Warning! do not allow user registrations.

Unless you really have to, or unless you’re really good at securing your directories, do not open registrations to anyone. I just learned the hard way, my host got complaints of paypal phishing on my site, of course now i’am locked out of my account, at this point giving out more information probably will just make things worse, but this is what they found on my website:

/wp-content/uploads/www.paypal.fr/cgi-bin/webscrcmd=_login-run/webscrcmd=_account-run/updates-paypal/confirm-paypal/

… and now my domain will probably get tagged as phishing site, totally not worth it for letting open registrations.