“unfiltered_html” is a security feature in WordPress that prevents users from using tags such as <iframe>, <embed> plus also more advanced code such as Javascript.
unfiltered_html could be very dangerous in the wrong hands, so please don’t give this permission to any users you don’t trust. WordPress has disabled this permission for most users because they rarely need it. For example, if you need to use embeds that WordPress doesn’t support look around for plugins such as EmbedPress.
There are several permissions in WordPress that are really powerful:
The “upload_files” capability is one of the most important in WordPress.
If users don’t have the “upload_files” capability, they completely lose access to the Media Library. They can’t upload files or even browse media on your site.
If users do not have the “upload_files” capability, this image below shows what they will see when they use an image block in Gutenberg. They will see the message, “Given your current role, you can only link an image, you cannot upload.”
We recently wrote about the edit_posts permission in WordPress.
This permission is incredibly powerful. The edit_posts permission controls access to at least 6 important writing features in WordPress:
You won’t be surprised to learn that WordPress is very, very careful about who can delete media files.
Only Administrators are able to delete images and files in your Media Library.
Anyone who is a Subscriber, Contributor, Author and Editor roles is not permitted to delete media items.
Revisionary is the best plugin for managing revisions in WordPress.
The latest release of Revisionary improves support for multisite networks.
In some situations, you may need to completely refresh your WordPress site.
If you find yourself needing to reset your WordPress user permissions, this is possible with a plugin called Capability Manager Enhanced. This plugin has an option to delete all the current permissions and user roles, and restore the WordPress defaults.
I’m delighted to say that the Capability Manager Enhanced plugin is now part of the PublishPress family.
This is one of the most popular Permissions plugins on WordPress.org, with over 70,000 active installs.
If you a a WordPress multisite network, it can be helpful to standardize your setup across the various sites. In this guide, I’ll show you how to control user roles and permissions across the network.
One PublishPress user came to use with this question:
“I want authors to log in to the WordPress admin area and only see their posts. I don’t want them to see the posts from other authors. Is this possible?”
Yes, this is possible. You can do it by installing the Capability Manager Enhanced plugin.
