wp cap list
Overview
Display every capability registered to a WordPress role. Use this for security audits, debugging access issues, and documenting role configurations before making changes.
What It Does
wp cap list reads the capabilities array for a given role from wp_user_roles and outputs each capability with its granted (true/false) state.
Syntax
wp cap list <role> [OPTIONS]
Arguments & Options
| Flag | Description |
|---|---|
--allowed | Show only capabilities where value is true |
--denied | Show only capabilities where value is false |
--format=FORMAT | Output format: table, json, csv, yaml |
Basic Usage
List all capabilities for the editor role
wp cap list editor
List only granted capabilities
wp cap list editor --allowed
Output as JSON for scripting
wp cap list editor --format=json
Real-World Scenarios
Scenario 1: Pre-change capability snapshot
wp cap list editor --format=csv > editor-caps-before.csv
# Make changes...
wp cap list editor --format=csv > editor-caps-after.csv
diff editor-caps-before.csv editor-caps-after.csv
Scenario 2: Audit a custom role after plugin activation
echo "=== Custom Role Capabilities ==="
wp cap list custom_role --allowed --format=table
Scenario 3: Find which role can manage_options
for role in $(wp role list --field=role); do
if wp cap list "$role" --allowed | grep -q "manage_options"; then
echo "$role has manage_options"
fi
done
Quick Reference
wp cap list <role> # All capabilities
wp cap list <role> --allowed # Granted only
wp cap list <role> --format=json # JSON output
Next Steps
wp cap add— grant a capability to a role.wp cap remove— revoke a capability from a role.wp role reset— restore default capabilities.