How to change WordPress User Role capabilities

User Roles

User Roles


Every WordPress blog owner knows that WordPress 2.8 and higher user standard roles are: Administrator, Editor, Author, Contributor, Subscriber.
What is the difference? What the “Author” can do but “Contributor” can not? Comprehensive information about it can be found here, at WordPress.org
But where all that data are stored? How to change the role if you really need it? Interested? Read this article and you will get some answers on that questions. Recently I met with the following problem at the multi-authored blog. User with role “Author” can upload images to the blog server, but can not use it in his/her posts. Any HTML tags are immediately removed from post text after “Author” saves his draft or post. The same user with role “Editor” stores post with all HTML tags he includes in it with success. The problem is that WordPress automatically applies HTML filters to all author’s content if he has not “unfiltered_html” capability in his role. The “Author” role has not such capability in WordPress by default. So if you wish to give your authors the ability to include images or other media staff into their posts, you are in the right place.
First of all, user roles data are stored in the MySQL database table which is named ‘wp_options’ by default. You need to have one of MySQL client software (MyPHPAdmin, MySQLyog, etc.) to connect to your blog MySQL database and go ahead with text of this post further.
This SQL command help you find the record containing information about WordPress user roles:

SELECT * FROM wp_options WHERE option_name="wp_user_roles"

As the result we can see that user roles data is stored in the option_value field as the text string of the special format. To be exact, it is a format which can be used to read from and write to the PHP array.

a:5:{
s:13:"administrator";a:2:{s:4:"name";s:13:"Administrator";s:12:"capabilities";a:54:{s:13:"switch_themes";b:1;s:11:"edit_themes";b:1;s:16:"activate_plugins";b:1;s:12:"edit_plugins";b:1;s:10:"edit_users";b:1;s:10:"edit_files";b:1;s:14:"manage_options";b:1;s:17:"moderate_comments";b:1;s:17:"manage_categories";b:1;s:12:"manage_links";b:1;s:12:"upload_files";b:1;s:6:"import";b:1;s:15:"unfiltered_html";b:1;s:10:"edit_posts";b:1;s:17:"edit_others_posts";b:1;s:20:"edit_published_posts";b:1;s:13:"publish_posts";b:1;s:10:"edit_pages";b:1;s:4:"read";b:1;s:8:"level_10";b:1;s:7:"level_9";b:1;s:7:"level_8";b:1;s:7:"level_7";b:1;s:7:"level_6";b:1;s:7:"level_5";b:1;s:7:"level_4";b:1;s:7:"level_3";b:1;s:7:"level_2";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;s:17:"edit_others_pages";b:1;s:20:"edit_published_pages";b:1;s:13:"publish_pages";b:1;s:12:"delete_pages";b:1;s:19:"delete_others_pages";b:1;s:22:"delete_published_pages";b:1;s:12:"delete_posts";b:1;s:19:"delete_others_posts";b:1;s:22:"delete_published_posts";b:1;s:20:"delete_private_posts";b:1;s:18:"edit_private_posts";b:1;s:18:"read_private_posts";b:1;s:20:"delete_private_pages";b:1;s:18:"edit_private_pages";b:1;s:18:"read_private_pages";b:1;s:12:"delete_users";b:1;s:12:"create_users";b:1;s:17:"unfiltered_upload";b:1;s:14:"edit_dashboard";b:1;s:14:"update_plugins";b:1;s:14:"delete_plugins";b:1;s:15:"install_plugins";b:1;s:13:"update_themes";b:1;s:14:"install_themes";b:1;}}
s:6:"editor";a:2:{s:4:"name";s:6:"Editor";s:12:"capabilities";a:34:{s:17:"moderate_comments";b:1;s:17:"manage_categories";b:1;s:12:"manage_links";b:1;s:12:"upload_files";b:1;s:15:"unfiltered_html";b:1;s:10:"edit_posts";b:1;s:17:"edit_others_posts";b:1;s:20:"edit_published_posts";b:1;s:13:"publish_posts";b:1;s:10:"edit_pages";b:1;s:4:"read";b:1;s:7:"level_7";b:1;s:7:"level_6";b:1;s:7:"level_5";b:1;s:7:"level_4";b:1;s:7:"level_3";b:1;s:7:"level_2";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;s:17:"edit_others_pages";b:1;s:20:"edit_published_pages";b:1;s:13:"publish_pages";b:1;s:12:"delete_pages";b:1;s:19:"delete_others_pages";b:1;s:22:"delete_published_pages";b:1;s:12:"delete_posts";b:1;s:19:"delete_others_posts";b:1;s:22:"delete_published_posts";b:1;s:20:"delete_private_posts";b:1;s:18:"edit_private_posts";b:1;s:18:"read_private_posts";b:1;s:20:"delete_private_pages";b:1;s:18:"edit_private_pages";b:1;s:18:"read_private_pages";b:1;}}
s:6:"author";a:2:{s:4:"name";s:6:"Author";s:12:"capabilities";a:10:{s:12:"upload_files";b:1;s:10:"edit_posts";b:1;s:20:"edit_published_posts";b:1;s:13:"publish_posts";b:1;s:4:"read";b:1;s:7:"level_2";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;s:12:"delete_posts";b:1;s:22:"delete_published_posts";b:1;}}
s:11:"contributor";a:2:{s:4:"name";s:11:"Contributor";s:12:"capabilities";a:5:{s:10:"edit_posts";b:1;s:4:"read";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;s:12:"delete_posts";b:1;}}
s:10:"subscriber";a:2:{s:4:"name";s:10:"Subscriber";s:12:"capabilities";a:2:{s:4:"read";b:1;s:7:"level_0";b:1;}}}

Here we see that:

  • a:number:{ is the begin of array and “number” is the number of array elements. For example “a:5:{” at the begin of the string means that roles array consists of 5 element. Remember that WordPress has exactly 5 roles.
  • s:number:"string"; – “s” is the type of string element, number is the quant of chars in the string. E.g. s:6:"author";
  • b:1; – means the Boolean element with value “1” or “True”
  • That’s almost all. We can see that capabilities are stored inside roles in the “Name-Boolean value” format. Now we should to find the “unfiltered_html” capability in the “Editor” role, copy the sequence s:15:"unfiltered_html";b:1; from there and paste it into the “Author” role, just after s:12:"upload_files";b:1; capability. To finish the role change we have to increase to 1 the quant of elements in the “Author” role array. By default the “Author” role has 10 capabilities or in this special format a:10:{s:12:"upload_files". To finish the role update we need to change 10 to 11, and finally have this a:11:{s:12:"upload_files" inside the “Author” role.
    What is left? Just update MySQL table wp_options to store your changes. Use this SQL command for that:

     UPDATE `wp_options` 
    SET option_value='changed value here' WHERE option_id=NN;

    Do not forget to replace ‘changed value here’ with modified user roles data from the previous query and ‘NN’ on the wp_options table record Id from the same query.
    Warning! Make a backup of wp_options table first. Just after making the fresh backup go ahead with any update SQL command.

    Congratulations, we changed WordPress user role without change the line of PHP code.

    I got the information about WordPress user roles storage mechanism from this file wp-admin\includes\schema.php
    If you wish to change user role capabilities for the WordPress MU blog please read “How to change WordPress MU user role capabilities” post.

    If material shown above is little difficult for you or you have new ideas about user role capabilities valid list more often than 1 time a year consider to use my “User Role Editor” WordPress plugin.
    It offers user interface to make the correction of the user role data easy and convenient way.
    Thank you.

    Tags: ,