WP-Nexus

Appearance

User Registration

Build a frontend user registration form that creates WordPress user accounts with validation and role assignment.

UI Layout 

Form Container
  ├── Heading ("Create Account")
  ├── Text Input (name: "username", label: "Username", required: true)
  ├── Text Input (name: "email", label: "Email Address", required: true)
  ├── Text Input (name: "password", label: "Password", required: true, type: password)
  ├── Text Input (name: "password_confirm", label: "Confirm Password", required: true, type: password)
  ├── Text Input (name: "display_name", label: "Display Name")
  └── Submit Button ("Register")

Set visibility on the Form Container to Logged Out so only anonymous visitors see the form.

Action Pipeline (onSubmit) 

Context
  → Rate Limit (maxRequests: 5, windowSeconds: 300, scope: "ip")
    → Validate
      → Sanitize
        → HTTP Request (create user via WP REST API or custom endpoint)
          → Output

Validate Rules

json
[
  { "field": "username", "rule": "required" },
  { "field": "username", "rule": "min_length", "value": "3" },
  { "field": "username", "rule": "max_length", "value": "30" },
  { "field": "username", "rule": "regex", "value": "^[a-zA-Z0-9_]+$" },
  { "field": "email", "rule": "required" },
  { "field": "email", "rule": "email" },
  { "field": "password", "rule": "required" },
  { "field": "password", "rule": "min_length", "value": "8" }
]

Sanitize Fields

json
[
  { "field": "username", "method": "trim" },
  { "field": "username", "method": "strip_tags" },
  { "field": "email", "method": "sanitize_email" },
  { "field": "display_name", "method": "strip_tags" },
  { "field": "display_name", "method": "trim" }
]

Creating the User

Since WP-Nexus pipelines run server-side with WordPress loaded, you can use the HTTP Request node to call a custom REST endpoint, or create a small custom plugin that registers a REST route for user creation:

php
// In a custom plugin or functions.php
add_action('rest_api_init', function() {
    register_rest_route('my-app/v1', '/register', [
        'methods' => 'POST',
        'callback' => function($request) {
            $username = sanitize_user($request['username']);
            $email = sanitize_email($request['email']);
            $password = $request['password'];
            $display_name = sanitize_text_field($request['display_name'] ?? $username);

            if (username_exists($username)) {
                return new WP_Error('username_exists', 'Username already taken', ['status' => 400]);
            }
            if (email_exists($email)) {
                return new WP_Error('email_exists', 'Email already registered', ['status' => 400]);
            }

            $user_id = wp_create_user($username, $password, $email);
            if (is_wp_error($user_id)) {
                return $user_id;
            }

            wp_update_user(['ID' => $user_id, 'display_name' => $display_name]);
            (new WP_User($user_id))->set_role('subscriber');

            return ['success' => true, 'user_id' => $user_id];
        },
        'permission_callback' => '__return_true',
    ]);
});

HTTP Request node:

url: "/wp-json/my-app/v1/register"
method: "POST"
body: "{\"username\": \"`{ {input.username}}`\", \"email\": \"`{ {input.email}}`\", \"password\": \"`{ {input.password}}`\", \"display_name\": \"`{ {input.display_name}}`\"}"
headers: "{\"Content-Type\": \"application/json\"}"

Security Considerations

  • Rate limiting is critical for registration forms (prevents mass account creation).
  • Password strength requirements should be enforced with the min_length rule (8+ characters minimum).
  • Never store passwords in your custom tables. Always use wp_create_user() which hashes passwords properly.
  • The registration form should only be visible to logged-out users.

Variations

Add email verification

After creating the user, set a meta flag email_verified: false and send a verification email with a unique token. Create a separate page/pipeline to handle the verification link.

Add custom profile fields

Include additional form fields (phone, company, etc.) and save them as user meta after creating the user:

HTTP Request (create user) → Set Field (user_id = row.user_id) → Update User Profile → Output

Auto-login after registration

After successful registration, use wp_set_auth_cookie() in the custom REST endpoint to log the user in automatically.

TIP

For production sites, consider adding CAPTCHA (Google reCAPTCHA or similar) as an additional spam prevention layer alongside rate limiting.