How to Block Restricted Usernames in WordPress and WooCommerce

10/10/2025 0 30 3 min read
Tiếng Việt

When running a WordPress site, it’s important to prevent users from registering with sensitive or misleading usernames such as admin, support, or webmaster. These usernames can cause confusion or even pose security risks. This article explains how to block specific usernames from being registered on your WordPress or WooCommerce site using a simple PHP snippet.

How to Block Restricted Usernames in WordPress and WooCommerce
Table of Contents

Why Should You Block Certain Usernames?

Hackers and spam bots often attempt to register accounts with usernames like admin, root, or support to impersonate administrators or trick other users. Additionally, having multiple accounts named “test” or “guest” can make it harder to manage your user database. By restricting these names, you can protect your site and maintain a cleaner, safer community.

The PHP Snippet to Restrict Usernames

You can add the following snippet to your active theme’s functions.php file or through the Code Snippets plugin (set it to Run everywhere):

// 1) Core-level: add restricted usernames to WordPress global blacklist
add_filter('illegal_user_logins', function( $usernames ) {
    $blocked = array(
        'admin','administrator','root','test','webmaster',
        'support','info','guest','moderator'
    );
    $blocked = array_map('strtolower', $blocked);
    return array_unique( array_merge( $usernames, $blocked ) );
});

// Helper: check if a username is blocked (exact match + keyword match)
function im_is_blocked_username( $username ) {
    $u = strtolower( trim( $username ) );

    // a) Exact match restriction
    $blocked_exact = array(
        'admin','administrator','root','test','webmaster',
        'support','info','guest','moderator'
    );
    if ( in_array( $u, $blocked_exact, true ) ) return true;

    // b) (Optional) Restrict usernames containing specific keywords
    $blocked_keywords = array(
        // 'admin', 'support', 'moderator', // uncomment to block "admin123", "support-team", etc.
    );
    foreach ( $blocked_keywords as $kw ) {
        if ( $kw !== '' && strpos( $u, $kw ) !== false ) return true;
    }
    return false;
}

// 2) WordPress core registration form (wp-login.php?action=register)
add_filter('registration_errors', function( $errors, $sanitized_user_login ) {
    if ( im_is_blocked_username( $sanitized_user_login ) ) {
        $errors->add( 'restricted_username', __( 'This username is not allowed. Please choose a different one.', 'init-manga' ) );
    }
    return $errors;
}, 10, 3);

// 3) WooCommerce registration form
add_filter('woocommerce_registration_errors', function( $errors, $username ) {
    // Note: if your site auto-generates usernames from email, they will still be validated here
    if ( im_is_blocked_username( $username ) ) {
        $errors->add( 'restricted_username', __( 'This username is not allowed. Please choose a different one.', 'init-manga' ) );
    }
    return $errors;
}, 10, 3);
?>

How to Add More Restricted Usernames

You can easily expand the list by adding new items to the $blocked or $blocked_exact arrays. If you want to prevent usernames containing certain words (for example, “admin123” or “support-team”), simply uncomment the lines in the $blocked_keywords array and add your own keywords.

Conclusion

This simple method effectively prevents users from registering with restricted or unsafe usernames in both WordPress and WooCommerce. The snippet runs efficiently, avoids conflicts with other plugins, and helps protect your site from fake or misleading accounts. You can freely customize the blocked list to fit your community’s needs and maintain a safer user environment.

Bài Viết Liên Quan

Comments

  • No comments yet.

Init Toolbox

Press Ctrl + \ on desktop, or swipe left anywhere on mobile.

Login

Forgot password?
Create a new account