Website security

I noticed on my client website there are many users who I do not recognize, with a subscriber level of permissions. The names/emails do not look like anyone the school would give access to (hackers?). This is not a website with users who have access other than the admin. Should I delete them? Any idea how this would have happened?

If it’s only subscriber level, it’s less worrisome. Did you check if registering is disabled in the settings? And is it possible there’s a donation form or some other type of form that registers people as users as part of something else that they do?

Membership : Membership Anyone can register, is checked
I guess I should un check it

After Reading these 2 posts I realize how important it is to uncheck whenever possible.
article 1
article 2

@peninah_adler What would someone do to protect their site from spammers if they need the box checked?

Penina thank you - you really helped me figure this out - I was quote worried