There are two ways to control who registers on your blog and what permissions such registration gives them: via standard WordPress registration and user roles, and via plugins for additional functionality and flexibility.
Standard User Registration in WordPress
In WordPress there are several ways for not-blog-owners to register: via the login URL (for example, http://yourdomain.com/wp-login.php?action=register), via the standard meta plugin for front-end login and signup, and via Administrator-managed user registration.
The first two options allow users to register themselves without the necessary approval of an Administrator.
While this might be a good thing if you have a lot of signups, it presents you with a security risk. Chances are that a high percentage of all who register are either spammers or bots.
This can result in everything from getting lots of spam comments on posts and pages to someone directly taking over your blog – depending on your settings.
For this reason the general recommendation is to restrict that kind of self-administered registrations. You can do that by clicking on Settings->General in your Admin panel in WordPress and unchecking the option Anyone can register. This way only the Administrator of the blog can create new users – and it has to be done manually for everyone of them by clicking on Users->Add New in the Admin Panel and filling out the required information.
As long as you decide to keep the Anyone can register setting on, be sure to set the default user role to Subscriber to avoid compromising the security of your blog. You select a default role from the drop-down menu below the Anyone can register option.
It’s recommended that you control and approve registration of users who should be provided with more capabilities.
If you though need a solution for a large-scale managed user registrations, for example as a way to enable spam-free comments, access to a forum, or something else, you have to implement a more sophisticated approach.
Plugin Managed User Registration in WordPress
Depending on your needs, there’re many simple plugins, as well as others providing quite sophisticated approach to sign-ups.
As long as you, for example, only need to get rid of spam comments while allowing legit users to comment on your blog posts, you’ll be fine using a plugin as oa Social login.
The first step is to tick the Anyone can register option mentioned above and restrict commenting rights to registered users only via Settings->Discussion in the Admin panel of WordPress. From this point on you have to simply follow the setup instructions of the plugin.
If you choose to use oa Social Login, you’ll have to create an account with OneAll but it’s free as long as you’re not a large-scale user. The setup of the account might seem complicated as you have to create apps on the different social media platforms, which you’d like to enable. Doing this is, however, required by the social media in order to allow you to access and use member information needed for registering on your blog.
It’s safe to say that a social login will eliminate any problems that you might’ve had with spam comments. The reason is that spammers prefer to stay anonymous – or hidden behind user names that don’t mean anything.
My personal experience with the implementation of oa Social Login was quite positive indeed – going down from literally hundreds of spam comments to zero – and staying there.
I’ve bumped into discussions where bloggers were trying to turn off even the standard WordPress setting requiring users to register in order to comment. They were mostly worried that this requirement was what kept blog visitors from commenting. The reality is, however, that only people who aren’t ready to stay behind their comments are unwilling to register. Such people are either spammers or haters – and you’re better off without them.
If you don’t get as many comments as you’d like, you should consider re-vamping your blog instead to make it more engaging.
Back on the topic about registration plugins, oa Social Login is one of those “simpler” plugins. It’s only purpose is to enable large-scale registrations free of spammers and bots. If you have in mind something more complicated as providing members-only content or different kinds of membership associated with different rights, you’re better off looking into some other plugins as for example WP Members.
WP Members is a free plugin, which can get extended with premium functionality but doesn’t really need it to do what it’s supposed to.
With it you can restrict the access to selected content only to registered users. The plugin supports front-end registration/login widgets and provides you with a lot of tweaking options, even more so if you’re a bit of a code geek.
For even more registration functionality you have to take a look at what plugins as s2Member can offer in terms of, for example, paid memberships or paid access to content.
There are lots of different registration plugins for WordPress out there. Which one you choose should depend on your needs in terms of functionality and support. You can in fact find a free plugin that does what you want it to – as is the case with the ones listed above.
However, as long as you, for some reason, want to make sure that you can rely on timely updates and support, choosing a pro version might be the right solution for you.
Last but not least, you’ll have to make sure that the plugin you chose is compatible with your blog’s configuration.