We recently launched our Academic Blogging Service at the University of Edinburgh. The service is built on top of a WordPress Multisite instance and uses the institution's single sign on solution, EASE to register and authenticate with the service.

EASE is linked with our central LDAP service which provides us with some basic, centrally stored user information such as their username, first name and last name. We use this information to populate the registration form automatically once a user has authenticated via EASE during the registration process.

Shortly after we launched the Academic Blogging Service, we realised that user's could modify their first and last names by going to their dashboard and editing their user settings. We wanted to restrict this ability as the information retrieved from LDAP should be the golden copy and our WordPress Multisite should not store data that contradicts these records.

Dashboard Showing First and Last Name Editable Fields

WordPress provides a wealth of customisation options which has been key to its success on the web, as a versatile CMS/blogging platform. Despite this, we were unable to find any readily available hooks to disable the First Name and Last Name fields in the user edit page.

We wanted to disable these fields via CSS and ensure that if a user overrode the CSS rules via their browser dev tools, we would not accept the name change. Unfortunately, after much searching, we could not find any readily available solutions for this issue.

We settled on a simple hook to inject some JavaScript into the admin page to disable the name fields. Our solution is given below:

<?php

// Function to disable the first name and last name fields
function disable_first_and_last_name_fields() {
	?>
	<script type="text/javascript">
        $(function() {
            // Disable the first and last names in the admin profile so that user's cannot edit these
				$('#first_name').prop( 'disabled', true );
				$('#last_name').prop( 'disabled', true );
        });
   	</script>
	<?php
}

// Action hook to inject the generated JavaScript into admin pages
add_action( 'admin_head', 'disable_first_and_last_name_fields' );
            

The solution above uses jQuery to target the DOM elements for the first and last name fields, setting their disabled properties to true.

The JavaScript is inserted into all admin page head sections using the action hook, admin_head.

The solution could be refined by only targetting the user edit page and adding some server side validation to ensure that the first and last names cannot be modified but as a first pass, this solution will stop the majority of users from editing these fields.

Photo by Markus Spiske on Unsplash