library.  I would like one type or user to be able to upload and view all the media but another group is just able to upload and view media they have uploaded.  Is that possible?



  • Hi Alex,

    Excuse me for delay with answer. I was busy and your question has not trivial decision at my level of expertise. I think, it’s impossible except of modifying core WordPress code. If you agree to restore such changes manually after each WordPress update, you can make something like this:
    Open file wp-admin/includes/wp-media-list-wp-table.php and open it at line #172
    $post_owner = ( get_current_user_id() == $post->post_author ) ? 'self' : 'other';
    Insert just after that row this code:
    if ($post_owner=='other' && !current_user_can(view_all_media')) {

    Save your changes. This way, if user has no ‘view_all_media’ capability he will see his media only.


  • Omje

    Trully, this tutorials is very helpful for me..
    I tried it in my online store wich have wp 3.3.1 & plugin wp e-commerce
    Extremly, I tried to apply this tutorial to change user “Subscriber” from its limited capabilities to “Subscriber” with full capabilities which have in “Administrator”s user
    Thanks for this great tuts.. 🙂

  • Thanks for sharing that.

  • Wp-Wiz

    Thank you so much for you efforts. This is a great plugin and a time saver.
    I would thank you a million times if I could.

  • Luke Cavanagh

    Thank you for sharing this.

  • Галина Черных

    Thank you for the article. It helped a lot.
    Question: how to make it possible to view comments, but at the same time, disabling the creation of posts.

  • Галина Черных

    I think you need to hide the comments menu or the “posts” menu (Photos). Since, when adding the code:
    -s: 10: “edit_posts”; b: 1; –
    You can view comments and posts.
    Is it possible to hide one of the menus in the sidebar and in the admin bar

  • Both menus (Posts, Comments) use the same ‘edit_posts’ capability. It’s not possible using existing permissions to give access to only one menu from this pair. Pro version “Admin menu access” add-on allows this.

  • khoerner360

    Thanks! Just what I needed to complete my task.