Every user has a role that determines how much of a websites’ content and settings he or she has access to. Subscribers can only edit their own profile, contributors can create but not publish posts, authors can create and publish posts, editors can create and publish posts as well as edit posts written by other users, and administrators can edit all content and settings on a site. Additional roles can be added by themes and plugins. Because of the capabilities of the administrator role, it should be used as rarely as possible.
The first user on the site is created as part of the WordPress installation process. When the site has been created, additional users can be added by going to Users → Add New. When creating a user, you enter the users personal details, enter a password, choose whether to send an email to the new user with his or hers account details, and select the role of the user. Only give a user the role he or she needs. Login credentials can be lost or stolen, and for every administrator you have on your site, you increase the risk of someone with malicious intent gaining access to it.
You can also allow visitors to register accounts on your site. The setting is deactivated as default, but you can activate it by going to Settings → General and checking the “Anyone can register” checkbox. This is most commonly used on sites that require visitors to log in to comment. You can activate that requirement by going to Settings → Discussion and checking the “Users must be registered and logged in to comment” checkbox. With that setting activated, the comment form will prompt visitors to log in (or register, if registrations are open) before allowing them to write a comment.