Key points:
- WordPress has six built-in user roles, but custom roles are often needed for specific workflows like client handoffs or editorial teams.
- Custom roles can be created using plugins like User Role Editor or through custom code with the
add_role()function. - Advanced Custom Fields (ACF®) allows you to set field visibility and Options Pages access based on user roles.
WordPress ships with six built-in user roles:
- Super Admin
- Administrator
- Editor
- Author
- Contributor
- Subscriber
These roles work well for most sites, but unique requirements often demand more granular control. Consider handing off a completed site to a non-technical client – they might need content management access without the risk of breaking functionality through the admin dashboard.
The problem isn’t creating custom roles. WordPress provides the tools for that. The real challenge is managing what users with those roles actually see and experience. Default WordPress permissions are binary – you either have access or you don’t. There’s no middle ground for contextual restrictions or simplified interfaces.
Unless you create it.
We’re going to explain how WordPress handles user roles and capabilities under the hood, then show you how to add and implement custom user roles both with and without plugins.
Understanding WordPress user roles
WordPress operates on a hierarchy where each role builds upon the previous one’s capabilities, with clear boundaries that prevent role overlap and confusion.
Basically, Administrators control the site itself, Editors control all content, Authors control their own content, Contributors create but can’t publish, and Subscribers consume. Here’s a table to help you out:
| Role | Can | Can’t |
|---|---|---|
| Super Admin (multisite only) | • Control entire multisite network • Manage all sites, network users, and themes, everything an Administrator can do | Function on single-site installations |
| Administrator | • Control full site • Manage usersInstall plugins/themes • Change all settings | Manage multisite network (if applicable) |
| Editor | • Manage all content (posts, pages, comments) • Edit others’ work • Moderate comments | Access plugins, themes, or site settings |
| Author | • Write, edit, and publish own posts • Upload media files • Manage own profile | Edit others’ content or access administrative areas |
| Contributor | • Write and edit own posts • Manage own profile | Publish posts, upload media, or edit others’ content |
| Subscriber | • Read content • Manage own profile and comments | Create, edit, or manage any content |
What can WordPress users do with their roles?
The built-in WordPress roles we covered above bundle specific capabilities together, but you can create custom roles with any combination of capabilities you want. These capabilities are the granular permissions that actually control what users can do on your site:
| Category | Capabilities |
|---|---|
| Network and site management | • Create or delete entire sites • Set up or configure a network • Manage network-wide settings, users, plugins, and themes • Upgrade the network • Delete a site |
| Content creation and management | • Write and edit posts or pages • Publish or unpublish content • Edit or delete other users’ content • Work with private content • Upload mediaUse unfiltered HTML • Import/export content |
| Design and customization | • Switch, install, or delete themes • Customize the site appearance • Edit theme files |
| Plugin and feature management | • Install, activate, update, or delete plugins • Edit plugin code • Manage plugins network-wide |
| User and permission control | • Add, remove, or edit users • Promote users to new roles • View user lists • Manage user permissions (including network-level) |
| Settings and configuration | • Change site settings • Manage categories or tags • Moderate comments • Manage external links • Customize dashboard settings • Edit internal files |
Always start with minimal capabilities and expand gradually – removing permissions from frustrated users is harder than adding them later. But capabilities alone don’t solve the real problem: users still face a cluttered admin dashboard full of irrelevant options.
Field-level control gets you over this hurdle by transforming technical permissions into focused user experiences.
What can you do with WordPress user roles?
Custom WordPress roles solve real business problems.
During client handoffs, you can create roles that let clients edit content without accessing plugins or breaking site functionality. For editorial workflows, you might need writers who can draft posts, editors who can publish them, and content managers who control categories and tags – each with different permission levels.
Advanced Custom Fields (ACF®) takes user roles further by controlling field visibility. When creating a custom field group, set location rules to User Role is equal to… and choose your target role. Only users with that role will see those specific fields.
ACF PRO’s Options Pages extend this control to site-wide settings. Create custom admin pages for contact information, social media links, or branding elements, then restrict access by role. A client might manage contact details through an Options Page while administrators handle technical settings elsewhere.
This combination of role-based capabilities and field-level visibility creates focused, clutter-free admin experiences tailored to each user’s actual responsibilities.
Supercharge Your Website With Premium Features Using ACF PRO
Speed up your workflow and unlock features to better develop websites using ACF Blocks and Options Pages, with the Flexible Content, Repeater, Clone, Gallery Fields & More.
How to create custom WordPress user roles
Creating custom roles requires either a plugin or custom code – both approaches achieve the same result with different trade-offs in convenience and control.
We’ll build a Customer Support Agent role designed for team members who help users but shouldn’t access core content management.
This role needs specific capabilities:
- Dashboard access (
read) - Viewing all users (
list_users) - Editing user profiles, including passwords and emails (
edit_users) - Moderating comments (
moderate_comments) - Accessing private posts and pages for internal documentation (
read_private_posts,read_private_pages)
This combination lets support agents assist users with account issues, moderate community discussions, and reference internal knowledge bases without touching published content or site settings.
The plugin method offers a user-friendly interface and ongoing management tools. Custom code provides more control and doesn’t add plugin overhead, but requires comfort with PHP.
Both methods create identical functionality – your choice depends on your technical preference and long-term maintenance approach.
Method 1: Custom WordPress user roles using plugins
User Role Editor is a free plugin that lets you create and modify WordPress user roles through a visual interface. Instead of manually coding the capabilities, you get checkboxes for each permission, role cloning, and bulk management tools.
Here’s how to use it to create a custom WordPress user role:
- With the plugin installed and activated, go to your admin dashboard and open Users > User Role Editor.
- From the menu on the right, click Add Role.
- Add the new role’s details. Keep the ID simple, save the descriptiveness for the display name.
- Click Add Role when you’re done.
- The new role will now be ready for editing. Check the capabilities from the list as needed. Use the Quick filter text box to find capabilities faster.
- Click Update from the menu on the right when you’re done and confirm the action when you get the dialog box.
💡Use the Delete Role option to get rid of a custom role when you no longer need it.
- From the dashboard, go to Users > Add User. Expand the Role dropdown, and you should see it ready for assigning.
Choose this over custom code when you need frequent role adjustments, work with non-technical team members, or want ongoing management without the threat of syntax errors taking your site offline.
Method 2: Custom WordPress user roles without using plugins
If you’re comfortable with PHP and want granular control over things, custom code might be the way to go. You define roles exactly once, and they persist until you remove the code. You don’t worry about plugin updates breaking functionality, interface overhead, or database bloat from unused plugin features.
This approach works best when you know exactly what capabilities you need and don’t plan frequent role modifications. The code is also portable – drop it into any WordPress site and your custom roles work immediately.
Instead of editing functions.php, we’ll create a custom plugin instead, so your work isn’t erased by theme changes.
We’re going to use WordPress’s built-in add_role() and remove_role() functions to create the Customer Support Agent role with the same capabilities we defined earlier.
Let’s get into it:
- Start by setting up the plugin structure. Create a new folder called custom-user-roles in your /wp-content/plugins/ directory.
- Inside this folder, create a file named custom-user-roles.php.
- Open the file and add the plugin header that tells WordPress this is a valid plugin:
<?php
/**
* Plugin Name: Customer Support Agent role
* Description: Adds custom user role for Customer Support Agents
* Version: 1.0
* Author: Your Name
*/- Add security protection to prevent direct file access outside of WordPress:
if (!defined('ABSPATH')) {
exit;
}- Create the function that builds your Customer Support Agent role with the required capabilities:
function create_customer_support_role() {
if (!get_role('customer_support')) {
add_role(
'customer_support',
'Customer Support Agent',
array(
'read' => true,
'list_users' => true,
'edit_users' => true,
'moderate_comments' => true,
'read_private_posts' => true,
'read_private_pages' => true,
)
);
}
}- Hook the function to run automatically when the plugin activates:
register_activation_hook(__FILE__, 'create_customer_support_role');- Add cleanup functionality to remove the role when the plugin deactivates:
function remove_customer_support_role() {
remove_role('customer_support');
}
register_deactivation_hook(__FILE__, 'remove_customer_support_role');
?>- Save the file and activate the plugin through your WordPress admin dashboard under Plugins > Installed Plugins.
- Test it wherever you expect to see user roles listed. Here it is under ACF’s location rules:
Unlock advanced user management with custom roles and ACF
Custom WordPress user roles move you from chaotic permission management and into precise control systems. Instead of forcing users into ill-fitting default roles, you can craft exact permission sets that match your workflow and security requirements.
Use plugins for convenience or custom code for control, but the result is the same: team members and clients get exactly the access they need without compromising your site’s integrity. No more administrators who only need to edit content, or clients accidentally breaking functionality they shouldn’t touch.
ACF elevates this approach by adding visual control layers. Role-based field visibility and custom Options Pages create focused admin experiences that feel purpose-built rather than generic. Users see only what’s relevant to their role, reducing confusion and support requests.
When you’re ready to build truly custom admin experiences, check out ACF PRO for its advanced user role features and the tools to create professional-grade user management systems.
For plugin support, please contact our support team directly, as comments aren't actively monitored.