User Role Editor Pro is a powerful WordPress user role and capability management tool designed for users who need fine control over website permissions. With this plugin, you can easily edit any existing role, create brand new custom roles, and assign the necessary capabilities to those roles. Whether it’s a blog, a corporate website, or an e-commerce platform, User Role Editor Pro can meet your permission management needs.
The plugin supports directly assigning newly created roles or capabilities to specific users, making your permission management more flexible and efficient. Compared to WordPress’s default fixed role system, User Role Editor Pro offers more detailed control options, including: precise control over almost all WordPress functionality points such as editing posts permissions, managing plugin permissions, and modifying theme permissions.
User Role Editor Pro is particularly suitable for scenarios that require complex permission management, such as multi-author blogs, membership sites, and corporate intranets. The plugin interface is simple and intuitive, allowing even non-technical users to get started quickly. We provide long-term uninterrupted update services to ensure compatibility with the latest version of WordPress.
Main features include: complete control over user roles and capabilities, bulk editing of user roles, multisite support, export/import role settings, and limiting visible menu items for specific users. This plugin is an essential tool for WordPress site administrators and developers to enhance website security and management efficiency.
🔹🔹🔹🔹🔹🔹🔹🔹🔹🔹🔹🔹🔹🔹🔹🔹🔹🔹🔹🔹 Version Update Log 🔹🔹🔹🔹🔹🔹🔹🔹🔹🔹🔹🔹🔹🔹🔹🔹🔹🔹🔹🔹
The changelog for the User Role Editor Pro plugin is as follows:
= [v4.64.5] 2025.04.17 =
* Core version: 4.64.5
* Update: Marked as compatible with WordPress 6.8
* Fix: PHP Warning: URE_Widgets_Admin_View::get_html(): Implicitly marking parameter $user as nullable is deprecated, must use explicit nullable type. On line 133 of /wp-content/plugins/user-role-editor-pro/pro/includes/classes/widgets-admin-view.php.
* Fix: PHP Notice: Function _load_textdomain_just_in_time called incorrectly. Translation loading for user-role-editor domain triggered too early. This usually indicates that some code in the plugin or theme is running too early. Translations should be loaded on the `init` action or later. esc_html__() was called from the constructor in pro/includes/classes/addons-manager.php. Moved to `init` action.
* Core version updated to 4.64.5
* Update: Minor changes to CSS/JS loading code to minimize warnings from the "Plugin Check" tool.
* Extended plugin header information in role-editor.php and readme.txt files as per wordpress.org recommendations.[v4.64.4] - December 15, 2024
Core version: Updated to 4.64.4
Security Fix:
Security vulnerability fix for user role management buttons: Fixed privilege escalation issue caused by Cross-Site Request Forgery (CSRF) on the "Add Role" and "Remove Role" buttons. This issue could occur due to lack of nonce verification.=[v4.64.3] December 4, 2004 =
* Core version: 4.64.3
* Update: Marked as compatible with WordPress 6.7.1
* Core version updated to 4.64.3
* Fix: PHP Notice: "Function _load_textdomain_jst_in_time called incorrectly.User Role Editordomain translation loading triggered too early." Fixed (displayed only for users with their own .mo translation files installed).
* Fix: Applied enhancements for the usage of other translation functions (l18n).[4.64.2] March 26, 2024
Core version: 4.64.2
Update: Marked as compatible with WordPress 6.5
Update: Content View Restrictions Add-on: Historically, if the 'For Users' field is empty, URE would apply 'Selected Roles' to existing posts (if not already assigned), but the default set by the user in URE settings applies to both newly added positions and existing positions.
Fix: Post/Page Edit Restrictions Add-on: The infinite recursive call issue (conflicting with the 'Event Calendar' plugin) has been fixed.
Fix: Admin Menu Access Add-on:
– Some menu items used the full URL (including the domain). Therefore, if the admin menu restrictions are copied to all subsites under WP Multisite, the checkboxes for such menu items may lose their selection. Please recheck your admin menu access settings in case the mentioned menu items are not selected after this update.
– strpos(): Passing null to string type parameter #1 ($haystack) is deprecated in /wp-content/plugins/user-role-editor-pro/pro/includes/classes/admin-menu-view.php line 253
Fix: wp-admin Page Permissions Viewer: Undefined array key -1 in line 137 of /wp-content/plugins/user-role-editor-pro/pro/includes/classes/page-permissions-view.php
Fix: Deprecated: explode(): Passing null to string type parameter #2 ($string) is deprecated in /wp-content/plugins/user-role-editor-pro/pro/includes/classes/utils.php line 181
Fix: Notice: Array to string conversion in line 965 of /wp-content/plugins/user-role-editor-pro/pro/includes/classes/posts-edit-access-user.php
Core version updated to 4.64.2
Update: URE_Advertisement: rand() replaced with wp_rand().
Update: URE_Ajax_Processor: json_encode() replaced with wp_json_encode().Update: User_Role_Editor::load_translation(): Called load_plugin_textdomain() with the second parameter value false, instead of being deprecated.
Update: URE_Lib::is_right_admin_path(): parse_url() replaced with wp_parse_url().
Update: URE_Lib::user_is_admin() will not call WP_User::has_cap() to enhance performance.
Update: Plugin version has been added to the CSS loaded on the "Users", "Users -> User Role Editor", and "Settings -> User Role Editor" pages.
Update: All JavaScript files are now loaded in the footer.
Fix: "Users -> Add New User". Unnecessary extra "form" HTML tags have been removed (thanks to Alejandro A. for reporting this bug).
[4.64.1] October 30, 2023
Core version: 4.64.1Fix: Removed the notification displayed by PHP 8.3: PHP Deprecated: Dynamic property URE_Export_Single_Role::$editor is no longer recommended in wp-content/plugins/user-role-editor-pro/pro/includes/classes/export-single-role.php on line 23.
Fix: Removed the notification displayed by PHP 8.3: PHP Deprecated: Dynamic property PluginInfo_1_3::$requires_php is no longer recommended in /wp-content/plugins/user-role-editor-pro/pro/includes/plugin-update-checker.php on line 801.
Fix: Removed the notification displayed by PHP 8.3: PHP Deprecated: Dynamic property PluginInfo_1_3::$license_state is no longer recommended in /wp-content/plugins/user-role-editor-pro/pro/includes/plugin-update-checker.php on line 801.
Fix: Removed the notification displayed by PHP 8.3: PHP Deprecated: Dynamic property PluginInfo_1_3::$request_time_elapsed is no longer recommended in /wp-content/plugins/user-role-editor-pro/pro/includes/plugin-update-checker.php on line 801.
Fix: Content View Limit Add-on: Undefined array key 0 in user-role-editor-pro/pro/includes/classes/post-types-own-caps.php on line 93.
Update: Added the filter "ure_check_updates". Defaults to return true. Return false to disable automatic checks for new versions of URE. This will be useful if you are using URE behind a corporate firewall and it cannot access the Internet.
Core version updated to 4.64.1.
Fix: Removed the notification displayed by PHP 8.3: PHP Deprecated: Dynamic property is no longer recommended in /wp-content/plugins/user-role-editor/includes/classes/editor on line 166.Creating dynamic properties in PHP is not recommended URE_Editor::$hide_pro_banner
Fix: Removed the notification displayed by PHP 8.3: PHP Deprecated: Creating dynamic properties URE_Role_View::$caps_to_remove on line 23 of /wp-content/plugins/user-role-editor/includes/classes/role-view.php
Fix: Removed the notification displayed by PHP 8.3: PHP Deprecated: Function utf8_decode() is deprecated on line 984 of /wp-content/plugins/user-role-editor-pro/includes/classes/editor.php
[4.64] [August 8, 2023]
Core version: 4.64Fix: PHP warning: Attempt to access array offset on value of type bool in /wp-content/plugins/user-role-editor-pro/pro/includes/classes/admin-menu-access.php on line 356.
Fix: PHP warning: Undefined array key "message" on line 228 of /wp-content/plugins/user-role-editor-pro/pro/includes/classes/ajax-processor.php.
Update: Admin Menu Access plugin: Automatically block "Sales Reports" menu if WooCommerce-> report menu item is blocked.
Core version updated to 4.64
Fix: Added missing "message" parameter to the response of AJAX query. It fixes potential PHP warning: "Undefined array key 'message' in strpos( $data['message'], ... and similar expressions.
Update: The "Display functionality in human-readable form" checkbox toggles between text forms of functionality 2 without reloading the whole page using JavaScript.
[4.63.5] [March 28, 2023]
Core version: 4.63.3Fix: Content View Restriction Add-on: Now, after checking the "ure_content_view_access" permission, the CVR meta box will be added to the term edit page.
Update: Frontend Menu View Plugin: CSS changed for URE controls to not overlap with other elements.
Core version updated to 4.63.3
Fix: PHP version 8.2 warning: Creating dynamic property User_Role_Editor::$settings_page_hook is deprecated: wp-content/plugins/user-role-editor/includes/classes/user-role-editor.php:603
Fix: PHP fatal error: Uncaught TypeError: in_array(): Argument #2 ($haystack) must be of type array, int given in /www/wp-content/plugins/user-role-editor/includes/classes/view file:81
Fix: PHP parse error: syntax error, unexpected ':', expecting ';' or '{': wp-content/plugins/user-role-editor/includes/classes/base-lib.php line 119, type declaration has been removed for compatibility with older PHP versions.
[4.63.4] [December 16, 2022]
Core version: 4.63.2Update: array_merge() function replaced with wrapper ure_array_merge() to exclude fatal error: Argument #2 must be of type array.
Fix: Edit Post Restriction Add-on:- If the user has no posts of their own, display a complete list of posts for users with 'Own Data Only' enabled.
– The post editor provides a complete list of terms/categories for users with restricted access to select from.
Fix: PHP Fatal error: Uncaught TypeError: array_key_exists(): Argument #2 ($array) must be of type array, null given in /wp-content/plugins/user-role-editor-pro/pro/includes/classes/admin-menu-access.php:380
Fix: PHP Warning: Trying to access array offset on value of type bool in /wp-content/plugins/user-role-editor-pro/pro/includes/classes/admin-menu-access.php on line 353.
Core version updated to 4.63.2
Update: The symbol '{}$' has been removed from function names for internal purposes to prevent cases like the plugin breaking URE work by adding functions like 'edit_{$type}s'.
Update: The array_merge() function has been replaced with the wrapper ure_array_merge() to prevent fatal errors: Argument #2 must be of type array.
[4.63.3] [November 3, 2022]
Core version: 4.63.1Update: Marked as compatible with WordPress version 6.1.
Fix: Navigation Menu Admin Access Add-on: Warning: Attempt to read property 'slug' on int in /wp-content/plugins/user-role-editor-pro/pro/includes/classes/nav-menus-admin-access.php on line 73.
[4.63.2] [September 29, 2022]
Core version: 4.63.1Fix: Edit Access Restriction Add-on: The standard for the selected post ID list was not working correctly – all posts were prohibited instead of just the selected ones.
Update: Edit Access Restriction Add-on: It skips Elementor's internal custom post types to reduce overall execution time.
[4.63.1] [September 21, 2022]
Core version: 4.63.1Marked as compatible with WordPress version 6.0.2
Fix: Posts of disabled post types can be edited via direct links using post ID, e.g., /wp-admin/post.php?post=NN&action=edit
Update: Admin menu access add-on: URL parameter whitelist: Convert parameter names to lowercase before processing.
Update: German translation has been updated.
Core version updated to 4.63.1
Fix: PHP warning: Attempt to read property 'ID' of null in ./includes/classes/user-role-editor.php on line 369
Fix: Deprecated: Automatic conversion of false to array deprecated in ./includes/classes/base-lib.php on line 212
[4.63] [August 3, 2022]
Core version: 4.63Update: Marked as compatible with WordPress 6.0.1
New feature: Edit restriction access add-on: allows/disallows roles or users for selected post types: posts, pages, custom post types.
Fix: Content view restriction add-on: Fatal error: Uncaught InvalidArgumentException: Target must be an object with mapping method or an array in /wp-content/plugins/sitepress-multilingual-cms/vendor/wpml/fp/core/Fns.php:156
URE attempts to check if unauthenticated users can edit posts by ID. This led to issues within the WPML plugin code.
Fix: Content edit restriction: "Force custom post types to use their own capabilities" option: URE automatically created unique capabilities for custom post types after the "Fusion Builder" plugin. The "init" action has been replaced with the "wp_loaded" action.
Update: Content view restriction add-on: Restrictions now only apply to public custom post types.
Update: Fixed some notices (e.g., "Constant FILTER_SANITIZE_STRING is deprecated") for better compatibility with PHP 8.1.
Core version updated to 4.63
New feature: Custom role names can be translated using the [PolyLang](https://wordpress.org/plugins/polylang/) plugin.
Update: URE will not sort roles in WordPress dropdown lists. To sort roles by name, return "name" from the "ure_sort_wp_roles_list" filter.
Update: Minor CSS enhancements on the user capabilities view page.
