Summary:
To protect sensitive partner data and limit access to authorized users, a WooCommerce-based WordPress portal was customized to restrict user registration based on email domain. The solution involved removing a visible company dropdown field and automatically assigning users to a company based on their email domain, ensuring secure and dynamic access control.
Issue background
The WooCommerce registration form on a private support portal displayed a company selection field that exposed a list of authorized partner companies. This posed a privacy concern, as anyone visiting the form could view all partner names.
The requirement was to:
- Prevent display of the partner list in the form.
- Automatically assign a new user to the correct partner company based on their email domain.
- Prevent registration if the email domain is not recognized or mapped to a company.
- Display a customizable error message for unauthorized domains.
Diagnosis
- The registration form was pulling company names dynamically from a custom database or Formidable Form entries.
- Existing logic in
functions.phpattempted to manipulate registration behavior but had limitations. - Some companies lacked a mapped email domain, which complicated the matching logic.
Resolution steps
- Removed the company field from the WooCommerce registration form to eliminate the privacy concern of listing all partners publicly.
- Modified registration logic using a custom function to parse the user’s email domain and compare it against a dynamic list of mapped domains tied to company records.
- Auto-assigned users to the appropriate company if a matching domain was found.
- Blocked registrations if no domain match existed, and displayed a helpful error message: “Only authorized work email addresses will be approved.”
- Provided a way to update the error message through the Code Snippets plugin, offering future flexibility without touching code.
Final outcome
Registrations are now limited to users with company-approved email domains, ensuring that sensitive data is not exposed and access is appropriately restricted. Company mappings remain dynamic, allowing admins to add or remove authorized domains without needing developer intervention. The solution is robust, secure, and customizable via the WordPress dashboard.
Need help customizing registration workflows in WordPress or WooCommerce? Contact Freshy — we build smart, secure solutions tailored to your site’s needs.