A common question I get from new WordPress users (twice in the past week as a matter of fact), typically arriving in a panic-stricken email, is “Why am I getting notices of new user registrations on my site?” The follow-up questions are along the lines of “Have I been hacked??” “Is this spam?” “How do I make the madness stop?”
The answer is thankfully simple. There’s one little setting in your WordPress dashboard which is needlessly (at least in most cases) allowing people to register for your site. Unless you’ve deliberately customized it, the registration screen is at the same url on most WordPress sites:
So it’s easy for spambots to find that page in an automated fashion. And those spambots love a good form to fill in whether that’s a comment form, a contact form or a registration form!