Readministrator (Read Only Administrator)

Readministrator adds a "Read Only Administrator" role. Assign it to a user and they can browse the entire wp-admin like an administrator — Settings, Users, Plugins, Themes, content, comments and more — but they cannot change anything. Every write is blocked at the capability layer.

What read-only administrators can do:

• View every admin screen an administrator can see.
• Browse Settings, Tools, Users, Plugins, Themes and content lists.
• Run a read-only export.

What they cannot do:

• Save any Settings page (core or plugin Settings API).
• Create, edit, publish, trash or delete posts, pages or media.
• Add, edit, delete or promote users (including editing their own profile).
• Activate, deactivate, install, update, delete or edit plugins.
• Switch, install, update, delete or edit themes.
• Edit menus, widgets or the Customizer.
• Moderate or edit comments.
• Make changes through the REST API (the block editor included).

Known limitations

Enforcement covers core write paths plus the REST API. A small residual surface remains: some third-party plugins that perform writes through their own custom admin-ajax/admin-post handlers, and Network Admin (multisite) screens, are not yet covered. These are on the roadmap.