An interesting thing about default settings in SharePoint 2013 (and maybe previous versons as well) is the way that default permissions are set up. Consider this scenario:
-You want to divide your users in two groups, administrators and contributors, where admins have full access and contributors can only view and edit list and document library contents
You check out the default security groups, and it turns out there are two groups that covers exactly what you want. So you just assign admins to the owners group and contributors to the members group, and then you're done, right? Wrong!
What you will find out when you test this by logging in as a test user with the contributor rights (which you of course do, right?) is that the user can actually edit pages. In fact, he can actually modify and delete all pages on your site, he can add and remove web parts to the pages and basically wreck havoc to your site if he doesn't know what he is doing (or maybe he does..).
At first, this doesn't make sense, because the contributor permission explicitly states that it grants permission to read and modify list and document library contents. The explanation is that the site pages actually come from a library themselves - the site pages library. Understanding this, the fix is simple: Modify the site pages library permissions to remove the contribute right for contributors on the site:
Go to library settings for site pages:
Go to permissions:
Stop inheriting permissions:
Select the members group and edit the permissions:
Finally, remove the tickmark from the "contribute" permission, and you're done!