A common question I get from new WordPress users (twice in the past week as a matter of fact), typically arriving in a panic-stricken email, is “Why am I getting notices of new user registrations on my site?” The follow-up questions are along the lines of “Have I been hacked??” “Is this spam?” “How do I make the madness stop?”
The answer is thankfully simple. There’s one little setting in your WordPress dashboard which is needlessly (at least in most cases) allowing people to register for your site. Unless you’ve deliberately customized it, the registration screen is at the same url on most WordPress sites:
So it’s easy for spambots to find that page in an automated fashion. And those spambots love a good form to fill in whether that’s a comment form, a contact form or a registration form!
Turn it off by going to:
Settings > General
Look for the Membership field.You’ll see that the box where it says “Anyone can register” is checked. Simply uncheck it and hit Save Changes.
What are subscribers and do I need them?
The WordPress Subscriber role gives the user virtually no special privileges. Their view of the dashboard is extremely limited – they can only update their own profile. They cannot access any of your content in the backend or any of the settings. So they can do no damage. The only cases in which you need Subscribers are if for some reason you are requiring people to be logged in to comment on your blog (find that setting under Settings > Discussion) or if you are running a membership site. Membership sites are where you require users to have an account on your site in order to view certain content that is not accessible to the public. In this case you would need to leave the registration option checked so people can sign up for an account. This process would usually by managed by a membership plugin. For the most comprehensive guide to membership plugins please check out my friend Chris Lema’s blog.
A common misconception is that WordPress subscribers are the same as email subscribers. They are not! So you do not need to enable this feature if all you want is people signing up for your email list. In that case, you can use a plugin or code provided by your email marketing provider – Aweber, MailChimp and the like – to provide an opt-in form. The WordPress Subscriber role by default provides no email notifications of new blog posts or anything like that.
Hope that clears things up! If you have questions, leave a comment!