WordPress uses a system of user roles and permissions (called capabilities) to control what each user can and cannot do on a site. The primary roles, in order of decreasing access, are Administrator, Editor, Author, Contributor, and Subscriber.

Default WordPress User Roles
Here are the standard roles and their key permissions:

Administrator: Has complete control over the entire website, including installing plugins and themes, managing all content and users, and changing all settings. This role should be reserved for site owners and lead developers.

Editor: Can manage all content on the site (posts and pages), including those created by others. They can also moderate comments, manage categories and tags, and upload media files, but cannot access site settings, themes, or plugins.

Author: Can create, edit, publish, and delete only their own posts, and can upload media files. They cannot edit other users’ posts, create pages, or change site settings.

Contributor: Can write and edit their own posts (as drafts) but cannot publish them or upload media files. Their content must be reviewed and published by an Editor or Administrator. This role is useful for guest authors or new team members.

Subscriber: Has the least access, and can only log in, read content, and manage their own profile.

Super Admin: This role exists only on WordPress multisite networks. A Super Admin has network-wide administration privileges, including managing themes and plugins for all sites in the network.