
外掛標籤
開發者團隊
② 後台搜尋「Page Authority – Allowed Domains」→ 直接安裝(推薦)
原文外掛簡介
Restrict WordPress user accounts to administrator-approved email domains.
Page Authority – Allowed Domains gives administrators a simple way to control which email domains are permitted when WordPress user accounts are created. When the allowlist is set, any attempt to create a user with an email outside the approved domains is blocked across the standard registration form, the REST API, and WooCommerce registration.
It is designed for sites where only users from specific organizations, companies, clients, or teams should be added as WordPress users. Typical use cases include internal company portals where only staff email addresses should ever become accounts, agency-managed client sites that should reject public signups, membership or B2B sites that vet users by their email domain, and multisite networks that need consistent domain rules across sites.
Existing users are never modified automatically. Instead, the Existing User Audit highlights accounts whose email domains are not on the allowlist so an administrator can review and act on them individually, including removing an account and reassigning its content.
Features include:
Admin-managed allowed domain list
Standard WordPress registration enforcement
REST API user creation/update enforcement
WooCommerce registration enforcement
Existing User Audit tools
Optional login enforcement
Per-user unauthorized account removal with content reassignment
Multisite-aware protections
Lightweight architecture with no custom database tables
Security Notes
The plugin includes:
Capability checks
Nonce verification (verified before any state-changing logic runs)
Sanitization and escaping
Live revalidation before destructive actions
Current-admin protection
Multisite Super Admin protection
Explicit content reassignment or delete confirmation before user removal
Recommended operational practices:
Review the Existing User Audit before enabling login blocking
Test custom registration and SSO flows before production rollout
Maintain regular database backups before deleting users
Restrict plugin management access to trusted administrators only
Uninstall
Deleting the plugin removes its current options:
pageauth_allowed_domains
pageauth_audit_log
pageauth_block_unauthorized_logins
It also cleans up internal flags, transients, user meta, and any leftover keys from prior plugin versions that used the paad_ or aed_ prefixes. On multisite, the matching network options are removed as well.
