An administrator account is the highest-privilege role in WordPress. It can manage users, change site settings, install or remove plugins and themes, publish or edit content, and alter security-related configuration. Because this role controls both content and administration, it effectively defines who can run the site.
In cyber security, administrator accounts matter because a single account takeover can become full site compromise. Attackers often target login forms, password resets, exposed APIs, or plugin flaws that improperly create or promote users. If a weak access-control check lets an attacker create an administrator account, they may not need to steal credentials at all. Defenders should treat any admin-capable action as sensitive, enforce server-side authorization, limit the number of administrators, monitor for unexpected role changes, and review logs and user lists for unfamiliar accounts.