Fix: Prevent registration bypass when user registration is disabled

wp-login.php

@@ -11,6 +11,11 @@
 /** Make sure that the WordPress bootstrap has run before continuing. */
 require __DIR__ . '/wp-load.php';
 
+// 🔴 Security Fix: Prevent user registration if "Anyone can register" is disabled
+if (isset($_GET['action']) && $_GET['action'] === 'register' && !get_option('users_can_register')) {
+    wp_die('Inscription désactivée.', 'Erreur', array('response' => 403));
+}
+
 // Redirect to HTTPS login if forced to use SSL.
 if ( force_ssl_admin() && ! is_ssl() ) {
 	if ( str_starts_with( $_SERVER['REQUEST_URI'], 'http' ) ) {