The Support Forums will be in read-only mode for a scheduled maintenance window on 01 September 2016 14:00 UTC - 20:00 UTC. More information.

Limiting Signup to Email Doman Name (1 post)

  1. fionnmatthew
    Posted 6 years ago #


    I run a WordPress blog for my academic department, where we can discuss conferences and suchlike. Signup to the blog is open to department.

    In order to know for sure if the people signing up aren't bots, I asked everyone to use their college domain names, but it didn't really work, and I normally had to email people individually to ask if they were who they said they were.

    Recently, though, I'm getting about 6 signups a day from bots. I've edited the .php script and added a message to the signup page to tell genuine users to use their college email addresses, but I'd like to be able to make it so that only email addresses with specified domain names were accepted, and all others displayed an error message.

    I'm no expert in .php. I've been reading a few tutorials, and I can see how theoretically I could write a line or two of code into the relevant .php script to do this, but time is of the essence, since I'm getting more and more bot signups per day. I was wondering if it would be possible if someone here could help me out with it, or at least expedite my learning the principle involved in writing it in. Perhaps I'm wrong, but I'm inclined to think this shouldn't be more complicated than a line or two?

    I know this is a built in feature in WordPress MU, but I've been having a look at the code for that, and can't find where the feature is implemented so that I could use something similar for my blog.

    I'm thinking the relevant bit of code is in wp-login.php :

    // Check the e-mail address
    	if ($user_email == '') {
    		$errors->add('empty_email', __('<strong>ERROR</strong>: Please type your e-mail address.'));
    	} elseif ( !is_email( $user_email ) ) {
    		$errors->add('invalid_email', __('<strong>ERROR</strong>: The email address isn’t correct.'));
    		$user_email = '';
    	} elseif ( email_exists( $user_email ) )
    		$errors->add('email_exists', __('<strong>ERROR</strong>: This email is already registered, please choose another one.'));
    	do_action('register_post', $user_login, $user_email, $errors);
    	$errors = apply_filters( 'registration_errors', $errors, $user_login, $user_email );
    	if ( $errors->get_error_code() )
    		return $errors;
    	$user_pass = wp_generate_password();
    	$user_id = wp_create_user( $user_login, $user_pass, $user_email );
    	if ( !$user_id ) {
    		$errors->add('registerfail', sprintf(__('<strong>ERROR</strong>: Couldn’t register you... please contact the <a href="mailto:%s">webmaster</a> !'), get_option('admin_email')));
    		return $errors;
    	wp_new_user_notification($user_id, $user_pass);
    	return $user_id;

    Am I correct? What might I do to add a "whitelist" of domain names, failure to match with which displays an error message?

Topic Closed

This topic has been closed to new replies.

About this Topic