By default, WordPress only allows file uploads for user roles that have the upload_files capability.
This means that users with limited roles like Subscribers will receive an error when trying to upload attachments (e.g., through a front-end uploader), because they lack this permission.
Option 1: Enable the Capability Using a Plugin
The easiest way to allow uploads for front-end users is to grant the upload_files capability to the appropriate user role. You can do this using the free User Role Editor plugin.
Install and activate the plugin.
Go to Users → User Role Editor.
Select the user role (e.g., Subscriber).
Find and enable the upload_files capability.
Save changes.
Once enabled, users with that role will be able to upload files via the front end.
Option 2: Grant Permission Dynamically with Custom Code
If you prefer not to use a plugin, you can programmatically allow file uploads for all users — or conditionally based on your own logic — using a WordPress hook.
Add the following snippet to your theme’s functions.php file:
function give_permissions( $allcaps, $cap, $args ) {
$allcaps['upload_files'] = true;
return $allcaps;
}
add_filter( 'user_has_cap', 'give_permissions', 0, 3 ); This snippet grants the upload_files capability to all users, regardless of their role.
You can modify the logic inside the function to limit it to specific users or conditions.
Additional Notes:
Learn more about WordPress roles and capabilities.
Be cautious when allowing file uploads, especially for lower-level roles — make sure your site has proper file type restrictions and security measures in place.