Skip to main content

How to create a custom WordPress capability?

Vasyl MartyniukRoles & CapabilitiesLess than 1 minute

When working with AAM, follow these steps to create a custom capability:

  • Before creating a custom capability, it is advisable to switch to the "Administrator" role. This ensures that website administrators always have access to the complete list of capabilities. In AAM 6.9.33+ any newly created capabilities are automatically assigned to the Administrator role to ensure access integrity for the highest privilege role.
  • Navigating to the "Capabilities" tab on the AAM page.

AAM Capabilities Tab

  • Select the "Create" button. This action will open a modal where you can define your custom capability.

AAM Create Custom Capability

  • Enter you custom capability and select "Create" button.

Naming convention

It is considered best practice to follow a specific naming convention for your custom capability. Name it in all lowercase letters and separate words with underscores. For example allow_manage_orders or delete_editor_users. Following this naming convention makes it easier to manage and organize capabilities.

Capability names are sanitized

AAM uses the WordPress core function sanitize_keyopen in new window to clean up input string. This function ensures that the key is safe and valid by removing any unwanted characters and converting the string to lowercase. Here is a breakdown of how sanitize_key works.

  • Lowercase Conversion: The string is converted to lowercase.
  • Allowed Characters: Only alphanumeric characters (a-z, 0-9), underscores (_), and dashes (-) are retained.
  • Replacement of Spaces and Special Characters: Spaces and other non-allowed characters are removed.