How to Create a Global Denylist

Updated:

Overview

Are you interested in establishing a global denylist at the domain level that applies to all of your forms? Crafting such a list will guarantee that any previously flagged spam emails are universally blocked across all your WPForms through a single, unified function.

By default, using the Allowlist or Denylist you can easily block domains for each form using *@bad-domain.com. To find more about setting up an Allowlist or Denylist, please check out this helpful guide.

However, the primary aim of this tutorial is to establish a global list, eliminating the need for individual edits in each form. Harnessing the capabilities of PHP, constructing such a list becomes a straightforward and expeditious process, as we will demonstrate in this tutorial!

Adding the snippet

Now it’s time for us to add the snippet to our site and customize the list by domain names we want to block. Simply copy and paste this snippet to your site.

For any assistance in how and where to add snippets to your site, please review this tutorial. 

/*
 * Global denylist for domains on all WPForms.
 *
 * @link https://wpforms.com/developers/how-to-create-a-global-denylist/
*/
 
function wpf_dev_blacklist_global_domains( $field_id, $field_submit, $form_data ) {
 
    // Find the domain name, anything after the @ symbol
    $domain          = substr( strrchr( $field_submit, "@" ), 1 );
 
    // Add the domains here, separated by commas
    $blacklist       = array( 'deny.com', 'nope.com' );
 
    // Customize the error message that will be shown 
    if( in_array( $domain, $blacklist ) ) { 
        wpforms()->process->errors[ $form_data[ 'id' ] ][ $field_id ] = esc_html__( 'We apologize, this domain is not accepted.', 'wpforms' );
        return;
    }
}
add_action('wpforms_process_validate_email', 'wpf_dev_blacklist_global_domains', 10, 3 );

This snippet will look at the domain name entered in the email field and check it against the global list that you’ve built in this snippet. Domain names can be listed in the [email protected] format. But each domain is listed with single quotes and then separated by a comma.

When any user tries to enter that domain and submits the form, they’ll see the error.

using this snippet you can easily create a global denylist

And that’s it! You’ve successfully created a global denylist for all your WPForms. Would you like to also block profanity in your forms? Take a look at our tutorial on How to Block Form Submissions Containing Profanity.

Action Reference: wpforms_process_validate_email

Tagged:
Still stuck? How can we help?
Last Updated on Oct 18, 2023