pageauth_block_unauthorized_logins<\/code><\/li>\n<\/ul>\n\nIt also cleans up internal flags, transients, user meta, and any leftover keys from prior plugin versions that used the paad_<\/code> or aed_<\/code> prefixes. On multisite, the matching network options are removed as well.<\/p>\n\n\n\n- Upload the zip file to
wp-content\/plugins\/<\/code><\/li>\n- Activate Allowed Email Domains<\/strong> in WordPress Admin<\/li>\n
- Go to Users > Allowed Domains<\/strong><\/li>\n
- Add approved domains, one per line<\/li>\n<\/ol>\n\n\n
\nWhat format should allowed domains use?<\/h3><\/dt>\nEnter one domain per line. Domains are normalized to begin with @<\/code>.<\/p>\n\nExample:<\/p>\n\n
@example.com\n@company.org\n@agency.net\n<\/code><\/pre><\/dd>\nWhat happens if the allowlist is empty?<\/h3><\/dt>\nIf the allowlist is empty, all email domains are allowed.<\/p><\/dd>\n
Does this affect existing users?<\/h3><\/dt>\nExisting users are not automatically disabled, deleted, modified, or logged out.<\/p>\n\n
The Existing User Audit identifies existing users whose email domains are not currently allowed. Administrators can review those users individually.<\/p><\/dd>\n
Can unauthorized users be deleted?<\/h3><\/dt>\nYes. The audit table includes per-user delete actions for unauthorized users.<\/p>\n\n
When a user owns posts or pages, a confirmation modal appears with a dropdown of compliant users (those whose email is on the allowlist) for content reassignment. Administrators can also choose to delete the user and all their content.<\/p>\n\n
Deletion actions are protected by nonce verification, capability checks, confirmation prompts, current-admin protection, multisite Super Admin protection, and a server-side failsafe that refuses to silently delete a user's content.<\/p><\/dd>\n
Can users with unauthorized domains be blocked from logging in?<\/h3><\/dt>\nYes. Optional login enforcement can be enabled after reviewing the Existing User Audit.<\/p>\n\n
Login enforcement is disabled by default to avoid accidental lockouts.<\/p><\/dd>\n
Does this plugin create custom database tables?<\/h3><\/dt>\nNo. The plugin stores settings using WordPress options and does not create custom database tables.<\/p><\/dd>\n\n<\/dl>\n\n\n
2.0.0<\/h4>\n\n\n- Compliance: renamed internal prefix from
paad_<\/code> (4 characters) to pageauth_<\/code> (8 characters) across functions, constants, options, transients, user meta, nonces, AJAX actions, hooks, page slug, CSS classes, HTML IDs, and JavaScript data attributes. The new prefix is unique, brand-aligned, and far less likely to collide with any other plugin<\/li>\n- Migration: existing allowlist, audit log, and login-blocking preference are migrated transparently on upgrade from either prior prefix (
paad_<\/code> from 1.9.1 or aed_<\/code> from 1.9.0 and earlier)<\/li>\n- Compatibility: both legacy settings URLs (
users.php?page=aed-settings<\/code> and users.php?page=paad-settings<\/code>) now redirect to the current pageauth-settings<\/code> slug<\/li>\n- Cleanup:
uninstall.php<\/code> removes both the current and all legacy option, transient, and user-meta keys, so removal is clean regardless of which version was last installed<\/li>\n<\/ul>\n\n1.9.1<\/h4>\n\n\n- Compliance: renamed internal prefix from
aed_<\/code> (3 characters) to paad_<\/code> (4 characters) across functions, constants, options, transients, nonces, AJAX actions, page slug, CSS classes, and HTML IDs to meet WordPress.org Plugin Directory naming requirements.<\/li>\n- Migration: existing allowlist, audit log, and login-blocking preference are migrated transparently on upgrade.<\/li>\n
- Compatibility: legacy
users.php?page=aed-settings<\/code> URL now redirects to the new paad-settings<\/code> slug.<\/li>\n- Cleanup: rewrote
uninstall.php<\/code> to actually remove the options the plugin stores (the previous file targeted a key prefix that was never written), and added cleanup for legacy aed_*<\/code> keys.<\/li>\n<\/ul>\n\n1.9.0<\/h4>\n\n\n- Security: nonce verification now runs before capability checks and before any input processing in the audit-domain-add and user-delete handlers<\/li>\n
- Security: programmatic user creation in admin context (admin-ajax, importers, REST in admin) is no longer silently allowed; only the user-edit\/user-new screens defer to the inline error path<\/li>\n
- Performance: existing-user audit query is paginated to avoid loading every user into memory on large sites<\/li>\n
- Feature: deleting an unauthorized user who owns posts or pages now opens a confirmation modal with a dropdown of compliant users for content reassignment, or an explicit \"delete content\" option<\/li>\n
- Feature: success notice when a domain is added directly from the audit<\/li>\n
- Feature: clearer error notices for delete failures (missing user, current user, super admin, allowed-now, content-without-confirmation, invalid reassignment target)<\/li>\n
- Hardening: server-side failsafe refuses to delete a user with owned content unless reassignment or explicit content-delete is specified<\/li>\n
- Hardening: reassignment target is revalidated as a real, compliant user before deletion proceeds<\/li>\n
- Cleanup: removed dead query-parameter handling, consistent input handling throughout<\/li>\n<\/ul>\n\n
1.8.15<\/h4>\n\n\n- Removed redundant GitHub plugin site link from the Plugins screen.<\/li>\n<\/ul>\n\n
1.8.14<\/h4>\n\n\n- Added GitHub plugin metadata link on the WordPress Plugins screen.<\/li>\n
- Added Page Authority author URL metadata.<\/li>\n<\/ul>\n\n
1.8.12<\/h4>\n\n\n- Cleaned and consolidated changelog entries<\/li>\n<\/ul>\n\n
1.8.11<\/h4>\n\n\n- Updated WordPress.org plugin slug and text domain compatibility<\/li>\n
- Fixed automated scan compatibility issues<\/li>\n<\/ul>\n\n
1.8.9<\/h4>\n\n\n- Renamed plugin to \"Page Authority - Allowed Domains\"<\/li>\n<\/ul>\n\n
1.8.2<\/h4>\n\n\n- Added unauthorized user audit tools<\/li>\n
- Added quick actions for adding domains and deleting users<\/li>\n<\/ul>\n\n
1.8.1<\/h4>\n\n\n- Added login enforcement protections for unauthorized domains<\/li>\n<\/ul>\n\n
1.8.0<\/h4>\n\n\n- Added WooCommerce, REST API, and multisite enforcement support<\/li>\n<\/ul>\n\n
1.7.0<\/h4>\n\n\n- Added GitHub update compatibility support<\/li>\n
- Improved admin navigation and documentation<\/li>\n<\/ul>\n\n
1.6.0<\/h4>\n\n\n- Improved validation, admin UX, and security handling<\/li>\n<\/ul>\n\n
1.5.0<\/h4>\n\n\n- Added uninstall cleanup and compatibility metadata<\/li>\n<\/ul>\n\n
1.0.0<\/h4>\n\n\n- Initial plugin release<\/li>\n<\/ul>","raw_excerpt":"Restrict WordPress user accounts to administrator-approved email domains.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/312411","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=312411"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/twestford"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=312411"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=312411"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=312411"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=312411"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=312411"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=312411"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}