What is the upload_files permission in WordPress?
The “upload_files” capability is one of the most important in WordPress.
If users don’t have the “upload_files” capability, they completely lose access to the Media Library. They can’t upload files or even browse media on your site.
If users do not have the “upload_files” capability, this image below shows what they will see when they use an image block in Gutenberg. They will see the message, “Given your current role, you can only link an image, you cannot upload.”
In contrast, this next image shows what a user with the upload_files capability will see:
Also, users without the upload_files capability will not have access to the “Media” link in the WordPress admin menu.
Who has the upload_files permission?
The upload_files permission is available on single WordPress sites and on multisite networks.
How to control the upload_files permission
If you use the PublishPress Capabilities plugin, you can enable or disable this capability for each user role.
- Install the PublishPress Capabilities plugin.
- Go to “Capabilities” in your WordPress admin menu.
- In the top-right corner of the screen, load the user role that you want to customize. In this image below, I’ve chosen the “Editor” role:
In the center of the screen, you can now set the permissions. If you want to allow people in the Editor role to create posts, check the “upload files” box: