In this tutorials We are going to talk about how to prep new defence against dummy email registrations on a WordPress Website. After enabling “Anyone can register” under Admin Dashboard->Settings->General within 24 hours my website was full of dummy email registrations like users with email xxx@yopmail.com and bla bla bla.
So I decided to prep new script to allow only certain email providers to register on the website. Easiest method was to create filter for registration process which can check legibility of email used during registration process.
Rather than coding inside the functions.php file in theme I decided to use a plugin named WPCode Snippets to create a script to make it work even after switching themes.
Prep New WPCode Snippet
So I create a script named Block Fake Email Providers under WpCode snippets. Like this
The code snippet is below
function restrict_registration_by_email_provider($errors, $sanitized_user_login, $user_email) {
// Define an array of renowned email providers
$renowned_providers = array(
'gmail.com',
'yahoo.com',
'outlook.com',
'hotmail.com',
'aol.com',
'icloud.com',
'mac.com',
'me.com',
'protonmail.com',
'zoho.com',
'yandex.com',
'mail.com',
'gmx.com',
'fastmail.com',
'tutanota.com',
'hushmail.com',
'office.com'
);
// Add more as needed
// Get the email domain from the user's email address
$email_domain = strtolower(substr(strrchr($user_email, "@"), 1));
// Check if the email domain is in the array of renowned providers
if (!in_array($email_domain, $renowned_providers)) {
// Email domain is not valid, add an error
$errors->add('invalid_email_domain', __('Registration is allowed only from renowned email providers.'));
}
return $errors;
}
// Hook into the registration_errors action
add_filter('registration_errors', 'restrict_registration_by_email_provider', 10, 3);
It will check if email provided during registration is from renowned email providers like gmail.com, outlook.com and some on. One thing to keep in mind that after creating the script, do not forget to activate it. You may check Status in picture above for Block Fake Email Providers is active.
Now if anybody tries to login from Dummy Email providers like yopmail.com. It will not let anyone login. If anybody tries with abc@gmail.com even if the account will not activated because a confirmation email it sent to provided email address to activate the account. So this is how I prepped a new defence to protect my website by getting rid of dummy registration for time being.
If you guys thing that there are any better way to handle it. Your comments are welcomed .Thanks for reading a blog post titled “Fortify Your WordPress Fortress: Crafting a Script to Prep New defence Against Dummy Email Registrations”