User Role Editor WordPress plugin – Change roles easily

User Role Editor - plugin for WordPress

User Role Editor

User Role Editor WordPress plugin allows you to change standard WordPress user roles capabilities with easiness of a few mouse clicks. Just turn on check boxes of capabilities you wish to add to the selected role and click “Update” button to save your changes. That’s done. Add and tune your own custom roles which you can assign to the users then. You can create new role as a copy of existing one. Delete self-made roles. Change defaul user role.
Multi-site support is provided.

Why it could be necessary? Let’s suppose you wish that your multi-authored blog contributors upload their own graphics to use in their posts. WordPress “contributor” role has no such capability by default. In such situation you have needed to change user role capabilities manually using SQL client as I described at “How to change wordpress user role capabilities” post, if you have enough knowledge in that field. But what to do if you have not?

Good news – This task is simple now, just use this plugin

User Role Editor

The latest version: 4.19.2. Quant of downloads: 2073536

Take a look at the “User Role Editor” plugin main form screenshot:
User Role Editor main form

  • Select a role you wish to change from the drop down list at the top. Page will be refreshed automatically and show you the capabilities list for the selected role. Make your corrections, check/uncheck correspondent check boxes and click “Update” button to save your changes. If you wish to apply this change for all sites of your multi-site WordPress network, turn on “Apply to All Sites” check box at the top of the form before press “Update”.
  • If you prefer to see capabilities names in form e.g. ‘Edit pages’ instead of WordPress ‘edit_pages’ standard form turn on the “Show capabilities in human readable form” checkbox at the right top corner of the main form. Move mouse over capability name and you will see its alternative form name.
  • According to WordPress Codex User Levels were introduced in WordPress 1.5, they were replaced by Roles and Capabilities in WordPress 2.0, and were finaly deprecated in WordPress 3.0. Thus you can hide them in order they do not mess you in your work with roles. Keep “Show deprecated capabilities” check box at the to right corner of the form unchecked for that. If for any reason you need to see user levels, turn on that check box.
  • If you don’t wish to save changes you can click “Cancel” button.
  • If you are needed to restore roles capabilities you have before your or installed plugins made 1st modification to them, use “Reset” button. “User Role Editor” will restore roles and capabilities to its clean state. You will get roles stuff just after WordPress installation. Be very careful with this operation as you will definitely lose any changes you or your plugins made to user roles from the time of fresh WordPress installation. Consider to make backup copy of your database before proceed with “Reset” operation.

In order to add/remove your custom role, change default role for new user, add/remove custom user capability use “User Role Editor” management boxes, look on screenshot below:
User Role Editor custom roles and capabilities management boxes

  • If you need your own custom role, create it with “Add New Role” feature. Input new role name into input text field at “Add New Role” box, select existing role from drop-down list if you wish to use its capabilities as starting point for further work and click “Add” button. Remember that you can use latin letters, digits and an “_” underscore sign in your role names. Subscriber role is copied by default if you don’t select such role yourself.
  • Unnecessary self-made role can be deleted with “Delete Role” box. Select role and click “Delete” button for it. Only your self-made roles appears in the role list to delete. If some of your own roles is assigne to the user or selected as default role for new users it will not be appeared in the list for deletion.
  • Select the role which you wish to use as default for any new created user from the list at “Default Role for New User” box. Click “Change” button to save your changes.
  • Use “Add New Capability” box in order to add new user capability. Remember you can use only latin alphabet letters, digits and underscore sign in the capability name. How to use new added user capability? Turn it on in the role you select and check if current user has such capability in your plugin or active theme functions.php file. For example,
     if (!current_user_can('some_capability_you_added')) {
       echo "You don't have permission for it!";
  • If you need delete custom capability added by you or some of your old plugins, which you don’t use anymore use “Delete Capability” box. “User Role Editor” doesn’t allow to delete built-in WordPress capabilities.

With help of “User Role Editor” you can assign additional capabilities directly to the users. Open users list by click on the “All Users” link at the “Users” submenu. Find needed user, move mouse pointer to his name and click “Capabilities” link as on screenshot below:
User Capabilities Editor link
At the form opened you can assign to user another role and/or add to him capabilities which not included to his role:

Change User Capabilities

Change User Capabilities

You can not turn off capabilities included to the role assigned to this user. You can add/remove other capabilities. They will be applied directly to the user as you click the “Update” button. If you wish to built a fully custom capabilities set for this user, without limitation of any role, select “No role for this site” from drop-down list at the top and make it.

Do you need more functionality with premium support in real time? Do you wish remove advertisements from User Role Editor pages?
Buy Pro version. It includes extra modules:

  • Block selected admin menu items for role.
  • “Export/Import” module. You can export user roles to the local file and import them then to any WordPress site or other sites of the multi-site WordPress network.
  • Roles and Users permissions management via Network Admin for multisite configuration. One click Synchronization to the whole network.
  • Per posts/pages users access management to post/page editing functionality.
  • Per plugin users access management for plugins activate/deactivate operations.
  • Per form users access management for Gravity Forms plugin.
  • Shortcode to show enclosed content to the users with selected roles only.
  • Posts and pages view restrictions for selected roles.

Pro version is advertisement free. Premium support is provided by plugin author Vladimir Garagulya. You will get an answer on your question not once a week, but in 24 hours or quicker.

User Role Editor

For more information about WordPress user roles please read these articles
WordPress Admin Menu Permissions;
WordPress user capabilities;
activate_plugins WordPress user capability;
edit_dashboard WordPress user capability;
Delete posts and pages WordPress user capabilities set;
delete_plugins WordPress user capability;
moderate_comments WordPress user capability;
Roles and Capabilities article at;


Русская версия этой статьи доступна по адресу

Dear plugin User,
if you wish to help me with this plugin translation I very appreciate it. Please contact me via Contact form and I will answer you by email. Do not forget include your site link in order I can show it with greetings for the translation help at, plugin settings page and in this readme.txt file. If you have better translation for some phrases send it to me. You are welcome!
Former translators! Please check your translations and provide the updated files corresponding to the current version of URE plugin.

Special Thanks to

  • Lorenzo Nicoletti – for the code enhancement suggestion CUSTOM_USER_META_TABLE constant is used now for more compatibility with core WordPress API.
  • Marcin – For the code enhancement. This contribution allows to not lose new custom capability if it is added to other than ‘Administrator’ role.
  • FullThrottle – for the code to hide administrator role at admin backend.

You are welcome! Help me with bugs catching, share with me new ideas about plugin further development and link to your site will appear above.

Recent donations for this plugin developement

Change Log

[4.19.2] 01.10.2015

  • Fix: multiple default roles assignment did not work under the multisite environment, when user was created from front-end by WooCommerce, etc.
  • Update: the translation text domain was changed to the plugin slug (user-role-editor) for the compatibility with
  • Update: CSS enhanced to exclude column wrapping for the capabilities with the long names.

[4.19.1] 20.08.2015

  • Default role value has not been refreshed automatically after change at the "Default Role" dialog - fixed.
  • More detailed notice messages are shown after default role change - to reflect a possible error or problem.
  • Other default roles (in addition to the primary role) has been assigned to a new registered user for requests from the admin back-end only. Now this feature works for the requests from the front-end user registration forms too.


  • 28.07.2015
  • It is possible to assign to the user multiple roles directly through a user profile edit page.
  • Custom SQL-query (checked if the role is in use and slow on the huge data) was excluded and replaced with WordPress built-in function call. Thanks to Aaron.
  • Bulk role assignment to the users without role was rewritten for cases with a huge quant of users. It processes just 50 users without role for the one request to return the answer from the server in the short time. The related code was extracted to the separate class.
  • Code to fix JavaScript and CSS compatibility issues introduced by other plugins and themes, which load its stuff globally, was extracted into the separate class.
  • Custom filters were added: 'ure_full_capabilites' - takes 1 input parameter, array with a full list of user capabilities visible at URE, 'ure_built_in_wp_caps' - takes 1 input parameter, array with a list of WordPress core user capabilities. These filters may be useful if you give access to the URE for some not administrator user, and wish to change the list of capabilities which are available to him at URE.
  • Dutch translation was updated. Thanks to Gerhard Hoogterp.


  • 30.04.2015
  • Calls to the function add_query_arg() is properly escaped with esc_url_raw() to exclude potential XSS vulnerabilities. Nothing critical: both calls of add_query_arg() are placed at the unused sections of the code.
  • Italian translation was updated. Thanks to Leo.


  • 24.02.2015
  • Fixed PHP fatal error for roles reset operation.
  • Fixed current user capability checking before URE Options page open.
  • 3 missed phrases were added to the translations files. Thanks to Morteza
  • Hebrew translation updated. Thanks to atar4u
  • Persian translation updated. Thanks to Morteza


  • 06.02.2015
  • New option "Edit user capabilities" was added. If it is unchecked - capabilities section of selected user will be shown in the readonly mode. Administrator (except superadmin for multisite) can not assign capabilities to the user directly. He should make it using roles only.
  • More universal checking applied to the custom post type capabilities creation to exclude not existing property notices.
  • Multisite: URE's options page is prohibited by 'manage_network_users' capability instead of 'ure_manage_options' in case single site administrators does not have permission to use URE.
  • URE protects administrator user from editing by other users by default. If you wish to turn off such protection, you may add filter 'ure_supress_administrators_protection' and return 'true' from it.
  • Plugin installation to the WordPress multisite with large (thousands) subsites had a problem with script execution time. Fixed. URE does not try to update all subsites at once now. It does it for every subsite separately, only when you visit that subsite.
  • Fixed JavaScript bug with 'Reset Roles' for FireFox v.34.


  • 14.12.2014
  • As activation hook does not fire during bulk plugins update, automatic plugin version check and upgrade execution were added.


  • 14.12.2014
  • Own custom user capabilities, e.g. 'ure_edit_roles' are used to restrict access to User Role Editor functionality (read more).
  • If custom post type uses own custom user capabilities URE add them to the 'Custom Capabilities' section automatically.
  • Multisite: You may allow to the users without superadmin privileges to add/create site users without sending them email confirmation request.
  • Bug fix: when non-admin user updated other user profile, that user lost secondary roles.
  • Italian translation was added. Thanks to Giuseppe Velardo.


  • 23.11.2014
  • French and Turkish translation were updated. Thanks to Transifex translation team.


  • 21.10.2014
  • Notice: "Undefined property: Ure_Lib::$pro in .../class-user-role-editor.php on line 550" was fixed.
  • Settings help screen text was updated.
  • Russian translation was updated.
  • Hungarian translation was updated. Thanks to Németh Balázs.
  • French and Turkish translation were updated. Thanks to Transifex translation team.


  • 01.10.2014
  • Bug fix for the PHP Fatal error: Call to undefined function is_plugin_active_for_network(). It may take place under multisite only, in case no one of the other active plugins load file with this function already before User Role Editor v. 4.17 tries to call it.


  • 01.10.2014
  • Multisite (update for cases when URE was not network activated): It is possible to use own settings for single site activated instances of User Role Editor. Earlier User Role Editor used the settings values from the main blog only located under "Network Admin - Settings". Some critical options were hidden from the "Multisite" tab for single site administrators and visible to the superadmin only. Single site admin should not have access to the options which purpose is to restrict him. Important! In case you decide to allow single site administrator activate/deactivate User Role Editor himself, setup this PHP constant at the wp-config.php file: define('URE_ENABLE_SIMPLE_ADMIN_FOR_MULTISITE', 1); Otherwise single site admin will not see User Role Editor in the plugins list after its activation. User Role Editor hides itself under multisite from all users except superadmin by default.
  • Help screen for the Settings page was updated.
  • Hungarian translation was added. Thanks to Németh Balázs.
  • Dutch translation was added. Thanks to Arjan Bosch.


  • 11.09.2014
  • "create_sites" user capability was added to the list of built-in WordPress user capabilities for WordPress multisite. It does not exist by default. But it is used to control "Add New" button at the "Sites" page under WordPress multisite network admin.
  • bug fix: WordPress database prefix value was not used in 2 SQL queries related to the "count users without role" module - updated.


  • 08.09.2014
  • Rename role button was added to the URE toolbar. It allows to change user role display name (role ID is always the same). Be careful and double think before rename some built-in WordPress role.


  • 08.08.2014
  • Missed "manage_sites" user capability was added to the list of built-in WordPress capabilities managed by User Role Editor.
  • Russian translation was updated.


  • 25.07.2014
  • Integer "1" as default capability value for new added empty role was excluded for the better compatibility with WordPress core. Boolean "true" is used instead as WordPress itself does.
  • Integration with Gravity Forms permissions system was enhanced for WordPress multisite.


  • 18.07.2014
  • The instance of main plugin class User_Role_Editor is available for other developers now via $GLOBALS['user_role_editor']
  • Compatibility issue with the theme "WD TechGoStore" is resolved. This theme loads its JS and CSS stuff for admin backend uncoditionally - for all pages. While the problem is caused just by CSS URE unloads all this theme JS and CSS for optimizaiton purpose for WP admin backend pages where conflict is possible.


  • 13.06.2014
  • MySQL query optimizing to reduce memory consumption. Thanks to SebastiaanO.
  • Extra WordPress nonce field was removed from the post at main role editor page to exclude nonce duplication.
  • Minor code enhancements.
  • Fixes for some missed translations.


  • 16.05.2014
  • Persian translation was added. Thanks to Morteza.


  • 22.04.2014
  • Bug was fixed. It had prevented bulk move users without role (--No role for this site--) to the selected role in case such users were shown more than at one WordPress Users page.
  • Korean translation was added. Thanks to Taek Yoon.
  • Pro version update notes:
  • Use new "Admin Menu" button to block selected admin menu items for role. You need to activate this module at the "Additional Modules". This feature is useful when some of submenu items are restricted by the same user capability, e.g. "Settings" submenu, but you wish allow to user work just with part of it. You may use "Admin Menu" dialog as the reference for your work with roles and capabilities as "Admin Menu" shows what user capability restrict access to what admin menu item.
  • Posts/Pages edit restriction feature does not prohibit to add new post/page now. Now it should be managed via 'create_posts' or 'create_pages' user capabilities.
  • If you use Posts/Pages edit restriction by author IDs, there is no need to add user ID to allow him edit his own posts or page. Current user is added to the allowed authors list automatically.
  • New tab "Additional Modules" was added to the User Role Editor options page. As per name all options related to additional modules were moved there.


  • 06.04.2014
  • Single-site: It is possible to bulk move users without role (--No role for this site--) to the selected role or automatically created role "No rights" without any capabilities. Get more details at
  • Plugin uses for dialogs jQuery UI CSS included into WordPress package.
  • Pro version: It is possible to restrict editing posts/pages by its authors user ID (targeted user should have edit_others_posts or edit_others_pages capability).
  • Pro version, multi-site: Superadmin can setup individual lists of themes available for activation to selected sites administrators.
  • Pro version, Gravity Forms access restriction module was tested and compatible with Gravity Forms version 1.8.5


  • 15.02.2014
  • Security enhancement: WordPress text translation functions were replaced with more secure esc_html__() and esc_html_e() variants.
  • Pro version: It is possible to restrict access to the post or page content view for selected roles. Activate the option at plugin "Settings" page and use new "Content View Restrictions" metabox at post/page editor to setup content view access restrictions.
  • Pro version: Gravity Forms access management module was updated for compatibility with Gravity Forms version 1.8.3. If you need compatibility with earlier Gravity Forms versions, e.g. 1.7.9, use User Role Editor version 4.9.


  • 19.01.2014
  • New tab "Default Roles" was added to the User Role Editor settings page. It is possible to select multiple default roles to assign them automatically to the new registered user.
  • CSS and dialog windows layout various enhancements.
  • 'members_get_capabilities' filter was applied to provide better compatibility with themes and plugins which may use it to add its own user capabilities.
  • jQuery UI CSS was updated to version 1.10.4.
  • Pro version: Option was added to download jQuery UI CSS from the jQuery CDN.
  • Pro version: Bug was fixed: Plugins activation assess restriction section was not shown for selected user under multi-site environment.

Click here to look at the full list of changes of User Role Editor plugin.


– Does it work in multi-site environment?
Yes, it works with multi-site installation. By default plugin works for every blog from your multi-site network as for locally installed blog without multi-site feature.

URE Multi-site feature

URE Multi-site feature

To update selected role globally for all Network you should turn on the “Apply to All Sites” checkbox.

– How to duplicate my custom created roles from main blog of my multi-site network to new created one?
“User Role Editor” makes it for you automatically. As new blog added to your network, “User Role Editor” copies full roles staff from your main blog to the new created one.

– Why administrators of single site of multi-site network do not see “User Role Editor” under “Users” menu?
URE is disabled for single site administrator by default. If you wish to enable it for single site adminitstrator add this line of code into your blog wp-config.php file


– I have large multi-site network. After click “Update” button with “Save to all sites” checkbox turned on nothing is happened. I got the blank page.
It is PHP script execution time limit problem. Other network update method is available as alternative from version 3.5. Due to my tests it works approximately 30 times faster. Try it. It will be great, if you share your experience with me. In order to select alternative method of all sites update add this line to you blog wp-config.php file


It does nothing automatically, just select other algorithm when you press “Update” with “Apply to All Sites” checkbox turned on next time.
If you define WP_DEBUG equal to 1 or true constant in wp-config.php file, URE with this directive shows update execution time in milliseconds as additional technical information.

– How to edit “Administrator” role? I don’t see it in the roles drop down list.
“Administrator” role is hidden from the roles drop down list by default.
You can see/edit “Administrator” role starting from version 3.4. Insert this line of code

  define('URE_SHOW_ADMIN_ROLE', 1);

into your wp-config.php file and login with administrator account for that.
If for any reason your “Administrator” role missed some capabilities added by plugins or themes, you can fix that now. But be careful with changing “Administrator” role, do not turn off accidentally some critical capabilities to not block your admin users.

– Does it work with WordPress versions prior 3.0?
Starting from version 2.2 plugin works with WordPress 3.0 and higher only. For earlier WordPress versions use plugin version 2.1.10


I am ready to answer on your questions about this plugin usage and help with possible problems. Use User Role Editor plugin forum or this page comments and site contact form for that please.


Tags: , , , ,

  • Vladimir Garagulya

    Hi Kati,

    Current version of User Role Editor Pro allows to export/import the roles only, not the users.
    Thanks for the good idea for further development of the Pro version – to add the export/import users with data about there roles feature.


  • Kati

    Hi Vladimir,

    Thank you for your reply. I’ll be looking forward for that feature.


  • staps99

    I have installed the plugin but I do not get the page with all the options. Am I missing something??

  • Vladimir Garagulya

    It seems – Yes. Look the “User Role Editor” menu item under ‘Users’ menu.

  • Ariane

    Hi, is it is possible with this plug-in to give back-end users rights to a specific category, so they won’t be able to edit in other categories?
    Thanks in advance.

  • Vladimir Garagulya

    There is no option for that in the User Role Editor.
    Try this recipe:

  • Vladimir Garagulya
  • BromsBomber

    Is it possible for a user to choose a role via a simple form located on the home page?

  • BromsBomber

    Is is possible to create a popup or a widget allow users to choose/update their user role? I need users who sign in via social login to choose a role if they are a new user.
    Thanks Vladimir.

  • strags

    Is it possible to allow users who generally are restricted to only edit pages they create themselves permission to edit a specific “master” page? I have content on a page which I would like other users to be able to copy and then paste into their own page(s) which they then can edit.

  • Sandi Henning

    Hi I just updated my WordPress to 4.0 “Benny” and installed your plug in – but I can’t find it under the Plugins menu or see any changes under the User menu. It says it’s installed with lastest version when I go to Add a plugin. Is there another place I should be look?

  • Vladimir Garagulya


    Plugin is available to the user with ‘Administrator’ role. It is hidden from any other users.
    If it is not your case, check the PHP error log or set temporarily WordPress WP_DEBUG constant to true in order to check if some PHP error takes place, which prevent URE plugin to show itself.


  • Vladimir Garagulya

    If users should just copy content of that master page having ability to edit it someone may corrupt master page.
    Pro version has add-on which allows to restrict the set of pages available to the user with ‘edit_others_pages’ capability.
    If you give user create_pages capability he still may add new pages and have access to edit them.

  • strags

    Thank you very much for the reply. Looks like the Pro version is what I need!

  • Sandi Henning

    I do have an Administrator role – but I still don’t see the plug in. I’m don’t know where a PHP error log is located or how to set WP_DEBUG constant. Still not seeing URE plugin.

  • Vladimir Garagulya

    In order to turn WordPress into the debug mode open wp-config.php file at your site root, find “For developers: WordPress debugging mode.” section and change the “false” value there to the “true” value:
    define('WP_DEBUG', false);.

    In case you can not resolve the issue yourself, consider to give me access to your site for the problem investigation. You may contact me at support [at-sign]

  • Sandi Henning

    I will try that on Monday when I get back to work. If I can’t get it to work I will contact you again. Thank you for answering me so promptly. It looks like a great plugin if I can get it to show up!

  • Michael

    Hello Vladimir,
    Is it possible for users to select or change their own role from a list of user roles using a simple form visible from the front end after they have logged in?

  • Vladimir Garagulya

    Hi Michael,
    I can not offer a decision for this moment.
    As there is such need I will think on including described feature to one of the future versions, possible variants: page with shortcode for redirection after login, additional role selection dropdown list field for the WordPress login form.

  • Endri

    Hello Vladimir,

    I want to add a new role but I am not sure how to. On author role I have ticked only: edit posts, publish posts, read and upload files. This way an author can add a new post, add media and publish but won’t be able to edit or delete not even his own posts. He can’t even delete the images he has added but he can edit those images. How can I do it so that once an article is published the author won’t be able to edit the images on that article?

    Thank you in advance,

  • Vladimir Garagulya

    Additionally to the Settings, User Role Editor itself is available under Users menu.

  • eyedub

    thanks and great plugin, please could you tell me, how can I restrict a user role to edit certain pages instead of all?

  • Vladimir Garagulya

    There is no buit-in feature in WordPress for that.
    It is possible with the Pro version add-on:

  • JT Sturgell

    Thanks for the PI. Is it possible to give capability to edit existing pages WITHOUT giving ability to create new pages?

  • Nikolas Karampelas

    Hello there, thanks for this great plugin!
    I want to use this with woo-commerce, ever heard of any conflicts that I need to be aware of?

    I ask because the woo commerce is adding users as clients.

    Thanks in advance :)

  • Vladimir Garagulya

    Hi Nikolas,

    There are no known conflicts between User Role Editor and WooCommerce. More, WooCommerce added custom set of user capabilities and defines its own roles, which you may customize with a help of User Role Editor.

  • Vladimir Garagulya

    While this feature is built-in to WordPress core, it is not active by default. User Role Editor Pro allows to use it:

  • Nikolas Karampelas

    Thanks a lot :)

  • squeak2me

    Hello, I would like to know if I can use this plugin to create an admin user that is limited to only accessing reports on purchases made using our shopping cart, and having no other admin access – the primary role of the user is a subscriber, but they work for the company and need to access those sales reports to make sure no emails were missed etc.

    Thank you!

  • Vladimir Garagulya


    Do you use WooCommerce for shopping cart?

  • Lizz

    I want to give volunteers access to their own secure page, so I created a volunteer role, which allows them to view an otherwise hidden page…

    But they also have the ability to change the account password, I just want one generic volunteer log-in, is there a way to block them from changing passwords?

  • Martin Oxby

    Hi there, I’ve left a help ticket on your WordPress page, but hoping I can trigger an answer somewhere.

    I have URE on a multi-site environment but non-Super-Admins cannot view the Media Library in Grid View (list view works fine) which means featured images and insert media cannot be used. I’ve tried

    – Disabling all plugins
    – Disabling all themes
    – a fresh WP install

    But the issue is still there, your help would be appreciated and this is urgent, I’m afraid.
    Thanks in advance!

  • Megin Murphy

    I have this plugin and have created the roles I need, but is there a way for a person to choose the appropriate role when registering? I have three different levels. Customer is the default and then I have a Membership Level 1 and Wholesale Buyer. I was hoping to have a way of knowing what role they were applying for.

  • noman

    i used this plugin but there is a problem in it that it can give error on list user of a group “You do not have sufficient permissions to access this admin page”. can anyone help me to resolve it

  • John Felan

    I have created a website that requires the client to be able to access the Essential Grid plug-in to upload images to various grids and add text to them.

    I worked my way through the URE plugin enabling various permissions until I found that enabling “Manage Options” gave him access. Unfortunately it also gives him access to a whole lot of other backend functionalities that could cause issues down the track.

    Is this my only option or do you have another suggestion?

    Thank you

  • Vladimir Garagulya

    Right, the 2nd step after giving to the role ‘manage_options’ capability is to block for it unnecessary functionality which ‘manage_options’ brings to it. Pro version of User Role Editor include ‘admin menu blocking’ add-on especially for this case.
    This post describes the similar problem resolved with URE Pro:

  • Alex

    Hello, i have activated the plugin in a multisite network, created a new role and gave it all the capabilities(to test it), but unless I grant the specific user I want super admin priviledges I can’t seem to be able to create new sites. (and i can see there is that capabilitiy create_site , but still…)
    I guess i’m doing something wrong ?
    Thanks in advance

  • Vladimir Garagulya

    Hi Alex,

    If you will add to the user without superadmin privileges ‘manage_network’, ‘manage_sites’, ‘create_sites’ capabilities, such user will get access to the sites list at the Network Admin. Such user should type site-domaingwp-adminnetwork URL directly though.

  • Jason Alan Kennedy

    XSS Vulnerabilities have been found in your plugin. File user-role-editor/includes/class-garvs-wp-lib.php, line 233 and file user-role-editor/includes/class-ure-lib.php, line 790. Plz correct by properly escaping by surrounding the lines in question w/ esc_url().

  • Vladimir Garagulya

    Thanks for this note. I published the update, version 4.18.4.
    I did not hurry with publishing this fix as those calls are at the currently unused sections of code.
    I just planned to include the fix to the next version.

  • Glenn Rowe

    I have created a new custom role which now has access to custom capabilities that are used by my plugin. If I add that role as an additional role to a user with “administrator” as his primary role, the user gains permission to the new custom capabilities but looses permissions to other administrator capabilities he had before. Example… The user can not delete users when he has the additional custom role but he can when the additional role is not added.

  • Vladimir Garagulya

    I can not repeat a described issue. Look this short video:
    I created custom role “Gravity Forms Admin” with capabilities from the “Gravity Forms” plugin. I assigned to the test user “Administrator” role as a primary one and “Gravity Forms Admin” as additional role. Then I logged in under that “Test admin” user and deleted other user without problem.

    Have you any additional information which may help to repeat your problem?

  • Carl D


    Can you give an example of how to use the shortcode? Thanks!

  • Vladimir Garagulya

    View restriction by roles shortcode is supported by the Pro version only. Detailed description is here:

  • Mark Tank

    How does a person change their password under the “Subscriber” role?

  • Vladimir Garagulya

    Subscriber has access to his profile at the admin back-end by default, where he may change his password. A theme or plugin may block Subscriber’s access to the admin back-end. It should realize password change feature for front-end in this case.

  • Alan Weibel

    I have three custom roles. Each custom role has it’s own custom permission or ‘Capability’. I’m trying to show/hide menu items in header.php based on their role. I’m using similar code from your suggestion above, but it’s not working. The End User role has the role_enduser permissions and the Partner role has role_partner permissions. Users have to be logged in to see this page. I can confirm that the users have the correct roles and each role has the correct permissions in the admin. Can you help?

    I’m an End User

    I’m a Partner

  • Peter

    Hi Vladimir

    I want to allow a user to ONLY be allowed to manage certain pages or sets of pages within a site. Does your plugin handle this? if yes, do those permissions permeate to all child pages too (e.g. so a user could be responsible for managing a whole section of a site and all its pages under it with one permission setting) Thanks