WordPress User Roles Revisited

Date: Thursday, July 13, 2023
Time: 2:30 - 3:15 pm (CDT) (UTC-05:00)
Location: Room 1

Who is this session for?

Developers and site administrators. There will be some technical content, but the level of expertise required to understand the concepts of roles and permissions isn't high.

Session description

There has been a lot of traction in the WordPress user role space over the last several core releases.

Just kidding! I'd be willing to bet that nothing much has changed with any of our typical site launch or user onboarding practices regarding user role assignments over the last sever years. Do you too fall into the established pattern of "you just need to make everyone an admin" despite every security best-practice document in the world suggesting that is not a great idea. Why is that, exactly?

In a rehash of a talk I gave in 2017, I will take another plunge into the history of the underlying system of capabilities and user role definitions in core WordPress. We will examine a couple of the underlying problems that prevents most of us from limiting user access effectively. And after a few pieces of advice about what NOT to do to solve the problem, I will outline of some of the ways in which this community has addressed the problem in the real world. We'll also chat about a couple of small things that we could potentially do to help change to improve upon this forgotten aspect of WordPress.


Steve Ryan

Headshot of Steve Ryan
Senior WordPress Developer, Arizona State University

Steve Ryan is a WordPress engineer for the Ira A. Fulton Schools of Engineering at Arizona State University. His interests include basketball, tennis, chess, and manipulating his two kids into doing their homework. A husband and a father. Immensely proud to be a part of this community.


  • Session: WordPress User Roles Revisited

Our sponsors

Thank you for the generous support of our sponsors. Check out their services and let them know how grateful we are for their support.

Login to WordPress