Membership (Anyone can register)

WARNING: Enforcing this setting can disable public self-registration for the site. Verify whether customer signup, member onboarding, student registration, or other public account creation depends on Anyone can register before enabling enforcement.

Description of the control

This control sets how CMSSPM handles the Membership (Anyone can register) setting on the Core Hardening page. The available options are Off, Enforced (keep membership checkbox off), and Audit only.

The control also includes a risk acceptance checkbox labeled Override public/general registrations are intentionally part of the site; do not score this against me. The help text states that this suppresses audit findings and does not change enforcement.

Procedure

1. In WordPress admin, open Posture Management.
2. Select Core Hardening.
3. In the WordPress Interfaces section, locate Membership (Anyone can register).
4. Select one of these options:
   • Off
   • Enforced (keep membership checkbox off)
   • Audit only
5. If public registration is intentionally required and the goal is only to suppress audit findings, select Override public/general registrations are intentionally part of the site; do not score this against me.
6. Click Save changes.

Validation

After saving, reload Posture Management -> Core Hardening and confirm the selected option is still shown for Membership (Anyone can register).

If the override checkbox was selected, confirm it remains selected. If Enforced was selected, verify that public registration is still closed.