If you're building a WordPress site for a client, managing a team, or running a membership platform, the default user roles probably don't fit your needs. Creating a custom user role in WordPress lets you define exactly what each user can and can't do — no more, no less. In this guide, you'll learn three proven methods, from pure PHP code to a beginner-friendly plugin, plus a full capabilities reference table you can bookmark.
Understanding Default WordPress Roles
WordPress ships with six built-in roles, each with a predefined set of capabilities:
For many sites, these defaults are enough. But when you need a Comment Moderator who only handles comments, a Client role with read-only dashboard access, or a Shop Manager with limited WooCommerce permissions — you need a custom user role in WordPress.
WordPress Capabilities: Complete Reference
Every role is built from capabilities — individual permissions that control specific actions. When you create a custom user role in WordPress, you pick exactly which capabilities to include. Here are the most common ones:
For the complete list, see the official WordPress developer documentation.
How to Set Custom User Permissions in WordPress
Sometimes you don't need an entirely new role — you just need to tweak the permissions on an existing one. WordPress lets you add or remove individual capabilities from any role using add_cap() and remove_cap().
This is the fastest way to set custom user permissions in WordPress without creating roles from scratch.
Adding Capabilities to an Existing Role
Want your Editors to access the theme customizer? Add the edit_theme_options capability:
function add_editor_theme_cap() {
$editor = get_role( 'editor' );
$editor->add_cap( 'edit_theme_options' );
}
add_action( 'init', 'add_editor_theme_cap' );Code language: PHP (php)Like add_role(), this writes to the database — so it only needs to run once. Wrap it in an activation hook or a one-time check to avoid unnecessary database writes on every page load.
Removing Capabilities From an Existing Role
You can also restrict a role by removing capabilities. For example, prevent Authors from deleting their published posts:
function restrict_author_deletes() {
$author = get_role( 'author' );
$author->remove_cap( 'delete_published_posts' );
}
add_action( 'init', 'restrict_author_deletes' );Code language: PHP (php)Modify Existing Role vs. Create a New One?
Use add_cap() / remove_cap() when you need small adjustments to a default role — like giving Editors one extra permission or restricting Authors from a specific action.
Create a new custom user role in WordPress when the changes are significant enough that the role no longer resembles the original. If you're removing 10+ capabilities from Administrator, a dedicated "Client Admin" role is cleaner and easier to maintain.
Checking Permissions in Your Code
Once you've set custom user permissions, use current_user_can() to conditionally show or hide features:
if ( current_user_can( 'edit_theme_options' ) ) {
// Show theme customization UI
}
if ( ! current_user_can( 'manage_options' ) ) {
// Hide settings from non-admins
}Code language: PHP (php)This function checks the current user's capabilities in real time, so it always reflects your latest role changes.
3 Methods Compared: Which Is Right for You?
There are three main ways to create a custom user role in WordPress. Here's how they stack up:
Our recommendation:
Method 1: Create a Custom User Role in WordPress With Code
This is the most flexible approach. You'll use WordPress's built-in add_role() function to define a new role with the exact capabilities you need.
Example: Creating an "Author Pro" Role
Let's build a custom role called Author Pro — an author who can also moderate comments. Add this code to your theme's functions.php file or as an mu-plugin:
Important:
Testing Your Custom Role
After adding the code:
- Go to Users → Add New in the WordPress dashboard
- Create a test user and assign the Author Pro role
- Log in as that user — or use a plugin like User Switching to switch quickly
- Verify the user can write posts and moderate comments
- Confirm they cannot access settings, themes, or plugins
Tip:
Restricting Admin Pages
You might want to hide certain dashboard pages from your custom role. Use the admin_menu hook:
Common menu slugs you can restrict: edit.php (Posts), upload.php (Media), themes.php (Appearance), plugins.php (Plugins).
Example 2: Creating a "Simple Admin" Role
Instead of building from scratch, you can clone an existing role and remove capabilities. This is useful when you need a restricted admin for clients:
This creates a role with nearly all admin capabilities — minus the ability to install plugins, switch themes, or change site settings. Ideal for clients who need broad access without the risk of breaking things.
Removing a Custom Role
If you no longer need a custom role, remove it with remove_role():
remove_role( 'author_pro' );Code language: PHP (php)This deletes the role from the database permanently. Important: Any users assigned to a removed role will lose all capabilities — reassign them to a valid role first. You can check and reassign in bulk via Users → All Users and filtering by role.
Like add_role(), this only needs to run once. Remove the code after execution.
Method 2: Using a Code Snippets Plugin
If editing functions.php directly makes you nervous, the free Code Snippets plugin lets you run PHP code with a built-in safety net:
- Install and activate
- Go to Snippets → Add New
- Paste your
- Set it to Run once — since roles are stored in the database, the snippet doesn't need to run on every page load
- Click Save and Activate
The key advantage: if your code has a syntax error, Code Snippets catches it and deactivates the snippet instead of crashing your entire site. Your role code also stays intact when you switch themes — unlike functions.php, which is theme-dependent.
This method gives you the same flexibility as Method 1, with less risk. It's the sweet spot for developers who want code control without worrying about white-screen-of-death scenarios.
Method 3: Using the User Role Editor Plugin (No Code)
For non-developers, the User Role Editor plugin is the most popular way to create a custom user role in WordPress — with over 700,000 active installations.
Step-by-Step Walkthrough
- Install the plugin
- Open the role editor
- Add a new role
- Customize capabilities
- Save your changes
- Assign the role
Tip:
Plugin vs. Code: When to Use Which
Choose the User Role Editor plugin when:
- You manage roles frequently and need a visual overview
- Your team includes non-developers who need to adjust permissions
- You want to clone and modify existing roles quickly
- You're building a client site and want easy, ongoing WordPress maintenance
Choose code (Method 1 or 2) when:
- You need version-controlled roles stored in your codebase
- You're building a custom plugin or theme that ships with specific roles
- You want programmatic capability checks tied to your application logic
Another solid plugin option is Members by Justin Tadlock, which offers a similar UI with additional features like content permissions and role management widgets.
Custom User Roles for WooCommerce
WooCommerce adds two roles when activated: Customer (can manage their own account and orders) and Shop Manager (can manage products, orders, coupons, and reports — but not site settings).
For many stores, the default Shop Manager is too broad. Here's how to create a restricted Order Manager who can only handle orders — not products or coupons:
add_role(
'order_manager',
'Order Manager',
array(
'read' => true,
'edit_shop_orders' => true,
'read_shop_orders' => true,
'delete_shop_orders' => false,
'edit_others_shop_orders' => true,
'read_others_shop_orders' => true,
'publish_shop_orders' => true,
'edit_published_shop_orders' => true,
)
);Code language: PHP (php)Common WooCommerce Capabilities
WooCommerce follows the same pattern as WordPress core, using custom post type capabilities:
- Products:
edit_products,delete_products,publish_products - Orders:
edit_shop_orders,read_shop_orders,delete_shop_orders - Coupons:
edit_shop_coupons,read_shop_coupons,delete_shop_coupons - Reports:
view_woocommerce_reports
You can combine these with add_cap() to customize the default Shop Manager — or build entirely new WooCommerce roles using the methods described above. For a full list, see the WooCommerce developer documentation on roles and capabilities.
If you're setting up a WooCommerce store, getting custom user roles right from the start saves you from permission headaches as your team grows.
Frequently Asked Questions (FAQ)
How do I create a custom user role in WordPress?
You have three options: (1) Add PHP code using the add_role() function in your theme’s functions.php or a mu-plugin, (2) use the Code Snippets plugin for safer code execution, or (3) install the User Role Editor plugin for a visual, no-code approach. All three methods let you define exactly which capabilities your custom role should have. For most non-developers, Method 3 (the plugin) is the fastest path.
What is the difference between user roles and capabilities in WordPress?
A role is a named collection of permissions assigned to a user — like u0022Editoru0022 or u0022Author.u0022 Capabilities are the individual permissions within that role, such as edit_posts, moderate_comments, or manage_options. Think of a role as a job title and capabilities as the specific tasks that job can perform. When you create a custom user role in WordPress, you’re essentially building a new job title with a hand-picked set of tasks.
How do I assign a custom role to an existing user?
Go to Users in the WordPress dashboard, hover over the user and click Edit, scroll down to the Role dropdown, and select your custom role. Click Update User to save. If you need to assign multiple roles to one user, the User Role Editor plugin supports additional role assignment — WordPress core only allows one role per user by default.
Will my custom role disappear if I switch themes?
No — custom roles created with add_role() are stored in the WordPress database (in wp_options), not in your theme files. The role persists even after switching themes. However, if your add_role() code lives in functions.php and you switch themes, the role won’t be re-created on new installations where it doesn’t exist yet. For maximum reliability, place your code in a mu-plugin or use the Code Snippets plugin.
How do I customize WordPress user roles and permissions?
You can modify existing roles using add_cap() and remove_cap() to add or remove individual permissions. For example, adding edit_theme_options to the Editor role gives editors access to the theme customizer. For larger changes, create a new custom user role in WordPress with only the capabilities you need using add_role(), a Code Snippets plugin, or the User Role Editor plugin.
Can I create custom user roles for WooCommerce?
Yes — WooCommerce uses the same WordPress roles and capabilities system. You can create custom roles with WooCommerce-specific capabilities like edit_shop_orders, edit_products, and view_woocommerce_reports. This lets you build roles like u0022Order Manageru0022 or u0022Product Editoru0022 that limit team members to specific store functions without giving them full Shop Manager access.
How do I remove a custom WordPress role?
Use the remove_role() function: remove_role(‘your_role_name’). This permanently deletes the role from the database. Before removing a role, reassign any users currently assigned to it — otherwise they’ll lose all capabilities. If you’re using the User Role Editor plugin, you can delete roles from the plugin’s interface instead.
Ready to Build Your WordPress Site?
Custom user roles are one piece of building a secure, professional WordPress site. Whether you need a custom-built website tailored to your business or a cost-effective template-based solution, we help organizations get online with confidence. Need ongoing support? Check out our maintenance plans to keep your site running smoothly.
Get in touch to discuss your project →
