Membership websites are an integral aspect of modern internet architecture. A membership site can create an environment for lively digital communities and gated content that can be useful for educational websites.
When it comes to maintaining your website, registered users can get particular roles that limit access and define tasks. This is all enabled through your WordPress membership website, which allows new users to register and gain specific privileges to control your website.
So, why should you shut down new user registrations on WordPress? There may be different reasons that you may want to disable user registration on your member website.
Why Disable User Registration on your WordPress Website?
User registrations give you the basic advantage of restricting non-registered visitors from interacting on your website.
It is also a core aspect of securing your website’s back end. If admin access to your website did not require user login, then literally anyone on the internet would be able to make changes to your website. Through the user registration function, you can control user access to your back end.
WordPress uses a hierarchical user role system to define the level of access that each registered user has on a website. The most powerful user role in WordPress is generally the Administrator, who has sweeping powers to control any aspect of a given website.
There are also other user roles that allow you to properly define the workflow of maintaining your website. The editor, author, and contributor roles all provide varying levels of access to a website’s content. By giving your content creators and moderators with one of these roles, you avoid the risk of providing them control over other aspects of your website.
We highly recommend you to take a good look into what user roles do for your website. You can check out a guide about WordPress user roles.
Cyber attackers often seek entry into your website’s backend through the use of spam bot registrations. If you find yourself facing such attacks regularly, you may want to turn off user registrations on your WordPress website temporarily.
Of course, you may simply want to disable new registrations because there are no new roles for your website management.
How Do New Users Register on my WordPress Website?
WordPress provides the user registration feature by default on its login page, usually set as www.yoururl.com/wp-admin or www.yoururl.com/wp-login.php. There is a Register button right below the login form.
It is a pretty common configuration for new user registrations. However, the problem with this is that WordPress automatically sets up new user profiles without needing your authentication.
Any new registration requests send email notice to your mail address whenever there are new registrations on your website, but you don’t need to approve the new registration. This paves the way for people with malicious intent to try and hack into your system through the registration form.
In your WordPress settings, there is also an option to automatically define user roles for new user accounts. You can find this in Settings > General > New User Default Role.
Now, as long as the default user role assigned to new users is Subscriber, then they cannot do much harm to you. However, if any new users are assigned the role of Administrator, then they would get the same privileges as you — they can freely change any aspect of your website.
By disabling user registrations, you can also avoid registrations from unnecessary users. This saves you a lot of hassle and avoids unnecessary email notifications cluttering up your email.
How to Disable User Registration on WordPress?
There is a default option to disable the user registration option in your admin area. You can find the option to disable new user registrations from the General Settings tab of your WordPress website.
- Go to the Setting tabs in the side menu.
- Select the General heading under the Settings tab.
- There should be a Membership option there with a checkbox titled ‘Anyone can register’. Simply uncheck this box, and this will disable the registration option for new users.
Once you have disabled new registration through the Membership option, the Register button in your login page will disappear. If anyone tries to visit your registration page using the URL directly, they will be redirected to your login page.
How to Stop Spam Bot Registrations?
If you want to keep registrations open for new users but are being troubled by spam registrations, there are security measures you can take to discourage spam registrations. CAPTCHAs are a good security measure against bots. They are a kind of human verification test that requires the visitor to read text on images and respond accordingly.
It is a good security feature as it stops spam bots right in their tracks. There are some great plugins out there that can help you integrate CAPTCHA security into your registration form. Google has its own CAPTCHA tool called Google reCAPTCHA. You can also try Really Simple CAPTCHA which is free and pretty straightforward.
Here, we will talk about the Advance noCaptcha & Invisible Captcha plugin and show you how to stop spam bot registrations on your website using it.
Using Advanced noCaptcha Plugin to Stop Spam Bot Registrations
There is a very easy-to-use plugin for CAPTCHAs called Advanced noCaptcha & Invisible Captcha that is quite convenient to use. This plugin allows you to add CAPTCHA security to your default WordPress registration page conveniently. Upon downloading this plugin, you can find the settings for this plugin in Settings > Advanced noCaptcha & invisible captcha.
- Go to your Advanced noCaptcha & invisible captcha settings. First, you need to choose the type of CAPTCHA for your registration page. Bear in mind, that V3 simply fulfils a notification function.
- Next, you need to get your own site key from Google, who owns reCAPTCHA. Just go to their reCAPTCHA site, and enter an appropriate Label, your desired reCAPTCHA type, your website’s URL, and also your email id. Once you Submit the details, you should get a COPY SITE KEY and a COPY SECRET KEY. Keep both these keys safe.
- Enter your Copy Site Key and your Copy Secret Key into the appropriate boxes.
- The great thing about the Advanced noCaptcha plugin is that it supports a number of different standard forms on your website as standard, so you don’t have to work with any code. Select ‘Registration Form’, and then save the changes.
How to Delete Unnecessary Users?
If your website has gathered a lot of unnecessary or junk users by the time you have completed the above steps, you can easily delete them from Settings > Users > All Users. Simply select all the junk users from the list, and use the Bulk Actions button to delete the users in one go.
Conclusion
You can keep your website secure from spam registrations by following the simple steps above. The option to disable user registration on WordPress is useful if you simply don’t need any new users on your WordPress website. However, you can always use CAPTCHAs to secure your registration form if you wish to allow for new registrations in a safe manner.
For more security tips, you may also check this article: How to disable comments in WordPress.