Fixing Google Site Kit Username Issue: Removing Email Domain on Registration

Understanding the Issue

Google Site Kit uses Google OAuth to authenticate users, and during that process, it often provides the user’s email as the unique identifier. WordPress then runs sanitize_user() on that email, which removes invalid characters like @ and ., turning [email protected] into johnsmithgmailcom.

This leads to two main problems:

• Usernames look like scrambled emails, which is bad for readability and privacy.
• Duplicate local parts (like [email protected] and [email protected]) still generate confusing usernames.

Technical Solution Using WordPress Hook

WordPress provides the pre_user_login filter, which runs just before a new user account is created. By hooking into this filter, we can intercept the username, remove the email domain, sanitize it, and ensure uniqueness before it’s saved to the database.

Implementation Code

<?php
// Remove email domain and keep only the username part during registration
add_filter('pre_user_login', function ($user_login) {
    // Check if the username looks like an email
    if (strpos($user_login, '@') !== false) {
        $user_login = substr($user_login, 0, strpos($user_login, '@'));
    }

    // Sanitize the username (lowercase, valid characters only)
    $user_login = sanitize_user($user_login, true);

    // Fallback for empty results
    if ($user_login === '') {
        $user_login = 'user';
    }

    // If username doesn’t exist, use it as-is
    if (!username_exists($user_login)) {
        return $user_login;
    }

    // If it already exists, add a numeric suffix
    $base = $user_login;
    $i = 1;
    $candidate = "{$base}-{$i}";
    while (username_exists($candidate)) {
        $i++;
        $candidate = "{$base}-{$i}";
    }
    return $candidate;
}, 10, 1);

Where to Add the Code

1. MU-Plugin (Recommended):
   Create a file named fix-google-sitekit-username.php inside wp-content/mu-plugins and paste the code above. MU-plugins are automatically loaded and immune to theme updates.
2. Code Snippets Plugin:
   Add a new snippet, name it “Trim Email Domain from Username”, choose “Run everywhere”, and paste the code.
3. functions.php (Alternative):
   Paste the code into your active theme’s functions.php file. Use this only if you manage your theme code directly.

Testing the Fix

• Register using [email protected] — the username should be example.
• Register again with another email using the same local part, e.g. [email protected] — the username should automatically become example-1.
• Try complex emails (e.g. [email protected]) to ensure sanitization works correctly.

Compatibility Notes

This solution works with Google Site Kit, Nextend Social Login, and other OAuth-based SSO plugins. Because it operates on a core WordPress filter, it doesn’t depend on specific plugin behavior. However, if another plugin overwrites the username after this hook, you may need to locate its internal filter (e.g. sitekit_user_register) and adjust hook priority to run later.

Security and Best Practices

• Keep usernames free of identifiable information like full emails for better privacy.
• Do not alter the user’s actual email field — only modify user_login.
• Always test in a staging environment before applying changes to production.

Conclusion

By hooking into pre_user_login, you can fully control how usernames are generated from Google Site Kit or other OAuth logins. This simple, clean approach ensures consistent, safe, and human-readable usernames without exposing users’ email addresses publicly.