Understanding How WordPress Multisite
Stores User Permissions and Roles

Share This Post

WordPress Multisite is a popular tool for managing multiple websites from a single dashboard. One of the key features of Multisite is its ability to allow users to have different permissions and roles across different sites within the network. In a Multisite installation, user permissions and roles are stored in the wp_usermeta table using specific meta keys.

This article explores the most commonly used meta keys for storing user roles and capabilities in WordPress Multisite. These meta keys include wp_capabilities, wp_user_level, wp_{$site_id}capabilities, and wp{$site_id}_user_level.

What is WordPress Multisite?

WordPress Multisite is a feature of WordPress that allows a single WordPress installation to host multiple websites, each with its own separate domain, subdomain, or path. It is a way to manage multiple sites from a single installation of WordPress, sharing resources such as themes, plugins, and user accounts. 

This is useful for businesses, organizations, or individuals who want to manage multiple sites with different content, but do not want to install and manage WordPress separately for each site. With WordPress Multisite, you can create and manage multiple sites from a single dashboard, making it easier to manage your online presence.

What are Meta Keys?

In the context of WordPress, meta keys are custom fields that can be used to store additional information about a post, page, user, or any other object in the WordPress database. They consist of a key-value pair, where the key is a unique identifier for the data being stored, and the value is the actual data.

For example, if you have a custom post type for books, you could use a meta key called “author” to store the name of the author for each book. Then, you could use this meta key to display the author’s name on the frontend of your site or to filter or sort your book posts by author.

Meta keys can be created and managed using the WordPress metadata API. Plugins and themes often use meta keys to add custom functionality and features to WordPress sites, such as custom fields, custom post types, and custom taxonomies.

Most Commonly Used Meta Keys for Storing User Roles and Capabilities

In WordPress Multisite, the most commonly used meta keys for storing user roles and capabilities are:

  1. “wp_capabilities”: This meta key is used to store the capabilities of a user. It stores an array of capabilities that the user has been granted, such as “edit_posts”, “delete_posts”, and so on.
  2. “wp_user_level”: This meta key is used to store the user’s level of access. It is an integer value that ranges from 0 (subscriber) to 10 (super admin).
  3. “wp_{$site_id}_capabilities”: This meta key is used to store the capabilities of a user for a specific site in a WordPress Multisite network. The {$site_id} placeholder is replaced with the ID of the site.
  4. “wp_{$site_id}_user_level”: This meta key is used to store the user’s level of access for a specific site in a WordPress Multisite network. The {$site_id} placeholder is replaced with the ID of the site.

These meta keys are used by WordPress to determine a user’s level of access and capabilities across the network. They are important for managing user roles and permissions in a WordPress Multisite installation.

“wp_capabilities” meta key

The “wp_capabilities” meta key is a crucial part of WordPress’s role and capability system, which determines what actions a user is allowed to perform on a WordPress site.

This meta key stores an array of capabilities that have been assigned to a user role. For example, if a user has the “editor” role, their “wp_capabilities” meta value will include an array of capabilities such as “edit_posts”, “publish_posts”, “edit_others_posts”, and so on.

WordPress uses the “wp_capabilities” meta key to check whether a user has the necessary permissions to perform a certain action. For example, when a user tries to edit a post, WordPress checks their “wp_capabilities” meta value to see if they have the “edit_posts” capability. If they do, they are allowed to edit the post; if not, they are denied access.

Plugin and theme developers can also use the “wp_capabilities” meta key to control access to their own features and functionality. By adding custom capabilities and checking for them in the “wp_capabilities” meta value, they can control which users are allowed to access their features.

“wp_user_level” meta key

The “wp_user_level” meta key is a legacy meta key that was used in older versions of WordPress to store a user’s level of access. It is no longer used in current versions of WordPress, but it may still exist in some older installations.

In older versions of WordPress, user levels ranged from 0 (subscriber) to 10 (administrator). The “wp_user_level” meta key stored the user’s level as an integer value, with higher values indicating higher levels of access. For example, a user with a “wp_user_level” value of 3 had more access than a user with a value of 2.

However, in current versions of WordPress, user levels have been replaced by roles and capabilities, which offer more granular control over a user’s level of access. User roles can be customized or created using plugins and can have different sets of capabilities assigned to them.

Therefore, the “wp_user_level” meta key is no longer used and has been replaced by the “wp_capabilities” meta key to store a user’s capabilities and access levels.

“wp_{$site_id}_capabilities” meta key

The “wp_{$site_id}_capabilities” meta key is used in WordPress Multisite to store the capabilities of a user for a specific site within the network. The “{$site_id}” placeholder is replaced with the ID of the site.

In a WordPress Multisite installation, each site can have its own set of capabilities and permissions. When a user logs in to a specific site within the network, their capabilities for that site are determined by the “wp_{$site_id}_capabilities” meta key.

For example, if a user has the “editor” role on Site ID 2 in a WordPress Multisite network, their “wp_2_capabilities” meta value will include an array of capabilities such as “edit_posts”, “publish_posts”, “edit_others_posts”, and so on. This array of capabilities determines what actions the user can perform on that specific site.

This meta key is important for managing user roles and permissions in a WordPress Multisite network, as it allows for granular control over user capabilities for each site within the network. It is also used by WordPress to determine what actions a user is allowed to perform on a specific site within the network.

“wp_{$site_id}user_level” meta key

The “wp_{$site_id}_user_level” meta key is a legacy meta key that was used in older versions of WordPress Multisite to store a user’s level of access for a specific site within the network. The “{$site_id}” placeholder is replaced with the ID of the site.

In older versions of WordPress Multisite, user levels ranged from 0 (subscriber) to 10 (super admin) for each site within the network. The “wp_{$site_id}user_level” meta key stored the user’s level as an integer value, with higher values indicating higher levels of access. For example, a user with a “wp{$site_id}_user_level” value of 3 had more access than a user with a value of 2 for a specific site within the network.

However, in current versions of WordPress Multisite, user levels have been replaced by roles and capabilities, which offer more granular control over a user’s level of access for each site within the network. User roles can be customized or created using plugins and can have different sets of capabilities assigned to them for each site within the network.

Therefore, the “wp_{$site_id}user_level” meta key is no longer used and has been replaced by the “wp{$site_id}_capabilities” meta key to store a user’s capabilities and access levels for a specific site within the network.

The “wp_usermeta” Table

The “wp_usermeta” table is a database table used by WordPress to store metadata associated with user accounts.

For each user account in a WordPress installation, there is a corresponding row in the “wp_users” table, which stores basic information such as the user’s ID, username, email address, and password. However, there may be additional metadata associated with each user account, such as their display name, biographical information, and preferences.

This additional metadata is stored in the “wp_usermeta” table. Each row in the table represents a single metadata item associated with a user account and includes fields such as “meta_id” (a unique identifier for the metadata item), “user_id” (the ID of the user account to which the metadata item is associated), “meta_key” (the name of the metadata item), and “meta_value” (the value of the metadata item).

Plugins and themes can also use the “wp_usermeta” table to store their own metadata associated with user accounts. By adding custom rows to the table with unique “meta_key” values, they can store additional information about users that is specific to their plugin or theme.

Overall, the “wp_usermeta” table plays an important role in allowing WordPress to store and manage additional metadata associated with user accounts and enables plugins and themes to extend WordPress’s functionality by storing their own custom metadata.

The author generated this text in part with GPT-3, OpenAI’s large-scale language-generation model. Upon generating draft language, the author reviewed, edited, and revised the language to their own liking and takes ultimate responsibility for the content of this publication.

More To Explore

SEO Basics for eCommerce

In today’s digital world, search engine optimization (SEO) has become an essential part of any e-commerce business strategy. SEO helps

Do You Want To Boost Your Business?

An image of three people in a meeting looking at laptops