Update: as @Mark Kaplun pointed out.
once you let a developer in there is no way to restrict him. If you don’t trust someone for good reason, than don’t let him in as there are more than enough privilege escalation exploits going around for him to make himself admin.
So the solution I provided needs trust. If you have that covered you may use this.
In my experience, developers are here to help people and they will sometimes play pranks on there clients if they get upset but it never happened to me that my superiors or developers (when I was new to programming just like you) intentionally did something that resulted in my loss.
Solution:
Depending upon what you want to allow them and what not, you can download and use this plugin to create a new role with specific capabilities only.
For example, they can edit posts but cannot delete them. It’s a very powerful plugin and can help you solve your problem.
-
You can select specifically what they can modify and what they can’t.
-
You can allow them to edit.
-
You can prevent them from deleting anything. Just by removing all the delete permissions from a role.
Additionally:
You can use Temporary login without password plugin.
This plugin will allow you to create temporary account which will expire after a certain period of time. This can help you restrict them from accessing and changing anything in future if you forget to delete there user account.
For example, set the expiration for 1 day and then give them the account. Now after one day they won’t be able to login.
Alternatively:
If your developer/programmer needs to access your server, you can create a FTP account which can only access certain directories/folder. However this is different from accessing your WordPress Admin.