What is the create_users permission in WordPress? #
The create_users capability allows you to create accounts for other WordPress users.
To use the create_users permission, you will also need the list_users and edit_users permissions.
If you have the create_users permission, you will see the “Add New” button on the WordPress “Users” screen:
Don't confuse the create_users permission with add_users. The add_users permission was retired in 2015. You should use create_users instead.
An important thing to know about create_users #
If you have the create_users permission, you will be able to create users in ANY role. So users in the lowest “Subscriber” role will be able to create accounts for the highest “Administrator” role.
Fortunately, both the PublishPress Capabilities and PublishPress Permissions plugins will block this from happening. So unless you want Subscribers to be creating Administrators, I highly recommend installing one of those two plugins if you want to use create_users.
Click here for more details on this security feature.
Who has the create_users permission? #
The create_users permission is available on single WordPress sites and on multisite networks.
By default, the create_users permission is only given to Super Users, and Administrators.
Users not in these roles are not allowed to create new user accounts on a WordPress site.
How can you control who has the create_users permission? #
You can control who has the create_users permission by installing the PublishPress Capabilities plugin.
- After installing PublishPress Capabilities, go “Capabilities” in your WordPress admin menu.
- Using the dropdown in the top-left corner, choose the role you want to edit.
- Check or uncheck the “create users” box in the “Users” area.