Is there a way to disable user-registrations completely in Wordpress?

U

8

13

I wonder if there is a way of disable user-registrations completely? I have a client that is really in no need of adding users. For me that would be an extreme measure of security. Of course I must be able to add users through code or similar.

Is there a way of achieving this?

Unknit answered 19/3, 2014 at 8:48 Comment(3)

Have you tried to disable user registration in Administration > Options > General? – Halsey 19/3, 2014 at 8:54

Thanks! It was too obvious ;-) – Unknit 19/3, 2014 at 9:4

Glad you asked this. Here in December 2017 all I am getting is dozens of signups from *.ru So I needed to shut it off. Apparently I can't make it only allow US signups. Thanks. Love this database. – Chally 13/12, 2017 at 1:3

H

21

You can disable your user-registration by routing to Settings > General and then do the following:

Search a checkbox that says “Anyone can register” Uncheck this, so nobody can register on your blog. Now when someone accesses the login page, there will no longer be a “Register” link they can use.

http://www.netwebbing.com/wordpress-user-registration-disable/

Also if you still want a registration page, that's kind of secure. Look at the following:

http://www.onextrapixel.com/2013/01/24/how-to-create-an-effective-registration-page-for-wordpress-sign-up/

Halsey answered 19/3, 2014 at 9:0 Comment(1)

This is security by obscurity by WordPress. Also known as no security. Hiding the link to the script does not hide/disable the script. Is there an effective way to not allow bots to create 500 subscribers / hour programmatically? – Hampson 4/1, 2017 at 17:37

H

8

Tried to find a plugin / SO answer to disable user registration completely (as in: prevent bots from registering accounts when Anyone can register is unchecked).

Couldn't find any, so I made this plugin.

Hampson answered 7/1, 2017 at 3:23 Comment(0)

F

7

Besides disabling checkbox Settings > General > Anyone can register, you may want to add a simple mod_rewite to your .htaccess @Andrei Gheorghiu is right, Hiding the link to the script does not hide/disable the script.

So, something like that will prevent spam boots to register, return a '403 access denied', and keep your logs lighter

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{THE_REQUEST} ^.*(wp-login.php\?action=register).* [NC]
RewriteRule ^(.*)$ - [F,L]
</IfModule>

Flight answered 21/2, 2019 at 14:1 Comment(0)

T

2

Didn't want to install an extra plugin if there was a simple way around this (and it felt like there was one).

I simply followed the PHP logic that handles registration, and it seemed to point to a single script:

wp-signup.php

I renamed that script, and I am confident there won't be more attacks. I'll update this post in a couple of weeks.

Tisbee answered 11/3, 2019 at 13:39 Comment(2)

seem like a good idea. – Askins 16/10, 2021 at 7:45

Simplest thing to do. :D – Lashaun 17/5 at 8:4

D

1

Another gaping loophole for account creation that I found on our site was created by WooCommerce.

There is an option under:

WooCommerce Settings
Accounts & Privacy
Allow customers to create an account on the "My account" page

And the default (at least for us) was to have it on.

Dallas answered 24/11, 2019 at 20:22 Comment(0)

G

1

Another option -- if you just want to update via DB change:

update wp_options set option_value=0 where option_name="users_can_register";

Gilly answered 6/4, 2021 at 0:13 Comment(0)

H

0

It is actually really easy to find:

source: https://www.competethemes.com/blog/disable-user-registration-wordpress/

Haile answered 13/12, 2017 at 7:29 Comment(1)

It is actually really easy to bypass. Please read the comments on your source article. – Hampson 9/11, 2018 at 20:28

W

0

It prevents of registering users over admin area, REST and xml rpc

I had problem with spam user registration and it helped. Just simply put that in functions.php file

function execute_on_register_post_event($sanitized_user_login, $user_email, $errors){
    wp_die('Forbidden, manualy disabled');
}
add_action( "register_post", "execute_on_register_post_event" , 10, 3);

add_filter( 'pre_user_login' , 'my_username_block' );
function my_username_block( $user_login ) {
    wp_die('Forbidden, manualy disabled');
}

Wetzel answered 15/3 at 15:40 Comment(0)

Recommended topics

Hot tags