Members – Role Hierarchy WordPress Plugin

Over the years since releasing the first version of the Members plugin, I’ve had one rule I’ve preached over and over and over: Roles Are Not Hierarchical.

In WordPress, this is actually true. Despite the appearance of a hierarchy in the default roles (Administrator, Editor, Author, Contributor, Subscriber), there’s not a true hierarchy there. Roles simply can or cannot perform some particular task based on the capabilities given to them.

This comes as a huge shock to many users who install my plugin and think that they can give Editors, for example, the ability to create new users. Little do they know that this capability allows Editors to create an Administrator. It doesn’t take a genius to figure out that could lead to some less-than-great consequences. For the sort of sites that need role management, this is typically a serious security concern.

That’s where the Members – Role Hierarchy plugin comes in. It creates a hierarchical role system and allows you to assign roles a “position” in the hierarchy. It eliminates the issue of low-level users being able to create, edit, delete, or promote users higher than their own role.

How the plugin works

Screenshot of Members - Role Hierarchy plugin

On the edit or new role screen, there’s a new meta box labeled “Role Position”. Simply assign a number to the role to give it a position in the hierarchy. The default is 0. The higher the number, the higher role is in the hierarchy.

There’s only one setting in the plugin, which you can find via the “Settings > Members” screen in the admin. The “Role Hierarchy” setting on that screen will allow you to choose whether users can manage users/roles “lower” or “lower or equal” to their own role.

Get the plugin

You can grab a copy of the plugin from the following places:

A special thanks

I’ve always had it in the back of my mind to build this add-on plugin. However, I never seemed to have the time or financial incentive to make it happen. So, I jumped at the chance to build this for a client who was willing to let me release this back as a plugin to the greater WP community.

The client wishes to remain anonymous, but I wanted to at least write a quick note to acknowledge his part in making this plugin happen.

7 Comments


  1. Hi,

    Thank you for this and a big thank you to your generous client. It has just come at the right time.

    Regards,
    Phil


  2. Hi, thanks to your generous client. I have just use your plug-in on a website that I have made for a client and it works extremely well as it solves a huge issue!!!


  3. i still can’t understand more on this plugin. was it men we have a member hierarchy based on a user importance and their performance in the site?


    1. If you don’t understand it, you probably don’t need it. I’m being serious. The vast majority of WP users will absolutely never need this plugin.

      However, there are situations where you do need it if you’re allowing roles other than Administrators to edit, create, promote, or delete other users. If you’re not doing this, you don’t need this plugin.

      For example, suppose you wanted to allow Editors to create new users. In WP, that would mean that editors could create a new Administrator account. That’s very bad for security. With this plugin, you can limit the roles that the Editor could create.

  4. KS

    Thanks! Exactly what I was looking for. Using the Member Plugin for the first time, I was really shocked to see that you are able to edit roles above yourself.

  5. Oliver Wieland

    Thank you for this plugin!
    Is there a possibility to add a user aproval?


    1. It wouldn’t make sense to add a user approval feature for this plugin. There are existing plugins out there that already perform that function though.

Comments are closed.