Why is the New User Registration email the most important? It’s not a guarantee that you’ll know when a spam account has been created on your site, but this alert does help you keep tabs on who has access to your own site.
Hackers do have ways to create user accounts that don’t trigger these automatic email alerts, so don’t think that you’ll be warned when there’s a problem.
Before digging into the email alert, you’ll first want to make sure your alert email is set correctly in WordPress to ensure that you actually get these messages when they are sent.
Once you’re logged in, head to Settings > General. Check the Email Address set right below your URL. If it’s not an email address you use or have access to, change it + click the “Save Changes” button at the bottom of the page.
After you do that, you’ll get an email just like this one when a new user is created on your site. (By going to Users > Add New in the menu.)
Whether you check the box to send the new user their password or not, this email will be sent to the email address in the general settings page.
You’ll be alerted to the site that the user was created on, the username + the email tied to the new user. That’s it. No password information, no notes about the role that they have, etc.
Odds are you created this user and can delete or archive the email. But if you didn’t, that’s your cue to investigate who made the account + why.
If your site uses a plugin that allows folks to register an account on your site, that would be the most likely second source of these emails being triggered.