I’m pleased to announce a major update to the Security addon for WP User Manager 🎉
Security 1.3 introduces the ability for admins to disable users to prevent them from logging, setting an allow list of email addresses, domains or string matches to restrict user registration and other fixes.
Let’s get into it.
Sometimes as a site admin you might need to prevent certain users from logging into the site after registration. Deleting them isn’t needed, they just need to be temporarily deactivated. Now with version 1.3 of the Security addon, you can enable this functionality from the settings in Users > Settings > Security by turning on ‘Allow users to be disabled’.
Once enabled, when viewing the users table in the admin, you will see a new bulk action and a per-user row action to disable users:
The date, time and whichever user performed the action is recorded in the new ‘Disabled’ column added to the users table.
If a disabled user attempts to login, they are prevented from doing so and presented with a message:
Previously the Security addon has allowed admins to use a block list to prevent users from signing up if they have certain emails address, domains, or specific strings. Now there is the ability to use an allow list, where you can set emails address, domains, or specific strings, where users will only be allowed to register if their email matches the list.
For a full list of new features, improvements, and bug fixes, see the changelog.
In a future version we’ll be adding email and SMS support for receiving the TOTP codes, as well as improvements to the Two-Factor settings account page.
Are you excited to see these features make their way into the plugin? Let us know in the comments.