CM Email Registration Blacklist (CMRB) - Use Case - How to Secure Your Site Registration Process (List All Methods by Email, by Domain)
Use Case – How to secure your site registration process (list all methods by email, by domain).
- CM Email Registration Blacklist – This document uses version 1.5.3
The CM Email Registration Blacklist plugin allows you to block users who try to register on your WordPress site using an email from a domain or email defined in your blacklists/online lists. It also allows you to approve only users from a whitelist.
The plugin helps to avoid spam with viruses, malwares, disposable emails, and unwanted users.
Use Case Front-End
Use Case Assumptions
In this example we will consider how to defend your site from unwanted registrations to avoid spam, viruses and malware.
- Installing the plugin
- Setting up
- User Domain Blacklist
- User Domain Whitelist
- User Email Blacklist
- User Email Whitelist
- Free Domains
- Registration Log
- Domain & E-mail Tester
- End Result
Installing The plugin
The process is the same for all CM plugins and add-ons.
- Download the plugin from your customer dashboard
- Log in to WordPress and navigate to the WordPress Admin → Plugins settings
- Click on Add New
- Activate it and add the license
Learn more: Getting Started - Plugin Overview
All setting up happens in CM E-Mail Registration Blacklist. So navigate to Admin Dashboard → CM E-Mail Registration Blacklist → General Settings tab.
- Domain White List - Protects emails from the White List from being blocked.
- Accept domains only from White List
- Domain Black List - Blocks emails from the Black List.
- User E-mail White List - Includes the emails from the plugin's White List.
- User E-Mail Black List - Includes the emails from the plugin's Black List.
- Accept emails only from white list
- DNSBL Domain Check - Refer to notes below.
- Free Domain List - Fetches list of spam addresses from Spam Assassin. Learn more about Spam Assassin.
- Enable for edit profile - Applies filters when the user updates the email from the edit profile section. This prevents users from updating their emails to blocked ones. Currently only works on:
- Default WordPress profile form editor
- CM Registration Pro profile form editor
- Show Powered by CreativeMinds - Show or hide "Powered by CreativeMinds" in the registration screen.
- Remove HTML tags from error messages - Removes any tags (such as links or formatting) from error messages.
- Google reCAPTCHA - Enables verification via reCAPTCHA. Learn more: General Support - reCAPTCHA - What is It and How to Enable. Learn more about reCAPTCHA - What is It and How to Enable.
TIP: Using Free Domain and DNSBL Lists
If you enable DNSBL Domain Check and Free Domain List keep in mind, that some popular domains like gmail.com can be included in these lists. If you want these domains to be allowed to register you need to disable these lists, or add needed domains to Domain White List.
User Domain Blacklist
Next tab is User Domain Blacklist.
The blacklist contains a list of all of the domains that will be blocked from registering on your site. Add a new domain by typing in the box provided.
Anyone with an email address matching the domain you enter on the blacklist will be unable to register for your site.
User Domain Whitelist
Next tab is User Domain Whitelist.
Whitelisted domains are domains that have been flagged, but are still allowed to register a domain on your site.
Add a new domain to the whitelist by typing it in the provided box. Adding a domain to the whitelist will allow users to register with even if it has already been tagged as spam in the blacklist or free domain list.
User Email Blacklist
Next tab is User Email Blacklist.
The blacklist contains a list of all of the emails that will be blocked from registering on your site regardless of their domain status. Add a new email by typing in the box provided.
Anyone with an email address matching the address you enter on the blacklist will be unable to register for your site.
TIP: Note on Gmail Domain
Google allows its users to modify the email address by including dots or plus inside the address. This applies to @gmail.com and @googlemail.com accounts.
Starting from version 1.4.2 of the plugin, you can block all these variants by adding the "clean" version to the blacklist, without including any dot or plus signs. In the example above, that would be firstname.lastname@example.org.
User Email Whitelist
Next tab is User Email Whitelist.
Whitelisted emails are addresses that have been flagged, but are still allowed to register an email on your site. It can also include emails from domains that have been blocked by any of the plugin tools. So any email which appears on this list will always be able to register.
Add a new email to the whitelist by typing it in the provided box. Adding an email to the whitelist will allow users to register with even if it has already been tagged as spam in the blacklist emails list.
Next tab is Free Domains.
Here you will find the list of free domains that have already been identified as spam by the website SpamAssassin, and added to the blacklist.
You have the option of updating the list by clicking the blue update button in the upper right hand corner of the box. Updating the list will fetch the latest list and update the plugin information on your WordPress database.
Next tab is Labels.
This tab controls the messages that will appear on the screen when a user tries to register a domain name and gets blocked. These messages will appear if the domain is blacklisted, listed on the Free Domain list, or not included in the whitelist.
Change the text in each box to alter the message that appears when a user is unable to register a domain on your site. The same label will also show once you use the domain tester.
Next tab is Registration Log.
This box contains the list of failed registration attempts including the date, time, email, reason for the failure and the IP address used.
You can clear the log by clicking on the Clear Log button. Once you clear all log data will be erased from the Database.
Domain & E-mail Tester
Next tab is Domain & E-mail Tester.
In the Domain & E-Mail Tester box, type in a domain/email and click check and see if the domain/email will be accepted or not.
If the domain/email is blacklisted, the word INVALID will appear and the search results will say that the domain/email is blacklisted.
If the domain/email is whitelisted/not-blacklisted, the word VALID will appear and the search results will say that the domain/email is whitelisted.
Using this simple instruction you can avoids spam with viruses and malware, disposable emails, and unwanted users.
Use Case Front-End