If you are the only person who manages your site, then you’ve probably never had to think about it. You are an admin and you have access to everything, so what a signed in user has access to has never been something you’ve had to consider. The problem appears when you want to give the ability to manage a website to someone else, but you don’t want to give them any more access than what they need. For example, the content writer should not have access to your customers’ data or sales analytics, right? They don’t need it to do their job.
When it’s not about data, it’s about page security. For an inexperienced user, the number of options in the WordPress dashboard can be overwhelming. Inexperienced users could mess up your design, or even break the entire site (believe me, it happens more than you might think). Anticipate, protect!
The good news is that WordPress and Divi come pre-packed with a number of ways to change what is visible and to who depending on the roles that person plays in the running of your website. In this post, we’re going to dig into this topic and show you how you can use these features to minimise your chances of losing control.
WordPress User Roles: What They Are and How to Use Them?
WordPress has 6 pre-made roles, they are:
Super Admin – has access to all functions, including network features
Administrator – has access to all functions in a single site
Editor – can publish and manage the posts of other users
Author – can publish and manage their own posts
Contributor – can write and manage their own posts
Subscriber – can only manage their profile
How Can I Manage Capabilities?
1. Divi Role Editor
The Divi Role Editor is a built-in feature into Divi Theme. It’s an easy-to-use solution where you can easily enable and disable permission settings for each of the WordPress’s built in user roles, giving you full control over what the client can see and use inside the Divi Builder.
While the Divi Role Editor is a perfectly capable tool for the most part, we’ve struggled over the past few weeks with one issue. Despite the fact that the editors have permission to use the Divi theme options, they did not have access to them.
Have you noticed this issue? Well one solution, and another great way to finetune role permissions is to install a role editing plugin.
2. User Role Editor Plugin – Easy to Manager
The User Role Editor WordPress plugin allows you to change user roles and capabilities in a few clicks. You can add new capabilities and remove unnecessary capabilities which could be left from uninstalled plugins. To read more about ‘User Role Editor’ visit the plugin page.
3. Make Changes to the Functions.php File – Recommended
It sounds complicated, but editing the user roles and capabilities using a function is surprisingly simple.
You need to add a snippet to the functions.php file. Each theme comes with its own functions.php file. If you’re going to make extensive modifications to yours, the best course of action is to set up a child theme so your changes don’t disappear during updates. You’ll also want to back up your site before making any changes, just in case things go wrong and you need to roll back your changes.
Moving on, you’ll need to access your functions.php file.
Use an FTP Client such as FileZilla to navigate to the wp-content/themes/ directory. Inside your activated child theme folder, where you’ll find a functions.php file.
You can also do this in the WordPress Dashboard -> Appearance -> Theme Editor
Choose functions.php file.
$role = get_role( 'editor' );
$role->add_cap( 'import' );
$role->add_cap( 'export' );
$role->add_cap( 'switch_themes' );
$role->add_cap( 'edit_theme_options' );
$role->add_cap( 'manage_options' );
add_action( 'admin_init', 'add_theme_caps');
And save changes.
How It Works?
If you want to remove capabilities, removing the php won’t work, because user capabilities are saved in the mysql database. You need remove them with the function “remove_cap” to achieve this.
You can learn more about roles and the capabilities they come with from the WordPress Codex: https://codex.wordpress.org/Roles_and_Capabilities
$role = get_role( 'editor' );
$role->remove_cap( 'import' );
$role->remove_cap( 'export' );
$role->remove_cap( 'switch_themes' );
$role->remove_cap( 'edit_theme_options' );
$role->remove_cap( 'manage_options' );
remove_action( 'admin_init', 'remove_theme_caps');