diff --git a/internal/rpc/user/user.go b/internal/rpc/user/user.go
index 07e3c6201..a884b3162 100644
--- a/internal/rpc/user/user.go
+++ b/internal/rpc/user/user.go
@@ -49,6 +49,10 @@ import (
 	"google.golang.org/grpc"
 )
 
+const (
+	defaultSecret = "openIM123"
+)
+
 type userServer struct {
 	pbuser.UnimplementedUserServer
 	online                   cache.OnlineCache
@@ -273,6 +277,10 @@ func (s *userServer) UserRegister(ctx context.Context, req *pbuser.UserRegisterR
 	if len(req.Users) == 0 {
 		return nil, errs.ErrArgs.WrapMsg("users is empty")
 	}
+	// check if secret is changed
+	if s.config.Share.Secret == defaultSecret {
+		return nil, servererrs.ErrSecretNotChanged.Wrap()
+	}
 
 	if err = authverify.CheckAdmin(ctx, s.config.Share.IMAdminUserID); err != nil {
 		return nil, err
diff --git a/pkg/common/servererrs/code.go b/pkg/common/servererrs/code.go
index 3d0aa4a71..81832f0c8 100644
--- a/pkg/common/servererrs/code.go
+++ b/pkg/common/servererrs/code.go
@@ -37,7 +37,10 @@ const (
 
 // General error codes.
 const (
-	NoError       = 0     // No error
+	NoError = 0 // No error
+
+	SecretNotChangedError = 50 // secret not changed
+
 	DatabaseError = 90002 // Database error (redis/mysql, etc.)
 	NetworkError  = 90004 // Network error
 	DataError     = 90007 // Data error
diff --git a/pkg/common/servererrs/predefine.go b/pkg/common/servererrs/predefine.go
index ab09aa512..b1d6b06a9 100644
--- a/pkg/common/servererrs/predefine.go
+++ b/pkg/common/servererrs/predefine.go
@@ -17,6 +17,8 @@ package servererrs
 import "github.com/openimsdk/tools/errs"
 
 var (
+	ErrSecretNotChanged = errs.NewCodeError(SecretNotChangedError, "secret not changed, please change secret in config/share.yml for security reasons")
+
 	ErrDatabase         = errs.NewCodeError(DatabaseError, "DatabaseError")
 	ErrNetwork          = errs.NewCodeError(NetworkError, "NetworkError")
 	ErrCallback         = errs.NewCodeError(CallbackError, "CallbackError")