Select Page

Block Registrations By Email Domain

Today I ran into a situation where I was getting a new user registration every half hour for the entire afternoon. I came across this solution that will block registrations by email domain.

First, it blocks registrations by email domain. This simple denial of registration does not require WordFence, as it’s just a really useful filter you can just drop into your functions.php.

add_filter( 'registration_errors', 'disable_user_registration_for_email_domain', 10, 3 );
function disable_user_registration_for_email_domain ( $errors, $sanitized_user_login, $user_email ) {
	// only if it's an email address at all 
	if ( ! is_email( $user_email ) ) {
		return $errors;
	}

	// get domain from email address
	$email_domain = substr( $user_email, strrpos( $user_email, '@' ) + 1 );
	$block_domains = [ // partial domain names allowed (doesn't need to include TLD for example)
		'spammersgalore.com',
	];

	foreach ( $block_domains as $domain_partial ) {
		if ( stripos( $email_domain, $domain_partial ) !== false ) {
			// throw registration error
			$errors->add( 'email_error', '<strong>ERROR</strong>: Registration not allowed.' );
		}
	}

	return $errors;
}

Take it one step farther by adding the IP address to WordFence’s blocked IPs list. This isn’t permanent, the default block duration is 4 hours. However, if the problem persists, you can make the block permanent within the WordFence GUI. If you get WordFence emails from your website, it will include the IP of the blocked user, so you can go back and permanently block IPs whose lockout duration may have already expired.

add_filter( 'registration_errors', 'disable_user_registration_for_email_domain', 10, 3 );
function disable_user_registration_for_email_domain ( $errors, $sanitized_user_login, $user_email ) {
	// only execute when the relevant WordFence functions can be called
	if ( ! is_callable( 'wfUtils', 'getIP' ) || ! is_callable( 'wfBlock', 'isWhitelisted' ) || ! is_callable( 'wordfence', 'lockOutIP' )) {
		return $errors;
	}

	// only if it's an email address at all 
	if ( ! is_email( $user_email ) ) {
		return $errors;
	}

	// get domain from email address
	$email_domain = substr( $user_email, strrpos( $user_email, '@' ) + 1 );
	$block_domains = [ // partial domain names allowed (doesn't need to include TLD for example)
		'baikcm.ru',
	];

	foreach ( $block_domains as $domain_partial ) {
		if ( stripos( $email_domain, $domain_partial ) !== false ) {
			$IP = \wfUtils::getIP();
			if ( \wfBlock::isWhitelisted( $IP ) ) {
				return $errors; // don't block whitelisted IPs
			}
			// lockout IP
			\wordfence::lockOutIP( $IP, "Registration attempt from blocked email domain {$domain_partial}" );
			// throw registration error
			$errors->add( 'email_error', '<strong>ERROR</strong>: Registration not allowed.' );
		}
	}

	return $errors;
}

If, by the time you find this, you’ve got tons of bot registrations that you need to get rid of, check out this article on how to search and replace using PHPmyadmin.

Thanks for reading and hopefully this will help someone to block registrations by email domain in the future!

Check out more articles

How to Generate a Ranger Config File

ranger --copy-config=all This will copy all the default config files from /usr/local/lib so you can make edits without messing anything up. Huge shout out to https://dquinton.github.io/debian-install/config/ranger.html for explaining this and so much more. Took me a...

First Open Source Contribution

Surprise! I genuinely did not plan on making my first ever open source contribution today. In fact, I didn't plan on a lot of things happening this week at all. I recently got an awesome opportunity to work on a site that is being hosted on a platform called Pantheon,...

How to Exclude Specific Posts and Pages from WP_QUERY

For the sake of having something to work with, let's suppose we've got the following query:In this query, inside the $args array, there's a special parameter that allows you to exclude specific posts and pages from the query. This parameter is called post__not_in and...

Configure SSH For Password-less Connections

Preamble I'm slightly embarrassed to admit this, but it was a long time before I figured out how amazing this little file is and how exactly to put it to good use. The file I'm talking about is the SSH config file. By default, when you first connect to a server via...

WordPress Site Stuck in Maintenance Mode

Plugin Error Code 500 During Update While I was updating a WordPress plugin locally, something happened on my local server to trigger a 500 error code as the plugin was updating. On the frontend, I refreshed the page and was greeted with "Briefly Unavailable for...

Creating a WordPress Plugin Downloader

How it Started I was recently tasked with the challenge of creating a WordPress theme generator. The idea being, instead of writing your style.css file from scratch, you'd be able to just answer a few simple questions about how you'd like your theme set up, and those...

Fix Audio on XFCE Chromebook

The Problem After moving from GalliumOS to Xubuntu, I noticed that playing YouTube videos on both Firefox and Chromium would result in decent playback for a few minutes, but suddenly the audio would turn into a solid beeping tone while the YouTube video displayed the...

Adjust Trackpad Sensitivity XFCE

xinput set-prop "Elan Touchpad" "Synaptics Finger" 1 1 1 What are the values 1 1 1? This sets the sensitivity as close to the original ChromeOS as possible. Larger numbers will decrease sensitivity of various aspects. I never looked into which individual value...

Fireworks (Short Film)

https://vimeo.com/395077249 About the film Year: 2020 Director/DP: Tim Searfoss Writers: Matt Jones, Tim Searfoss Sound Mix: Matt Jones

Hosting Multiple Sites Using LocalWP

I've done a write-up on hosting local WordPress sites before, but I definitely prefer this method over the previous one. If you've never tried hosting multiple sites using LocalWP, then I'd encourage you to check it out. I've had really bad issues with it in the past,...