We recently wrote about the edit_posts permission in WordPress. This permission is incredibly powerful. The edit_posts permission controls access to at least six important writing features in WordPress:
When you log in to a WordPress site, you will see boxes full of information. These are called “Dashboard Widgets”.
You will probably see a “Welcome to WordPress!” widget with lots of useful links. There's also a “WordPress Events and News” widget with official updates. There's an “At a Glance” widget so you can quickly see key statistics for your site.
Those are only some of the default widgets. And when you add plugins, they will also add extra widgets. In the image below, you can see a widget called “Easy Digital Downloads Sales” which comes from a plugin.
The moderate_comments capability is one of the more confusing permissions in WordPress. It controls who can manage and post comments on your site.
I know many of you want to control who can manage or post comments on your site, so in this guide I'll explain how this capability works. You may also find it helpful to read our guide to authors managing comments on their own posts.
Contact Form 7 is one of the most popular plugins in the WordPress world. However, it is a fairly basic plugin that lacks some key features such as access control.
We had an interesting question from a PublishPress user this week:
I am trying to allow a some user role to choose an existing Tag, but not allow them to create new Tags. This was simple enough to do with Categories, but I cannot figure it out for Tags.
This was a great question that requires some explanation. We recommend the TaxoPress plugin for managing your tags, but PublishPress plugins can handle these more complex permissions.
Several of our PublishPress plugins allow you to control what users can do on your WordPress site. These plugins allow you to change user permissions via the WordPress admin area.
However, there's a lot going on behind the scenes. PublishPress customers often have questions from users about WordPress permissions and where they are stored in the database. This post is an introduction to those database tables.
One thing to note: although most people refer to “user permissions” or perhaps “user access”, WordPress uses the word “capabilities”.
We seen a few PublishPress users report problems with embeds in Gutenberg. If they restrict permissions for users, they sometimes find that those users can not add embeds from YouTube, Instagram, Facebook and other sites.