Hi @mplusplus
Accounts registered with social login are already validated, since the registration with social login is only possible with an existing social media account. For this reason, there is not really a need for additional validation.
Also it is important to mention that:
- Accounts registered with social login won’t always have an email address associated. For example Facebook give users an option to hide their email address, so in that case we need to register the account without an email address.
- Some other providers ( e.g.: Apple ) also give users an option to hide their email address, but in that case, they will rather generate a custom privaterelay apple email address where the users will never log in to.
So with additional verification you could make these users not being able to login to their accounts, as they will never be able to verify their accounts.
Of course if you work with providers that always return the email address, then you could use our Support Login Restrictions feature, which can be found at our Global Settings > General tab:
With that feature being enabled, third party plugins which are capable of preventing the login with an error over the WordPress filters: authenticate or wp_authenticate_user, could also prevent the login with social login.
In the documentation below you can find some plugins that we tested and worked:
https://nextendweb.com/nextend-social-login-docs/login-restriction/
Best regards,
Laszlo.
