What is the upload_files permission in WordPress? #
The “upload_files” capability is one of the most important in WordPress.
If users don’t have the “upload_files” capability, they completely lose access to the Media Library. They can’t upload files or even browse media on your site.
If users do not have the “upload_files” capability, this image below shows what they will see when they use an image block in Gutenberg. They will see the message, “Given your current role, you can only link an image, you cannot upload.”
In contrast, this next image shows what a user with the upload_files capability will see:
Also, users without the upload_files capability will not have access to the “Media” link in the WordPress admin menu.
Who has the upload_files permission? #
The upload_files permission is available on single WordPress sites and on multisite networks.
By default, the upload_files permission is only given to Super Admins, Administrators, Editors and Authors. This is NOT given to Contributors and Subscribers.
How to control the upload_files permission #
If you use the PublishPress Capabilities plugin, you can enable or disable this capability for each user role.
- Install the PublishPress Capabilities plugin.
- Go to “Capabilities” in your WordPress admin menu.
- In the top-left corner of the screen, load the user role that you want to customize.
- Check the “Create” box in the “Media” row. This is the upload_files capability, and you can confrim that by hovering over the box and seeing the tooltip that says “upload_files”.