When WordPress was just a blogging platform, only one user mattered: you, the blogger. But as WordPress has increasingly been used as a content management system for large-scale sites, a one-size-fits-all user class is bad for security and bad for the user experience. This course examines the built-in WordPress user roles and explores how to extend those and create new custom roles for different scenarios.
Chris is a freelance WordPress theme and plugin developer, one half of the design studio Arcane Palette Creative Design, lead developer of WordPress theme shop Museum Themes and Project Manager for the event management plugin Event Espresso. In his free time, he makes electronic music.
Why Use User Roles? When WordPress was young, user roles weren't something many people thought about. Most installs were for a single blogger who would obviously be an administrator so he or she could control all aspects of the site. In some less familiar scenarios, a site may have been built and set up by a WordPress developer who may have given his client lower-level user roles, like editor, so they could access the parts of the site they would most likely be using, like content, but not be able to break anything by modifying settings or adding or removing plug-ins which could be central to how the site was developed. Other times, you might have a larger multi-author blog for a new site like Gizmodo, Mashable, Smashing Magazine or the new WordPress news site, Torque. In those cases, you wouldn't want to give all of your authors the same level of access to the admin of the site, you would just want them to have access to those places they'd be contributing. In some cases, you might even want to approve their posts before they go live on the site. These are all fairly traditional uses of the built-in WordPress user roles, but these one-size-fits-all solutions don't always solve every problem. What if you wanted to give your users access to some plug-in or WordPress settings, but not all of them? What if you want them to be able to manage widgets, but not have access to the theme editor? What if none of the existing user roles really let you do the things that you want your users or clients to be able to do? New scenarios outside the scope of the default user roles are becoming more common as WordPress is used as the backbone for apps, membership sites, and more. This course will explore how the existing user role system in WordPress works, how to extend the current system to add new capabilities to the current user roles, and how to break out of those constraints to build new roles with new sets of capabilities tailored specifically to your needs.