It is easy to forget to change this to a more restrictive option "Administrators only" and not all sites are meant to be open to user registration. Since registered users have more options than anonymous ones this can easily be used to exploit the extra features of the website.
The option is found in http://example.com/admin/config/people/accounts
↧
"Who can register accounts?" should be set to "Administrators only" by default.
↧