0
0
WordpressHow-ToBeginner · 4 min read

How to Restrict Content by User Role in WordPress Easily

To restrict content by user role in WordPress, use the current_user_can() function to check the user's role before showing content. Wrap the content inside a conditional statement that tests the user's capabilities or roles to control access.
📐

Syntax

The main function to check user roles in WordPress is current_user_can(). It takes a capability or role name as a string and returns true if the current user has that role or capability.

  • current_user_can('capability_name'): Checks if user has a specific capability.
  • Wrap your content inside an if statement using this function to restrict access.
php
<?php
if ( current_user_can('editor') ) {
    // Content for editors only
    echo 'Welcome, editor!';
} else {
    echo 'Sorry, you do not have access to this content.';
}
?>
Output
Welcome, editor! (if user is editor) or Sorry, you do not have access to this content.
💻

Example

This example shows how to restrict a part of a WordPress page so only users with the administrator role can see it. Others see a message denying access.

php
<?php
// Place this code inside a theme template or a plugin
if ( current_user_can('administrator') ) {
    echo '<h2>Admin Only Content</h2>';
    echo '<p>This content is visible only to administrators.</p>';
} else {
    echo '<p><strong>Access Denied:</strong> You must be an administrator to view this content.</p>';
}
?>
Output
<h2>Admin Only Content</h2><p>This content is visible only to administrators.</p> OR <p><strong>Access Denied:</strong> You must be an administrator to view this content.</p>
⚠️

Common Pitfalls

  • Using role names instead of capabilities can sometimes fail because current_user_can() expects capabilities, not roles.
  • Not checking if a user is logged in before calling current_user_can() can cause unexpected results.
  • For custom roles, ensure they have proper capabilities assigned.

Always test your code with different user roles to confirm restrictions work as expected.

php
<?php
// Wrong way: Checking role name directly (may not work as expected)
if ( current_user_can('subscriber') ) {
    echo 'Content for subscribers';
}

// Right way: Check a capability that role has, e.g., 'read'
if ( current_user_can('read') ) {
    echo 'Content for users who can read';
}
?>
Output
Content for users who can read (if user has read capability)
📊

Quick Reference

Function / ConceptDescription
current_user_can('capability')Checks if current user has a capability or role
is_user_logged_in()Checks if any user is logged in
add_role()Adds a new user role with capabilities
remove_role()Removes a user role
get_userdata()Gets user info including roles

Key Takeaways

Use current_user_can() to check user capabilities before showing content.
Always test restrictions with different user roles to ensure correct access.
Avoid checking role names directly; check capabilities instead.
Wrap restricted content inside conditional statements for clean control.
Use is_user_logged_in() to verify user login status before role checks.

Related by keyword

WordPress.com vs WordPress.org: Key Differences and When to Use EachGetting StartedWhat is the_content Filter in WordPress: How It Works and UsageHooksHow to Fix Mixed Content Errors in WordPress QuicklyCommon ErrorsHow to Add Custom CSS in WordPress EasilyThemesHow to Change Theme in WordPress Quickly and EasilyThemes

Up next

How to Use WP_Query in WordPress: Syntax and ExamplesWP_Query vs get_posts in WordPress: Key Differences and UsageHow to Add Menu Page in Admin in WordPress EasilyHow to Add Submenu Page in WordPress Admin Quickly

More in Users and Roles

How to Add Custom Capability in WordPress EasilyHow to Change User Role in WordPress Quickly and SafelyHow to Create Custom User Role in WordPress EasilyHow to Create a User in WordPress: Step-by-Step Guide