{"id":300178,"date":"2026-04-25T12:00:17","date_gmt":"2026-04-25T12:00:17","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/hs-multiple-custom-roles\/"},"modified":"2026-05-04T00:38:16","modified_gmt":"2026-05-04T00:38:16","slug":"highland-software-custom-role-manager","status":"publish","type":"plugin","link":"https:\/\/wordpress.org\/plugins\/highland-software-custom-role-manager\/","author":23479819,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.0.2","stable_tag":"1.0.2","tested":"6.9.4","requires":"5.4","requires_php":"7.2","requires_plugins":null,"header_name":"Highland Software Custom Role Manager","header_author":"James Rodgers","header_description":"Extend WordPress role management by allowing administrators to create custom roles and assign multiple roles to users. Includes a visual builder interface with drag-and-drop ordering and capability controls.","assets_banners_color":"a96161","last_updated":"2026-05-04 00:38:16","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/highland-software.com\/highland-software-custom-roles-manager","header_author_uri":"https:\/\/highland-software.com","rating":0,"author_block_rating":0,"active_installs":0,"downloads":264,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.0":{"tag":"1.0.0","author":"jgrodgers","date":"2026-04-25 12:10:14"},"1.0.1":{"tag":"1.0.1","author":"jgrodgers","date":"2026-04-25 23:55:06"},"1.0.2":{"tag":"1.0.2","author":"jgrodgers","date":"2026-05-04 00:38:16"}},"upgrade_notice":{"1.0.2":"<p>Adds logging for role and capability changes and fixes an issue where existing custom roles were not displayed. Recommended update.<\/p>","1.0.1":"<p>Security update: fixes a role management vulnerability. All users are strongly encouraged to update immediately.<\/p>","1.0.0":"<p>Initial release.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3515268,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3515269,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3515271,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3515270,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0","1.0.1","1.0.2"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3515225,"resolution":"1","location":"assets","locale":""},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3515226,"resolution":"2","location":"assets","locale":""},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3515227,"resolution":"3","location":"assets","locale":""},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3515228,"resolution":"4","location":"assets","locale":""}},"screenshots":{"1":"Role builder interface","2":"Capability management UI","3":"User role assignment interface","4":"Grouped roles display"},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[1913,895,28181,2461,11917],"plugin_category":[54],"plugin_contributors":[261052],"plugin_business_model":[],"class_list":["post-300178","plugin","type-plugin","status-publish","hentry","plugin_tags-capabilities","plugin_tags-permissions","plugin_tags-role-manager","plugin_tags-user-management","plugin_tags-user-roles","plugin_category-security-and-spam-protection","plugin_contributors-jgrodgers","plugin_committers-jgrodgers"],"banners":{"banner":"https:\/\/ps.w.org\/highland-software-custom-role-manager\/assets\/banner-772x250.png?rev=3515270","banner_2x":"https:\/\/ps.w.org\/highland-software-custom-role-manager\/assets\/banner-1544x500.png?rev=3515271","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/highland-software-custom-role-manager\/assets\/icon-128x128.png?rev=3515268","icon_2x":"https:\/\/ps.w.org\/highland-software-custom-role-manager\/assets\/icon-256x256.png?rev=3515269","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/highland-software-custom-role-manager\/assets\/screenshot-1.png?rev=3515225","caption":"Role builder interface"},{"src":"https:\/\/ps.w.org\/highland-software-custom-role-manager\/assets\/screenshot-2.png?rev=3515226","caption":"Capability management UI"},{"src":"https:\/\/ps.w.org\/highland-software-custom-role-manager\/assets\/screenshot-3.png?rev=3515227","caption":"User role assignment interface"},{"src":"https:\/\/ps.w.org\/highland-software-custom-role-manager\/assets\/screenshot-4.png?rev=3515228","caption":"Grouped roles display"}],"raw_content":"<!--section=description-->\n<p>Highland Software Custom Roles Manager extends WordPress role management by allowing administrators to create custom roles, assign multiple roles to users, and manage capabilities through an intuitive interface.<\/p>\n\n<p>This plugin follows WordPress best practices for role and capability management, including strict server-side validation and protection against unsafe capability assignment.<\/p>\n\n<p>Version 1.0.2 introduces a logging system for tracking role and capability changes, along with improvements to role loading and synchronization.<\/p>\n\n<h3>Features<\/h3>\n\n<ul>\n<li>Create and manage unlimited custom roles<\/li>\n<li>Assign multiple roles to a single user<\/li>\n<li>Group roles for better organization<\/li>\n<li>Drag-and-drop role ordering<\/li>\n<li>Capability management with toggle interface<\/li>\n<li>Role and capability change logging (audit trail)<\/li>\n<li>Protection against unsafe capability assignment<\/li>\n<li>Replace the default role dropdown with a checkbox-based interface<\/li>\n<\/ul>\n\n<!--section=installation-->\n<ol>\n<li>Upload the plugin folder to <code>\/wp-content\/plugins\/<\/code><\/li>\n<li>Activate the plugin through the 'Plugins' menu in WordPress<\/li>\n<li>Navigate to \"HS Roles\" in the admin menu<\/li>\n<li>Configure roles and capabilities<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"can%20users%20have%20multiple%20roles%3F\"><h3>Can users have multiple roles?<\/h3><\/dt>\n<dd><p>Yes, users can be assigned multiple roles using a checkbox interface.<\/p><\/dd>\n<dt id=\"are%20default%20roles%20modified%3F\"><h3>Are default roles modified?<\/h3><\/dt>\n<dd><p>No. Default WordPress roles are protected and cannot be modified.<\/p><\/dd>\n<dt id=\"is%20the%20administrator%20role%20protected%3F\"><h3>Is the administrator role protected?<\/h3><\/dt>\n<dd><p>Yes, sensitive capabilities such as <code>manage_options<\/code> are restricted.<\/p><\/dd>\n<dt id=\"will%20this%20plugin%20affect%20existing%20users%3F\"><h3>Will this plugin affect existing users?<\/h3><\/dt>\n<dd><p>No. Existing users retain their roles unless explicitly changed.<\/p><\/dd>\n<dt id=\"what%20does%20the%20logging%20system%20track%3F\"><h3>What does the logging system track?<\/h3><\/dt>\n<dd><p>The plugin logs role and capability changes, including who made the change and when it occurred.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.2<\/h4>\n\n<ul>\n<li>Feature: Added logging system for role and capability changes (audit trail).<\/li>\n<li>Improvement: Logs include user, action, and context for better traceability.<\/li>\n<li>Fix: Resolved issue where existing custom roles were not displayed on load.<\/li>\n<li>Improvement: Enhanced role synchronization to correctly merge stored configuration with WordPress roles.<\/li>\n<\/ul>\n\n<h4>1.0.1<\/h4>\n\n<ul>\n<li>Security: Fixed a privilege escalation vulnerability in role assignment logic.<\/li>\n<li>Security: Enforced strict server-side capability checks for role modifications.<\/li>\n<li>Security: Prevented assignment of restricted capabilities such as manage_options.<\/li>\n<li>Security: Hardened AJAX endpoints with capability and nonce validation.<\/li>\n<li>Hardening: Improved role validation and synchronization logic.<\/li>\n<li>Hardening: Added rate limiting to AJAX endpoints.<\/li>\n<li>Props: Thanks to 0xherc1337 and Steven Stern (sterndata) for responsibly reporting the issue.<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release<\/li>\n<li>Multi-role assignment<\/li>\n<li>Role grouping and ordering<\/li>\n<li>Capability management system<\/li>\n<\/ul>","raw_excerpt":"Manage multiple user roles, create custom roles, and control capabilities with an intuitive role builder.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/300178","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=300178"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/jgrodgers"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=300178"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=300178"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=300178"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=300178"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=300178"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=300178"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}