What is the promote_users permission in WordPress? #
The promote_users permission allows you to change the role of WordPress users. If you have a multisite network, it also allows you to add existing network users to another site.
If you have the promote_users permission (plus some other necessary permissions), you can go to the “Users” screen in WordPress and see the “Change role to…” dropdown:
Warning: This permission should be used with caution. Let me explain why. First, to take advantage of the promote_users permissions, you will also need these two permissions: list_users and edit_users. If you have those permissions, plus promote_users, you will be able to edit any user … even administrators!
Fortunately, both the PublishPress Capabilities and PublishPress Permissions plugin will block this from happening. So unless you want Subscribers to be editing Administrators, I highly recommend installing one of those two plugins if you want to use promote_users. Click here for more details on this security feature.
Who has the promote_users permission? #
The promote_users permission is available on single WordPress sites and on multisite networks.
By default, the promote_users permission is only given to Super Admins, and Administrators.
Users not in these roles are not allowed to promote other users on a WordPress site to new roles.
How can you control who has the promote_users permission? #
You can control who has the promote_users permission by installing the PublishPress Capabilities plugin.
- Install the PublishPress Capabilities plugin.
- Go to “Capabilities” in your WordPress admin menu.
- Using the dropdown in the top-left corner, choose the role you want to edit.
- Click the “Users” tab.
- Check or uncheck the “promote users” box in the “Other WordPress Core Capabilities” area.