Prefix user login_name and validate it is unique on Registration

The usual way to create a user goes with the register_new_user function. This function offers no filter for the user name. It just checks for uniqueness with username_exists. To actually create the user register_new_user then calls wp_create_user, which in turn calls wp_insert_user. The latter function contains the pre_user_login filter. Then it calls username_exists again, because … Read more

Only Admin receives email

Mail sent from WP uses wp_mail() function. There is a filter that you can use before the mail is sent to filter the arguments used in the wp_mail() function, including the $to value. See https://developer.wordpress.org/reference/hooks/wp_mail/ Look at the example code on that page to get an idea of how to block (or redirect) all mail … Read more

WordPress password as plain text in email

No, WordPress passwords are not stored in plain text. They’re stored as hashes generated by an old version of PHPass, which I think does multiple rounds of salted MD5 hashes. You cannot extract the original password from this, by design. See Why shouldn’t I store passwords in plain text? on Information Security StackExchange. If you … Read more