Is there a way to disable user-registrations completely in Wordpress?

Question

I wonder if there is a way of disable user-registrations completely? I have a client that is really in no need of adding users. For me that would be an extreme measure of security. Of course I must be able to add users through code or similar.

Is there a way of achieving this?

Have you tried to disable user registration in Administration > Options > General? — Kees Sonnema, Mar 19 '14 at 08:54
Glad you asked this. Here in December 2017 all I am getting is dozens of signups from *.ru So I needed to shut it off. Apparently I can't make it only allow US signups. Thanks. Love this database. — SDsolar, Dec 13 '17 at 01:03

score 19 · Accepted Answer · answered Mar 19 '14 at 09:00

You can disable your user-registration by routing to Settings > General and then do the following:

Search a checkbox that says “Anyone can register” Uncheck this, so nobody can register on your blog. Now when someone accesses the login page, there will no longer be a “Register” link they can use.

http://www.netwebbing.com/wordpress-user-registration-disable/

Also if you still want a registration page, that's kind of secure. Look at the following:

http://www.onextrapixel.com/2013/01/24/how-to-create-an-effective-registration-page-for-wordpress-sign-up/

This is *security by obscurity* by WordPress. Also known as ***no security***. Hiding the link to the script does not hide/disable the script. Is there an effective way to not allow bots to create 500 subscribers / hour programmatically? — tao, Jan 04 '17 at 17:37

tao · Answer 2 · 2017-01-09T02:43:54.710

8

Tried to find a plugin / SO answer to disable user registration completely (as in: prevent bots from registering accounts when Anyone can register is unchecked).

Couldn't find any, so I made this plugin.

edited Jan 09 '17 at 02:43

answered Jan 07 '17 at 03:23

tao

59,850
12
84
110

score 2 · Answer 3 · answered Feb 21 '19 at 14:01

Besides disabling checkbox Settings > General > Anyone can register, you may want to add a simple mod_rewite to your .htaccess @Andrei Gheorghiu is right, Hiding the link to the script does not hide/disable the script.

So, something like that will prevent spam boots to register, return a '403 access denied', and keep your logs lighter

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{THE_REQUEST} ^.*(wp-login.php\?action=register).* [NC]
RewriteRule ^(.*)$ - [F,L]
</IfModule>

score 1 · Answer 4 · answered Nov 24 '19 at 20:22

Another gaping loophole for account creation that I found on our site was created by WooCommerce.

There is an option under:

WooCommerce Settings
Accounts & Privacy
Allow customers to create an account on the "My account" page

And the default (at least for us) was to have it on.

score 0 · Answer 5 · answered Dec 13 '17 at 07:29

0

It is actually really easy to find:

source: https://www.competethemes.com/blog/disable-user-registration-wordpress/

answered Dec 13 '17 at 07:29

user1767754

18,800
14
111
133

It is actually really easy to bypass. Please read the comments on your source article. – tao Nov 09 '18 at 20:28

score 0 · Answer 6 · answered Mar 11 '19 at 13:39

Didn't want to install an extra plugin if there was a simple way around this (and it felt like there was one).

I simply followed the PHP logic that handles registration, and it seemed to point to a single script:

wp-signup.php

I renamed that script, and I am confident there won't be more attacks. I'll update this post in a couple of weeks.

score 0 · Answer 7 · answered Apr 06 '21 at 00:13

0

Another option -- if you just want to update via DB change:

update wp_options set option_value=0 where option_name="users_can_register";

answered Apr 06 '21 at 00:13

tres

832
7
10

Is there a way to disable user-registrations completely in Wordpress?

7 Answers7