Some weeks ago, I was asked how a user with the “Editor” role can change the content of the privacy page. If you use the “Settings > Privacy > Select a Privacy Policy page” settings and pick a page here, this page can only be edited by users with the “Administrator” role. To allow editors updating this page, there are several strategies.
Option 1: Make the page a normal page
If you do not set the page in “Settings > Privacy > Select a Privacy Policy page”, an editor user is able to edit the content, since it’s only a normal page. But this setting has some meaning. A link to this page is automatically shown below the form on the wp-login.php page. It can also be added to the navigation in a theme using the function the_privacy_policy_link(), which some older default themes (Twenty Fourteen – Twenty Twenty-One) do.
If you use this option, it usually makes sense to only make this a normal page while an editor is updating the page and set it as the privacy policy page again, once the updates are made.
Option 2: Allow editors to “manage_options”
WordPress has all kinds of so-called “capabilities” to give users (and user roles) the rights to do specific things. One newer capability is named manage_privacy_options and it sounds like the one we would need to give editors (or single users) to be able to edit the privacy policy page, right? Unfortunately, that’s not the case. This capability is more like a “meta capability”, since when this capability is assigned to a user or role, the user needs the manage_options capability to be able to edit the privacy policy page. But with this role, you would also allow them to change (almost) all settings of your website. That is probably too much power and responsibility for editors.
Option 3: Use some special roles from SEO plugins
I mainly use Yoast SEO for my site, and it comes with two additional roles: “SEO Editor” and “SEO Manager”. While both get all the capabilities from the “Editor” role, they do get some extra capabilities for the Yoast SEO plugin. And the “SEO Manager” also get the capability to edit the privacy page.
Other SEO plugins might have similar roles, but I have not checked them. If the plugin you are using does have such a role or a setting to allow editors to edit the privacy policy page, please leave a comment with the plugin name on how it works.
Option 4: Use a code snippet to allow the editing of the page
I came up with a tiny code snippet that would allow editors to update the privacy policy page, without giving them too many other capabilities they don’t need. The snippet basically filters the check for the manage_privacy_options capability, and then remove the requirement for the manage_options capability from the list. This is the code of the snippet:
function allow_privacy_policy_page_edits( $caps, $cap ) {
if ( $cap !== 'manage_privacy_options' ) {
return $caps;
}
return array_diff( $caps, [ 'manage_options' ] );
}
add_filter( 'map_meta_cap', 'allow_privacy_policy_page_edits', 10, 2 );
Yoast SEO is using a very similar snippet, but with a little more complexity, since they check for their own “SEO Manager” role.
Conclusion
I can see why WordPress Core developers limited the capability to edit the privacy policy page to a smaller group of users. In a ticket on that matter, they were discussing that editors might not be “trained in privacy law or organizational policies”, required to write correct content into that page. But why would any user with the “Administrator” role be necessarily trained to do that? But only those users can update the page, which can also cause some legal risks, if that blocks a frequent update to that page.
If you want to use my code snippet, you can find it as a working plugin in form of a GIST, where you can also download it as a ZIP file, ready to be installed on your site.