WordPress at Your Fingertips

current_user_can() WP 2.0.0

Whether the current user has a specific capability.

This function should be used after the plugins_loaded action. By default WordPress setups current user on the init hook.

Use user_can() to check the capabilities of the specified user.

1 time — 0.0034041 sec (very slow) | 50000 times — 3.84 sec (fast) | PHP 7.4.8, WP 5.6

No Hooks.


true|false. Whether the current user has the given capability. If $capability is a meta cap and $object_id is passed, whether the current user has the given meta capability for the given object.


current_user_can( $capability );
$capability(string) (required)
Capability name. See here for the list of roles and capabilities.
$object_id(int) (required)

ID of the specific object to check against if $capability is a "meta" cap.

"Meta" capabilities, e.g. 'edit_post', 'edit_user', etc., are capabilities used by map_meta_cap() to map to other "primitive" capabilities, e.g. 'edit_posts', 'edit_others_posts', etc. Accessed via func_get_args() and passed to WP_User::has_cap(), then map_meta_cap().

Basic capabilities

Capability Super Admin Admin Editor Author Contributor Subscriber
setup_network (WP 4.8) yes
upgrade_network (WP 4.8) yes
manage_network yes
manage_sites yes
manage_network_users yes
manage_network_plugins yes
manage_network_themes yes
manage_network_options yes
Capability Super Admin Admin Editor Author Contributor Subscriber
activate_plugins yes yes (single site or enabled by network setting)
deactivate_plugins (WP 4.9) yes yes
create_users yes yes (single site)
delete_plugins yes yes (single site)
delete_themes yes yes (single site)
delete_users yes yes (single site)
edit_files yes yes (single site)
edit_plugins yes yes (single site)
edit_theme_options yes yes
edit_themes yes yes (single site)
edit_users yes yes (single site)
export yes yes
import yes yes
install_plugins yes yes (single site)
install_themes yes yes (single site)
install_languages (WP 4.9) yes yes (single site)
update_languages (WP 4.9) yes yes (single site)
list_users yes yes
manage_options yes yes
promote_users yes yes
remove_users yes yes
switch_themes yes yes
update_core yes yes (single site)
update_plugins yes yes (single site)
update_themes yes yes (single site)
edit_dashboard yes yes
Capability Super Admin Admin Editor Author Contributor Subscriber
unfiltered_html yes yes (single site) yes (single site)
moderate_comments yes yes yes
manage_categories yes yes yes
manage_links yes yes yes
edit_others_posts yes yes yes
edit_pages yes yes yes
edit_others_pages yes yes yes
edit_published_pages yes yes yes
publish_pages yes yes yes
delete_pages yes yes yes
delete_others_pages yes yes yes
delete_published_pages yes yes yes
delete_others_posts yes yes yes
delete_private_posts yes yes yes
edit_private_posts yes yes yes
read_private_posts yes yes yes
delete_private_pages yes yes yes
edit_private_pages yes yes yes
read_private_pages yes yes yes
Capability Super Admin Admin Editor Author Contributor Subscriber
edit_published_posts yes yes yes yes
upload_files yes yes yes yes
publish_posts yes yes yes yes
delete_published_posts yes yes yes yes
edit_posts yes yes yes yes yes
delete_posts yes yes yes yes yes
read yes yes yes yes yes yes

More details here


Meta capabilities

Above is a list of primitive capabilities, but there are also meta capabilities – they have additional parameters, for example edit_post (the capability to edit the specified post) need ID of the post:

if( current_user_can('edit_post', 123) ) {
	 echo 'Current user can edit post 123'.

The list of meta-capabilities:


edit_term                   — WP 4.7.
delete_term                 — WP 4.7 —
assign_term                 — WP 4.7 —
activate_plugin             — WP 4.9 — current_user_can( 'activate_plugin', 'my-plugin/my-plugin.php' )
deactivate_plugin           — WP 4.9 — current_user_can( 'deactivate_plugin', 'my-plugin/my-plugin.php' )

export_others_personal_data — WP 4.9.6 — is_multisite() ? 'manage_network' : 'manage_options'
erase_others_personal_data  — WP 4.9.6 — is_multisite() ? 'manage_network' : 'manage_options'
manage_privacy_options      — WP 4.9.6 — is_multisite() ? 'manage_network' : 'manage_options'

Learn more about meta-capabilities here: map_meta_cap()



#1 Whether a user is an administrator

if( current_user_can('manage_options') ){
	echo "The user can manage options!";

#2 Use user_can() to check the capabilities of the current user

global $user;
if( user_can($user->ID, 'manage_options') ){
	// do something

manage_options - administrator's capibility

#3 Using $object_id

if( current_user_can('edit_post', 123) ) {
	 echo 'Current user can edit post 123'.

#4 Check the capability for specific taxonomy item

Since 4.7 you can check the capabilities for specific terms using edit_term, delete_term, assign_term.

This example displays a link for editing term item only if the user has specific capability:

if( current_user_can('edit_term', $term_id) ){
	echo '<a href="'. get_edit_term_link( $term_id ) .'">Edit.</a>';

Verify the role of the current user

Don't pass the name of the role to this function because the verification may work incorrectly. An example of how not to do it:

// if the current user is editor, the function returns:
current_user_can('administrator') // false
current_user_can('editor') // true
current_user_can('contributor') // false
current_user_can('subscriber') // false

Instead, you can use:

#1 First function

 * Checks the role of a specific user.
 * @param string $role Name of the role.
 * @param bool $user_id (optional) User ID to check the role against.
 * @return bool
function is_user_role( $role, $user_id = null ) {
	$user = is_numeric( $user_id ) ? get_userdata( $user_id ) : wp_get_current_user();

	if( ! $user )
		return false;

	return in_array( $role, (array) $user->roles );

// Using for the current user
if( is_user_role( 'customer' ) )
	echo "Yeap";
	echo "Nope";

// Using for the specific user.
$user_id = 23;

if ( is_user_role( 'customer', $user_id ) )
	echo "Yeap";
	echo "Nope";

#2 Second function

I wrote this function in the process of working on one of the projects, now I use it periodically:

## Checks if the specified role is in the roles of the current (or specified) user
## $roles string/array - name of the role to check the user against
function is_user_role_in( $roles, $user = false ){
	if( ! $user )           $user = wp_get_current_user();
	if( is_numeric($user) ) $user = get_userdata( $user );

	if( empty($user->ID) )
		return false;

	foreach( (array) $roles as $role )
		if( isset($user->caps[ $role ]) || in_array($role, $user->roles) )
			return true;

	return false;

// Examples of usage
if( is_user_role_in(['new_role','new_role2']) )
	echo 'The current user has role "new_role" or "new_role2"';

if( is_user_role_in(['new_role','new_role2'], 5) )
	echo 'User 5 has role "new_role" or "new_role2"';



Since 2.0.0 Introduced.
Since 5.3.0 Formalized the existing and already documented ...$args parameter by adding it to the function signature.
Since 5.8.0 Converted to wrapper for the user_can() function.

Code of current_user_can() WP 5.8

function current_user_can( $capability, ...$args ) {
	return user_can( wp_get_current_user(), $capability, ...$args );

From tag: Site security (safety)

More from tag: Roles capabilities

More from tag: Users (_user)

vladlu 100vlad.lu
Editors: Kama 100
No comments
    Log In