[wp-trac] [WordPress Trac] #43936: Settings: Warn when open registration and new user default is privileged
WordPress Trac
noreply at wordpress.org
Sun Aug 24 16:50:44 UTC 2025
#43936: Settings: Warn when open registration and new user default is privileged
-------------------------------------------------+-------------------------
Reporter: kraftbj | Owner: audrasjb
Type: feature request | Status: accepted
Priority: normal | Milestone: 6.9
Component: Security | Version:
Severity: normal | Resolution:
Keywords: needs-user-docs early 2nd-opinion | Focuses:
needs-test-info | administration
-------------------------------------------------+-------------------------
Comment (by oglekler):
I agree with @SirLouen that roles with Administrator and Editors
capabilities better be removed from the optional list and prevented for
self-registration. Enabled "Anyone can register" even with Subscriber
role/capabilities opens registration to bots, so if the site has no
defence against them, it can be flooded. So, opening it in general needs
some explanation of why this may be needed and when it isn't needed. For
example, if you have WooCommerce, it handles registration, and we don't
need to check Enable self-registration here. We should add something like:
Unchecked is recommended (read when you may need this).
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43936#comment:73>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list