What are User Role Levels in WordPress?

BySteve Burge

Did you know that every user role in WordPress has a level from 0 to 10? These levels are rarely visible in the WordPress admin area, but they have an important impact on how your site works.

The very lowest user role level is given to the Subscriber role and that has a value of 0. The very highest level is given the Administrator role and that has a level of 10. Here are the user role levels for the five default WordPress roles:

What do these role levels mean?

These role levels are mostly deprecated in WordPress. To some extent they are a relic of the days before WordPress 2.0 added user roles.

WordPress 2.0 came out in 2007, but it took several more years to slowly remove role levels from the codebase.

This snippet below is from a book called “WordPress 2.7 Cookbook”, which was published in 2009. This screenshot below is an extract from that book. You can see that the role levels were hard-coded into WordPress:

WordPress code with role levels

You can still see some of that code in WordPress today. The user role levels are stored in wp_user_roles in the wp_options database table. In the screenshot below, you can see several instances of level_2, level_1 and level_0. If you want more details on this, check out our guide to WordPress user permissions in the database.

User Role Level Database
User Role Level Database

However, although you won't often see role levels in modern WordPress code, role levels do still have two key uses. I'll explain them both in the next section of this tutorial.

Role Levels Usage #1. Creating or editing users in other roles

WordPress does sometimes care about the hierarchy of roles. In particular, the hierarchy is important when creating new user accounts. Here's a practical example where Role Levels matter …

A default WordPress site only allows Administrators to create users. If you give the “create_users” permission to non-Administrators, then they will only be able to create users in a role that is lower in their hierarchy. This means that people in the “Author” role will only be able to create “Contributors” and “Subscribers“. This post explains more and also allows you to modify this restriction.

This hierarchy restriction is a useful security measure. You don't want to allow Authors to create as many Administrators as they want.

The PublishPress Capabilities plugin has some extra security measures including these:

  • Users cannot assign a role with a level higher than their own.
  • Users cannot edit another user with a level higher than their own.
  • Users cannot edit a role with a level higher than their own.

Role Levels Usage #2. The Author dropdown

The “Authors” dropdown for posts will only include users whose role has a level of 1 or higher. This is why you don't see any users in the Subscriber role in the “Authors” dropdown.

Role levels in WordPress can impact editing access

A quick note: if you don't see the Authors box, there may be other reasons.

Occasionally, we do see people who create custom roles but forget to assign a role level. This WordPress.org post is a good example. In that situation, users in that role won't be available as Authors.

If you want to see Subscribers in this dropdown, you can change the level assigned to that role. We'll see how that's done in the next part of this tutorial.

How to change the User Role levels

PublishPress Capabilities does allow you to change the level of each role.

  • Go to “Capabilities”.
  • Choose the role you want to edit.
  • Go to the “Advanced” tab and choose the “Role Level”.
  • Click “Save Changes”.

Get all the PublishPress plugins

Join PublishPress today and you'll get powerful publishing and permissions plugins to improve your WordPress site.

Click here and join PublishPress today

2 Comments

  1. Dear All,
    I am not sure whether i should/can post this question here, but haven’t found where to do so otherwise, so hope you can help.
    I have just downloaded your plugin capabilities and I actually do not need a lot of functions. I want to be the only administrator and I want to have members that, after login, can read and download files that i put there and are not readily accessible to anyone else looking at the website and not logged in. So, basically, I just want an “internal website” behind a login.
    I do not need people to register, I know exactly who i want to give access, so can assign them a role and send them a mail so they can choose a username and password an access.
    How should I do that?
    I see no role that has NO administrator rights?

    Kind regards and thanks in advance,
    Laurian

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *