Client Email Verification

From WHMCS Documentation

Email Verification checks to ensure that the email address a client registers with is valid and their own. When a user or admin creates a new client account or changes a client's email address, the system sends an email asking the user to confirm that they intended to register or make the change to the email address.

This helps protect against signups using incorrectly-typed and unauthorized email addresses. It can also act as part of order review and fraud screening procedures.

Enabling Email Verification

You can enable email verification in the Security tab at Configuration () > System Settings > General Settings or, prior to WHMCS 8.0, Setup > General Settings.

Enabling Email Verification will not send an email verification request to any existing users automatically. Their accounts will display as unverified and continue to operate unaffected.

Default Behaviour

WHMCS sends email verification notices when the following events occur:

  • A new user completes registration.
  • An existing user's email address changes.

To help reduce the number of emails new clients are sent after signing up, the client will not receive the separate Welcome email when Email Verification is enabled.

User access is not restricted to the client area, services, or support resources prior to email verification completion. This is to allow the user to access the services and support resources they have paid for.

After the user follows the link in the verification email, the user must log in to the client area to complete the verification process. Once they successfully authenticate, a success message will display on the next page.

In the admin area, the email verification banner will no longer display.

The Validation Link

The validation link in each verification email is valid for 60 minutes for WHMCS 8.0 and higher or, prior to WHMCS 8.0, 24 hours. If the link expires, the user can request a new verification email by logging in to the Client Area.

Users who have not verified their email address will see the option to resend the verification email in the banner notice in the Client Area.

Admins can view the client's email verification status from the Summary tab in the client's profile and a banner will also display when viewing orders from that account. A badge will also display alongside the user's email address, denoting whether the email address is verified.

Clicking Resend Verification Email sends an email with a new link in a new verification email.