What is the promote_users permission in WordPress? #

The promote_users permission allows you to change the role of WordPress users. If you have a multisite network, it also allows you to add existing network users to another site.

If you have the promote_users permission (plus some other necessary permissions), you can go to the “Users” screen in WordPress and see the “Change role to…” dropdown:

Warning: This permission should be used with caution. Let me explain why. First, to take advantage of the promote_users permissions, you will also need these two permissions: list_users and edit_users. If you have those permissions, plus promote_users, you will be able to edit any user … even administrators!

Fortunately, both the PublishPress Capabilities and PublishPress Permissions plugin will block this from happening. So unless you want Subscribers to be editing Administrators, I highly recommend installing one of those two plugins if you want to use promote_users. Click here for more details on this security feature.

Who has the promote_users permission? #

The promote_users permission is available on single WordPress sites and on multisite networks.

By default, the promote_users permission is only given to Super Admins, and Administrators.

Users not in these roles are not allowed to promote other users on a WordPress site to new roles.

How can you control who has the promote_users permission? #

You can control who has the promote_users permission by installing the PublishPress Capabilities plugin.

  • Install the PublishPress Capabilities plugin.
  • Go to “Capabilities” in your WordPress admin menu.
  • Using the dropdown in the top-left corner, choose the role you want to edit.
  • Click the “Users” tab.
  • Check or uncheck the “promote users” box in the “Other WordPress Core Capabilities” area.

All the WordPress user permissions #