Usually it’s a good idea to disable user registration in WordPress, if you do not use membership feature, since spammers can attack your website with spam user registrations. One of my clients had enabled the option “anyone can register” in WordPress settings and allowed visitors to register. Within as week, he received couple of user signups but soon after he started to receive user registrations, hundreds in number from one specific domain. That made him realize, all user were essentially spam registrations.

After couple of attempts, I was able to block spam user registrations from this specific domain. I used registration_errors hook in WordPress which filters the errors encountered when a new user is being registered. If any errors are present, WordPress will abort the user’s registration. This filter can also be used to create custom validation rules on user registration. This hook fires when the form is submitted but before user information is saved to the database. So I created custom rule to check user’s email domain and provide error if user’s email match blacklisted domain.

Here is the function you can dump in your theme’s functions.php file. The following function will prevent user registration if WordPress find “domain.Com” in user’s email address.

// prevent user registration in wordpress from specific domain
function wpcs_disable_email_domain ( $errors, $sanitized_user_login, $user_email ) {
    list( $email_user, $email_domain ) = explode( '@', $user_email );
    if ( $email_domain == 'domain.com' ) {
        $errors->add( 'email_error', __( '<strong>ERROR</strong>: Domain not allowed.', 'my_domain' ) );
    }
    return $errors;
}
add_filter( 'registration_errors', 'wpcs_disable_email_domain', 10, 3 );

Simple. Right!