Blacklist usernames

The Security extension does include the ability to blacklist username, specific email addresses, email domains, and IP addresses. (It has several other features as well.)

https://rocketgeek.com/plugins/wp-members/extensions/security-extension/
https://rocketgeek.com/product/security/

Alternatively, you can implement any custom form validation you want, including but not limited to blacklisting usernames, by using the wpmem_pre_register_data action:

https://rocketgeek.com/plugins/wp-members/docs/filter-hooks/wpmem_pre_register_data/

We are a not for profit organisation. I am coming to this plugin as we recently suffered a malware redirect attack on our site that used Ultimate Member. I am a SQL server developer by day but don’t know anything about php, so..

if ( $fields[‘my_field’] != ‘some_criteria’ ) {
$wpmem_themsg = ‘your error message…’;

would become

$badusers = array(“admin”, “webmaster”, “root”, “administrator”);

if (in_array($fields[‘username’], $badusers)) {
$wpmem_themsg = ‘Please choose an alternative username. Certain usernames are not allowed’;

That looks like it would do it.