Again, welcome to the world of WordPress in general & to the WordPress support forum specifically.

Problem solved.

There might be a concern that he found the new user and has access to the database. You’ll want to make sure the email for the new admin is still pointing at your email.

It might also be wise to change the Control Panel and database passwords to prevent him from ever getting access to those again. Your web host can help you with that process.

This person has a reputation to protect if he’s a professional so he won’t want to leave you in a bad place and possibly expose his own reputation. So, for the most part, just pay attention to him as he works and fix your site to help protect him and you when he finishes.

“Actually, passwords are not visible”
You are right! I haven’t noted it.
This is helpful in my case

“create a *separate* user for that person. You can do this under ‘Users > Add New’. The default role is ‘subscriber’, so don’t forget to change that to the role you want the user to have”
I’m going to try

“I think what I’d do at this point is to create a new admin user for myself and, when that other developer is done, I’d delete the older admin user.”
You sure would.
Problem is, with my zero-knowledge I’m extremely wary of playing around with creating, modifying and deleting admin roles.
Probably at the end the only remained website admin would be the developer guy

“You’ll want to make sure the email for the new admin is still pointing at your email.”
Good advice
I hadn’t think about that by myself

“It might also be wise to change the Control Panel and database passwords to prevent him from ever getting access to those again.”
I contacted a2hosting chat service yesterday and asked also about that.
No problem now on this point

“This person has a reputation to protect…”
I chose one with around 300 reviews, 5 stars average. Normally there are no problems. But you never know

“If there are multiple sessions, it will be enabled and say “Log Out Everywhere Else”. Click that, and then change the password.”
This seems the most easy, quick and less problematic way.
I saw this option, I just wasn’t sure if klicking it, only other users get logged out or “the other me” too.

Before I mark this problem of mine as solved I want to play around some more in my wp dashboard and try out your tips.
Thanks for the help to all the three of you.
Very much appreciated

Once he’s finished –> cancel his username –> Log out everywhere else –> change passwords.

I feel comfortable with this procedure.

(I haven’t find the superadmin option, but it’s not important.)

——————————-

Just a couple of last questions, more out of curiosity:

a) Can such a developer put malware inside my wp admin account?

b) Can he delete or change pre-installed admin capabilities like in settings, tools etc.?

c) Is it possible for him to install in my wp admin account some trick so that later, when after job’s completion I change the password, he gets in some way the new password?

I just logged into a2hosting’s Plesk Onyx

Over there my role is Owner.
I have the possibility of giving other users the role of WebMasters.
WebMasters have the capability of building website, but they cannot manage roles.

It looks like this feature is the same as the superadmin feature

Anyway, I won’t give the developer access to Plesk. He doesn’t need it.