I like your Secure Invites plugin, but the "registration security" behavior could be improved. When registration is denied, you call
wp_die() to stop the processing. This (by default) issues an HTTP 500 Internal Server Error. Anyone monitoring logs will get false-positives that something is broken.
This is not an error condition, but a policy decision. At least, use the optional
wp_die() response argument to signal a non-error code (maybe 403 Forbidden).
In addition, consider including the backlink argument to allow users to browse back to the site homepage.
Also, I'd really like to be able to style the failure page, but this is difficult with the current approach.
Thanks for this nice plugin.