Quick Fix to Ban Spam User Accounts on WPMU

Quick Fix to Ban Spam User Accounts on WPMU

Anyone who has maintained a WPMU site lately has more than likely had to contend with spammers worming their way in to create user accounts. Have you noticed that the function to ban email domains in WordPress MU 2.8.4 doesn’t work? You enter the domain in the options for banned email field and they still seem to get through! My biggest offenders lately are from the mail.ru domain. Wicked weasels! Here’s a way to tie their tails together and set them on fire! Much thanks to D’arcy Norman and his helpful post for this very simple fix:

1. Find this file: wp-includes/wpmu-functions.php

2. Locate this function: is_email_address_unsafe() around row 880

3. Turn the string into an array! (see below)


function before


function is_email_address_unsafe( $user_email ) {
	$banned_names_text = get_site_option( "banned_email_domains" ); // grab the string first
	$banned_names = explode("\n", $banned_names_text); // convert the raw text string to an array with an item per line
	if ( is_array( $banned_names ) && empty( $banned_names ) == false ) {
		$email_domain = strtolower( substr( $user_email, 1 + strpos( $user_email, '@' ) ) );
		foreach( (array) $banned_names as $banned_domain ) {
			if( $banned_domain == '' )
			if (
				strstr( $email_domain, $banned_domain ) ||
					strstr( $banned_domain, '/' ) &&
					preg_match( $banned_domain, $email_domain )
			return true;
	return false;

This is a simple fix in the first two lines of the function, but oh so necessary! I’ve tested it on one of my installs and it works. If you’re maintaining a WPMU site and you’re tired of having to delete fake users, implement this quick fix.