Anyone who is not authenticated on the website is considered as a visitor. Typically visitors are allowed only to browse the frontend side of a website and are not authorized to view or do any activity on the backend side.
Visitor does not have any roles or capabilities assigned.
It is important to understand the difference between authentication and authorization because a lot of times it is misinterpreted correctly or used as synonyms.
The easiest way to explain the difference is that authentication is a process of identification. This is when user tells to a website who he or she is. The authorization is a process of granting access to certain resource or activity. In other words, a website knows who is the user and verifies if user is allowed to do what he/she is asking for. In real life the authentication and authorization can be explain with example: John Smith is allowed to enter your house because he is your friend (authentication), but he is not allowed to take your office desk (authorization).
WordPress core does not have much control over visitors authorization. Most of it is related to restricting access to the backend side and couple handful features to password protect or deny access to not published posts, pages and custom post types.
With AAM plugin the frontend authorization is extended and you can manage access to your website content, widgets or even access to the entire website.
To learn more about content management, please refer to the How to manage access to the WordPress content article.
To learn how to manage access to the entire website for visitor, please check our premium IP Check extension.
Last but not least there is an option to filter out parts of the content with few predefined shortcodes. Check How to filter WordPress post content article for more information.