Page Authority – Allowed Domains

Allowed Email Domains gives administrators a simple way to restrict WordPress user accounts to approved email domains.

The plugin is designed for sites where only users from specific organizations, companies, clients, or teams should be added as WordPress users.

Features include:

• Admin-managed allowed domain list
• Standard WordPress registration enforcement
• REST API user creation/update enforcement
• WooCommerce registration enforcement
• Existing User Audit tools
• Optional login enforcement
• Per-user unauthorized account removal with content reassignment
• Multisite-aware protections
• Lightweight architecture with no custom database tables

Security Notes

The plugin includes:

• Capability checks
• Nonce verification (verified before any state-changing logic runs)
• Sanitization and escaping
• Live revalidation before destructive actions
• Current-admin protection
• Multisite Super Admin protection
• Explicit content reassignment or delete confirmation before user removal

Recommended operational practices:

• Review the Existing User Audit before enabling login blocking
• Test custom registration and SSO flows before production rollout
• Maintain regular database backups before deleting users
• Restrict plugin management access to trusted administrators only

Uninstall

Deleting the plugin removes its current options:

• pageauth_allowed_domains
• pageauth_audit_log
• pageauth_block_unauthorized_logins

It also cleans up internal flags, transients, user meta, and any leftover keys from prior plugin versions that used the paad_ or aed_ prefixes. On multisite, the matching network options are removed as well.