Update Summary

The public WordPress user registration endpoint has been fully disabled. All new user creation and data intake are now restricted to controlled WPForms-based workflows.

System Change Implemented

Disabled native WordPress registration:
Enforced closed registration environment
Maintained active WPForms-based intake and user interaction flows

The platform now operates under a controlled registration architecture, where all user data is intentionally captured through specific forms configured within WPForms .

Security Impact

Before

Open registration endpoint accessible to any public user
Exposure to:
- Bot registrations
- Spam accounts
- Unauthorized access attempts
- Data pollution in user tables

After

Registration restricted to:
- Approved form submissions only
- Internal workflows (check-in, guest onboarding, partner flows)

Security Improvements

Eliminates automated bot account creation
Reduces attack surface on /wp-login.php
Prevents unauthorized database user creation
Ensures all user data is intentional, traceable, and contextual

This aligns with best practices where guest verification and controlled onboarding are required prior to granting access or information .

Impact on Guests

Positive

Guests interact only through structured, guided forms:
- Check-in flows
- Guest login
- Identity/verification forms
Cleaner and more intentional onboarding experience
Reduced friction from irrelevant or unnecessary fields

Behavioral Change

Guests cannot independently create accounts
Access is now tied to:
- Reservation workflows
- Form-driven actions
- Communication triggers

This reinforces operational rules such as “only registered guests allowed”, ensuring compliance with StayWithJay policies .

Impact on Owners / Operations

Operational Control

Full control over:
- Who enters the system
- How data is collected
- When users are created or engaged

Data Integrity

All user data is now:
- Context-driven (check-in, booking, partner intake)
- Structured via forms
- Logged through WPForms entries

Scalability

Supports multiple workflows already in place:
- Guest Check-In (multiple versions)
- Partner Registration
- Owner Registration
- Guest Communication forms

This creates a modular system where each user type is onboarded through a specific funnel, rather than a generic registration.

Impact on System Architecture

Shift in Model

From:

Open CMS-driven user creation

To:

Form-controlled, workflow-driven user lifecycle

Key Characteristics

Decoupled registration logic from WordPress core
Centralized intake via WPForms
Ability to:
- Tag source of submission
- Track origin URLs (future logging enhancement)
- Customize onboarding per use case

Security Tags

[SECURITY-HARDENING]

[REGISTRATION-CONTROL]

[ACCESS-RESTRICTION]

[DATA-INTEGRITY]

[ANTI-SPAM]

[USER-FLOW-CONTROL]

[WPFORM-ARCHITECTURE]

Resulting State

Public registration: Disabled
Controlled intake: Active
Guest workflows: Operational
Email confirmations: Functional
Data capture: Structured and intentional

This update establishes a closed-loop user acquisition system, where every interaction is initiated, tracked, and validated through defined operational flows rather than open access points.