WordPress stores the Users in the users table.

What is a user? What is a user?

Each WordPress user has, at the bare minimum, a username, password and email address.

Once a user account is created, that user may log in using the WordPress Admin (or programmatically) to access WordPress functions and data.

Top ↑

Roles and Capabilities Roles and Capabilities

Users are assigned roles, and each role has a set of capabilities.

You can create new roles with their own set of capabilities.

Custom capabilities can also be created and assigned to existing roles or new roles.

In WordPress, developers can take advantage of user roles to limit the set of actions an account can perform.

Top ↑

The Principle of Least Privileges The Principle of Least Privileges

WordPress adheres to the principal of least privileges, the practice of giving a user only the privileges that are essential for performing the desired work.