Using WordPress ‘preprocess_signup_form’ PHP action

by

The preprocess_signup_form WordPress PHP action fires when the site sign-up form is sent.

Usage

add_action('preprocess_signup_form', 'your_custom_function');

function your_custom_function() {
  // your custom code here
}

Parameters

  • None

More information

See WordPress Developer Resources: preprocess_signup_form

Examples

Add a custom validation for user email

Check if the user email domain is allowed during sign-up.

add_action('preprocess_signup_form', 'validate_email_domain');

function validate_email_domain() {
  $email = $_POST['user_email'];
  $allowed_domain = 'example.com';

  if (strpos($email, $allowed_domain) === false) {
    wp_die('Only example.com email addresses are allowed.');
  }
}

Block specific usernames from signing up

Prevent users from registering with specific usernames.

add_action('preprocess_signup_form', 'block_specific_usernames');

function block_specific_usernames() {
  $blocked_usernames = array('admin', 'test', 'demo');
  $username = $_POST['user_name'];

  if (in_array($username, $blocked_usernames)) {
    wp_die('The selected username is not allowed. Please choose another one.');
  }
}

Log sign-up attempts

Log sign-up attempts to a file for analysis.

add_action('preprocess_signup_form', 'log_signup_attempts');

function log_signup_attempts() {
  $username = $_POST['user_name'];
  $email = $_POST['user_email'];
  $timestamp = date('Y-m-d H:i:s');
  $log_entry = "$timestamp | $username | $email" . PHP_EOL;

  file_put_contents('signup_log.txt', $log_entry, FILE_APPEND);
}

Set a minimum password length

Enforce a minimum password length during sign-up.

add_action('preprocess_signup_form', 'check_password_length');

function check_password_length() {
  $password = $_POST['password'];
  $min_length = 8;

  if (strlen($password) < $min_length) {
    wp_die("Password must be at least $min_length characters long.");
  }
}

Add a honeypot field to prevent spam sign-ups

Add an invisible field to the sign-up form to catch bots.

add_action('preprocess_signup_form', 'honeypot_check');

function honeypot_check() {
  if (!empty($_POST['honeypot_field'])) {
    wp_die('Spam registration detected.');
  }
}