Out of the box, WordPress provides a handful of user roles, from Subscriber to Administrator, each with an increasing level of access to manage content and settings on the site. While these roles provide a great starting point for many WordPress sites, they don’t offer the granularity one expects in a large organization with complex editorial workflows. Fortunately, these roles just begin to tap into the power of WordPress’s underlying capabilities API, which provides fine-grained access control for every aspect of the site’s administration, from controlling who can access a settings screen to which users can edit or publish a particular post.
This presentation focuses on the technical aspects of role and capability management in WordPress. How do you create and edit user roles? How do you dynamically filter capabilities? What the heck is a “meta capability”? How can you have more control than the various role editing plugins provide? We’ll take a journey through the code to learn the most effective and efficient ways to manage your users’ editorial and administrative experiences, using some examples from solutions Modern Tribe has implemented at Stanford Law School and Harvard Law School.