Add account creation check

Created on 19 November 2025, 2 months ago

Problem/Motivation

It is recommended that only administrators can create new accounts, so setting "Who can register accounts?" to "Administrators only" under /admin/config/people/accounts is good practice.

Steps to reproduce

Proposed resolution

Check if "Who can register accounts?" is set to "Administrators only".

Remaining tasks

Add a new "Account creation" check, which checks if "Who can register accounts?" is set to "Administrators only".

Title: Account creation
Review results title: Only administrators can create new accounts.
Review results path: /admin/reports/security-review/help/security_review/account_creation.
Review results text: Attackers commonly attempt to register a new account. It is good practice to only allow administrators to create new accounts, see Configuring User Account Settings → .
Check fail text: Not only administrators can register new accounts.

User interface changes

API changes

Data model changes

✨ Feature request

Status

Active

Version

3.1

Component

Code

Created by

🇩🇰Denmark ressa Copenhagen

Live updates comments and jobs are added and updated live.

Incomplete comments

Merge Requests

!104Add account creation check
Merged
🇺🇸United States smustgrave
updated 22 days ago

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Merge request !104feat: #3558703 Add account creation check → (Merged) created by smustgrave

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024