I wouldn’t recommend turning off all user registrations just for the purpose of preventing malicious uploads. If you want to continue to process submissions, there are other ways to protect against malicious code:
- Secure file configuration - A web user should not be able to execute an uploaded file
- Secure file permissions - A web user should not be able to modify existing executable files
- Antivirus scanning - A user should not be able to upload a file that could infect another user on download
That said, if you want to use OJS as just a distribution system (not as a submission/review system), yes, disabling registrations is one way to prevent any uploads from users who you have not manually registered.