prevent users from changing their email address

by

does anybody know how to hook or filter the user-edit.php file so that an user’s email address is disabled from editing akin to how the username is disabled ..??..

i can edit the core file (gasp) and include disabled=”disabled” in the form and this works but i’m at a loss as to how to add the disable via hook or filter ..

i can also run a function like this that hides the email address via css

/* Change WordPress dashboard CSS */
function custom_admin_styles() {
echo '<style type="text/css">#email { display: none !important; }</style>';
}
add_action('admin_head', 'custom_admin_styles');

but that pulls out the whole email thus form looks funny and then i believe that with a DOM Editor like Firebug, one can still access that email field thus change it … ugh …

ideally, i would like to replace this entire user-edit.php code from this ->

<label for="email"><?php _e('E-mail'); ?> <span class="description"><?php _e('(required)'); ?></span></label></th><td><input type="text" name="email" id="email" value="<?php echo esc_attr($profileuser->user_email) ?>" disabled="disabled" class="regular-text" /> <span class="description"><?php _e('Emails cannot be changed.'); ?></span>

to something like this ->

<label for="email"><?php _e('E-mail'); ?> </label></th><td><?php echo esc_attr($profileuser->user_email) ?>" Please Contact Tech support to change your email

thanks in advance for any pointers you can share … cordially, chuck scott

7 s
7

The only correct solution

(Other answers I see are faulty, vulnerable or incomplete. All of them can be bypassed.)

This plugin does correctly:

class DisableMailChange
{

    public function __construct()
    {
        //prevent email change
        add_action( 'personal_options_update',  [$this, 'disable_mail_change_BACKEND'], 5  );
        add_action( 'show_user_profile',        [$this, 'disable_mail_change_HTML']  ); 
    }

    public function disable_mail_change_BACKEND($user_id) {
        if ( !current_user_can( 'manage_options' ) ) { 
            $user = get_user_by('id', $user_id ); $_POST['email']=$user->user_email; 
        } 
    }

    public function disable_mail_change_HTML($user) {
        if ( !current_user_can( 'manage_options' ) ) { 
            echo '<script>document.getElementById("email").setAttribute("disabled","disabled");</script>';
        } 
    }
}
new DisableMailChange();

Leave a Comment