All across the internet, we find guides and tutorials on how to keep your WordPress site secure. Most of them approach the concept of user roles, but not many actually approach the capabilities of those roles.
The way the capabilities are handled on WordPress makes it quite easy to change what each role is allowed to do.
How WordPress Sets Role Capabilities
First, let’s take a look at how WordPress manages the capabilities of the roles and what they are allowed to do, such as:
- add users;
- remove users;
- create posts;
- delete posts, etc.
Source: Scuri check