Bird
Raised Fist0
Wordpressframework~20 mins

User roles and permissions in Wordpress - Practice Problems & Coding Challenges

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Challenge - 5 Problems
🎖️
WordPress Roles & Permissions Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
component_behavior
intermediate
2:00remaining
What happens when a user with the 'Editor' role tries to delete a published post?

In WordPress, users have different roles with specific capabilities. Consider a user assigned the 'Editor' role. What will happen if this user attempts to delete a published post?

AThe user cannot delete any posts at all.
BThe user cannot delete published posts, only drafts or their own posts.
CThe user can delete the published post without restrictions.
DThe user can delete only posts they authored, not posts by others.
Attempts:
2 left
💡 Hint

Think about the default capabilities assigned to the Editor role in WordPress.

📝 Syntax
intermediate
2:00remaining
Which code snippet correctly adds a custom capability to the 'Author' role?

You want to add a custom capability named 'edit_special_content' to the 'Author' role in WordPress. Which code snippet does this correctly?

A$role = get_role('author'); $role->add_cap('edit_special_content');
B$role = get_role('Author'); $role->add_cap('edit_special_content');
Cget_role('Author')->add_cap('edit_special_content');
Dadd_cap('Author', 'edit_special_content');
Attempts:
2 left
💡 Hint

Remember that role slugs are lowercase and you need to get the role object before adding capabilities.

state_output
advanced
2:00remaining
What is the output of this code when checking if a user can 'publish_posts'?

Consider the following code snippet executed in a WordPress environment where the current user has the 'Contributor' role:

if (current_user_can('publish_posts')) {
  echo 'Can publish';
} else {
  echo 'Cannot publish';
}

What will be printed?

Wordpress
if (current_user_can('publish_posts')) {
  echo 'Can publish';
} else {
  echo 'Cannot publish';
}
ACannot publish
BCan publish
CFatal error: function current_user_can() not found
DNo output
Attempts:
2 left
💡 Hint

Check the default capabilities of the 'Contributor' role regarding publishing posts.

🔧 Debug
advanced
2:00remaining
Why does this code fail to add a capability to a custom role?

Given this code snippet, why does the custom capability not get added to the 'custom_role'?

add_action('init', function() {
  $role = get_role('custom_role');
  $role->add_cap('manage_special_feature');
});
Wordpress
add_action('init', function() {
  $role = get_role('custom_role');
  $role->add_cap('manage_special_feature');
});
AThe capability name 'manage_special_feature' is reserved and cannot be added.
BThe 'init' hook runs too early before roles are registered.
CThe 'custom_role' does not exist, so get_role returns null causing an error.
Dadd_cap() requires a second parameter to enable the capability.
Attempts:
2 left
💡 Hint

Check if the role 'custom_role' exists before adding capabilities.

🧠 Conceptual
expert
3:00remaining
How does WordPress determine if a user can perform a specific action?

Explain the process WordPress uses internally to decide if a user has permission to perform an action like 'edit_post'. Which of the following best describes this process?

AWordPress checks the user's role and matches it exactly to the action name.
BWordPress checks the user's capabilities, which are assigned to roles or directly to users, to see if the capability required for the action is present.
CWordPress checks if the user is an administrator; if not, all actions are denied.
DWordPress uses the user's username to look up permissions in the database for each action.
Attempts:
2 left
💡 Hint

Think about how roles and capabilities relate to permissions.

Practice

(1/5)
1. What is the main purpose of user roles in WordPress?
easy
A. To group permissions and control what users can do
B. To change the website's theme
C. To add new plugins automatically
D. To backup the website data

Solution

  1. Step 1: Understand the concept of user roles

    User roles in WordPress are designed to group permissions for users.

  2. Step 2: Identify the purpose of roles

    Roles control what actions users are allowed to perform on the site.

  3. Final Answer:

    To group permissions and control what users can do -> Option A

  4. Quick Check:

    User roles = group permissions [OK]
Hint: Roles group permissions to control user actions [OK]
Common Mistakes:
  • Confusing roles with themes or plugins
  • Thinking roles backup data
  • Assuming roles add new features automatically
2. Which function is used to add a new user role in WordPress?
easy
A. add_user_role()
B. add_role()
C. create_role()
D. new_role()

Solution

  1. Step 1: Recall WordPress role functions

    The correct function to add a new role is add_role().

  2. Step 2: Verify function names

    Other options like add_user_role() or create_role() do not exist in WordPress core.

  3. Final Answer:

    add_role() -> Option B

  4. Quick Check:

    Adding roles = add_role() [OK]
Hint: Use add_role() to create new roles [OK]
Common Mistakes:
  • Using add_user_role() which is not a WordPress function
  • Confusing with create_role() or new_role()
  • Trying to add roles without this function
3. What will the following code output if the current user has the 'edit_posts' capability?
if (current_user_can('edit_posts')) {
  echo 'Can edit posts';
} else {
  echo 'Cannot edit posts';
}
medium
A. Cannot edit posts
B. Syntax error
C. No output
D. Can edit posts

Solution

  1. Step 1: Understand current_user_can() behavior

    This function checks if the current user has a specific capability.

  2. Step 2: Analyze the condition

    If the user has 'edit_posts', the code echoes 'Can edit posts'.

  3. Final Answer:

    Can edit posts -> Option D

  4. Quick Check:

    Has capability = prints confirmation [OK]
Hint: current_user_can() returns true if user has capability [OK]
Common Mistakes:
  • Assuming it returns false always
  • Confusing capability names
  • Expecting syntax errors from correct code
4. Identify the error in this code snippet for removing a user role:
remove_role('editor');
medium
A. remove_role() requires two parameters
B. remove_role() cannot remove default roles
C. No error, this code correctly removes the 'editor' role
D. The role name must be capitalized

Solution

  1. Step 1: Check remove_role() usage

    The function remove_role() takes one parameter: the role slug. This usage is correct.

  2. Step 2: Verify default roles behavior

    WordPress allows removing default roles like 'editor' using remove_role(). The code executes without error, though default roles may be re-registered later.

  3. Final Answer:

    No error, this code correctly removes the 'editor' role -> Option C

  4. Quick Check:

    remove_role() works on all roles [OK]
Hint: remove_role('editor') works fine [OK]
Common Mistakes:
  • Thinking remove_role needs two parameters
  • Believing default roles cannot be removed
  • Assuming role names must be capitalized
5. You want to create a custom role 'content_manager' that can edit posts and moderate comments. Which code snippet correctly adds this role with these capabilities?
hard
A. add_role('content_manager', 'Content Manager', ['edit_posts' => true, 'moderate_comments' => true]);
B. add_role('content_manager', 'Content Manager', ['edit_posts', 'moderate_comments']);
C. add_role('content_manager', 'Content Manager', ['edit_posts' => false, 'moderate_comments' => true]);
D. add_role('content_manager', 'Content Manager', ['edit_posts' => true, 'delete_posts' => true]);

Solution

  1. Step 1: Understand add_role() parameters

    The function takes role slug, display name, and an array of capabilities with boolean values.

  2. Step 2: Check capabilities array

    Capabilities must be keys with true/false values to grant or deny permissions.

  3. Step 3: Match required capabilities

    Only add_role('content_manager', 'Content Manager', ['edit_posts' => true, 'moderate_comments' => true]); correctly grants 'edit_posts' and 'moderate_comments' as true.

  4. Final Answer:

    add_role('content_manager', 'Content Manager', ['edit_posts' => true, 'moderate_comments' => true]); -> Option A

  5. Quick Check:

    Capabilities array with true values = correct role setup [OK]
Hint: Capabilities array needs keys with true/false values [OK]
Common Mistakes:
  • Passing capabilities as list without keys
  • Setting capability to false when it should be true
  • Adding wrong capabilities not requested