UserCheck

UserCheck blocks disposable and throwaway email addresses from your sign-up forms. The result: less spam, fewer fake accounts, and a cleaner user base. Supported plugins If you're using any of these, UserCheck protects them automatically — nothing to configure:

• WordPress core (registration, comments, multisite signup, profile email change)
• WooCommerce (classic checkout, Cart/Checkout Block, account registration, Edit-account email change)
• Profile Builder (free + Pro)
• Contact Form 7
• WPForms
• Elementor Pro Forms
• Gravity Forms
• Fluent Forms
• Ninja Forms
• Formidable Forms
• MailPoet

Fallback for unsupported plugins For plugins without a built-in integration, a fallback check catches sign-ups from any other form on your site. It only runs when someone submits a form, so it won't slow down your dashboard or background tasks. You can turn it off under Settings → UserCheck → Coverage. Choose what to block Pick which kinds of email addresses get blocked: domains that can't receive email, disposable addresses, public providers (Gmail, Yahoo, etc.), forwarding services that hide the real address, and known spammers. Domains on your UserCheck account blocklist are always blocked. Lightweight by design Emails are checked only when users submit a form (registration, comment, checkout) — never re-checked for existing users or orders. No background scans, no surprises. Resilient by design If our service is ever down or slow, your site keeps working: sign-ups go through and the error is logged for review. Each request times out after 2 seconds, so an unresponsive API can't hold up your forms. Full email or domain only Send the full email (more accurate) or just the domain. Extensible Developers can plug UserCheck into any plugin's validation hook by calling UserCheck::instance()->evaluate_email( $email ) and acting on the returned action, reason, and message. Translation ready All text in the plugin can be translated into any language. Works out of the box No configuration required. A free API key unlocks higher request limits. Powered by UserCheck, which tracks new disposable email providers as they appear so your site's protection stays current.

0.2.0 Changed

• Replaced the global is_email filter with surface-specific hooks. The plugin now only checks emails when users submit them (registration, comments, WooCommerce checkout/account creation) and no longer re-validates existing users or orders. Fixes 502 errors on order pages caused by repeated synchronous API calls.
• Reduced API request timeout from the WordPress default (5s) to 2s. Added
• Settings to choose which signals block sign-ups (invalid MX, disposable, public email providers, relay/forwarding, spam).
• Domains on your custom UserCheck blocklist are always blocked when present — no opt-in needed.
• Settings to choose whether to send the full email (more accurate) or just the domain (cheaper). New installs default to full-email; upgrades from 0.1.x keep domain-only.
• WooCommerce integrations (auto-enabled when WooCommerce is active): classic checkout (woocommerce_after_checkout_validation), Cart/Checkout Block (woocommerce_store_api_checkout_order_processed), account registration, and Edit-account email change (woocommerce_save_account_details_errors).
• Profile Builder (free + Pro) registration integration (auto-enabled when Profile Builder is active).
• Multisite signup integration.
• Contact Form 7 integration (auto-enabled when CF7 is active). Hooks wpcf7_validate_email and wpcf7_validate_email*.
• WPForms integration (auto-enabled when WPForms is active). Hooks wpforms_process_validate_email.
• Elementor Pro Forms integration (auto-enabled when Elementor Pro is active). Hooks elementor_pro/forms/validation/email.
• Gravity Forms integration (auto-enabled when GF is active). Hooks gform_field_validation for email-type fields.
• Fluent Forms integration (auto-enabled when Fluent is active). Hooks fluentform/validate_input_item_input_email.
• Ninja Forms integration (auto-enabled when NF is active). Hooks ninja_forms_submit_data and walks email-type fields.
• Formidable Forms integration (auto-enabled when Formidable is active). Hooks frm_validate_field_entry (covers fields inside repeater rows).
• MailPoet integration (auto-enabled when MailPoet is active). Hooks mailpoet_subscription_before_subscribe.
• Registry-driven integration loader: built-in integrations live in UserCheck::integrations_registry() and are wired automatically when their host plugin is detected.
• Public extension API: developers can call UserCheck::instance()->evaluate_email( $email ) from any hook to integrate UserCheck with plugins that don't have a built-in or aren't covered by the is_email() fallback. Returns array{action, reason, message} with action being allow or block.
• usercheck_block_message filter so developers can override the user-facing block message per signal. See the FAQ for a usage example.
• is_email() fallback for plugins without a native integration (Settings → UserCheck → Coverage). On by default — preserves the unconditional is_email coverage that existed pre-0.2.0; opt out from the Coverage section. Covers front-end submissions including AJAX (wpDiscuz, AJAX-submitted CF7/Elementor) and REST; admin page-loads, cron, and WP-CLI are excluded so the v0.1 502 regression on WC order pages stays fixed.
• WP profile email-change coverage (user_profile_update_errors) and REST comment submission coverage (rest_pre_insert_comment).
• Per-request deduplication: the same email evaluated multiple times in one request now triggers a single API call.
• Existing API keys are migrated automatically to the new settings format.

0.1.1 Fixed

• Skip validation for WordPress system emails

0.1.0 Added

• Error logging system with retention and pagination
• API key validation on settings update
• Rate limit error handling (429 response) Changed
• Reduced unauthenticated API request limit from 60 to 30 requests per hour
• Improved error handling and validation for API responses Fixed
• Added proper error handling for API failures

0.0.1

• Initial release