New User Registration Settings in WordPress
A Just-Ask-Kim.com reader asked the great question:
“Hello Kim. Sometimes I get a message that there is a new user to my site! What does that mean? How do I find who these people are? Thanks. ”
Suddenly getting “new user” notices from WordPress can be alarming!
We’re all aware that a stray user could potentially take down the site so this is a common question that I receive!
Fortunately, the answer is usually not a threat, but let’s take a closer look:
WordPress Default Membership Settings
While bloggers don’t usually think of WordPress as a membership, every user is a member, and so the basic membership option is where we will find the necessary setting.
Admin Dashboard -> Left sidebar -> Settings -> General -> Membership
Just to the right of “Membership”, you will see a check-box that says “Anyone can register”.
Equally important is the box below it that says “New User Default Role” which by default is set to Subscriber.
So, by default, new members can join your blog as subscribers, which actually gains you very little.
For most bloggers, unchecking this box is the right choice.
However, a few quality plugins you may use may have settings that need it enabled.
One example is WP Social with the Facebook signin to comment. Another example is the “sign up to get 10 links” option in CommentLuv.
While I adore CommentLuv Premium, I do not utilize that feature. And so, for me, disabling that option is the right move as it minimizes database entries of new users, controls spammy registrations and closes one exploitable security avenue.
If you are running a subscriber-only forum, or have a social site like BuddyPress, or other such things, you may want it enabled.
Keep an eye on that default role though to ensure that new members are never given too many permissions!
PS: The default membership tools in WordPress are not robust enough to run a premium purchased-product style site from. For that, you’ll need a plugin such as Wishlist Member.