Per this Trac ticket, WP intentionally disallows adding the ‘unfiltered_html’ capability to any non-Super Admin users on the WordPress multisite network. This is due to potential security vulnerabilities that could result from doing to. As that ticket points out: Any user could add Javascript code to steal the login cookies of any visitor who runs a blog […]

Read more

The function below can be used to get all  of a user’s capabilities: View the code on Gist. You can pass a user’s ID or a user object to it, and it will return an array of capabilities like the one pictured below, or an empty array if the user has no capabilities or doesn’t […]

Read more