Client Email Verification

From WHMCS Documentation

Email Verification is a feature available to validate and ensure that the email address a client registers with is valid and their own.

When enabled, upon creation of a new client account or change of email address, an email is sent to the email address provided asking the user to confirm that they intended to register or make the change of email address.

The validation link they receive is valid for 24 hours. Should it expire, the client can request a new verification email be sent by logging into the client area.

Why enable it?

Enabling Email Verification adds an additional layer of protection against signing up using incorrectly typed and unauthorized email addresses, and can also be used as part of order review and fraud screening procedures.

Enabling Email Verification

To enable email verification, navigate to Setup >> General Settings >> Security tab. Tick the Email Verification checkbox and save the changes.

Enable email verification in general settings
Enabling Email Verification will not send an email verification request to any existing clients automatically. Their accounts will simply show as unverified and continue to operate unaffected.

Default Behaviour

When enabled, the client will be sent an email verification notice when the following events occur:

  • A new user registration
  • Change of email address for an existing account

Clients access is not restricted to the client area, services or support resources prior to email verification being completed. This is to allow the client to access the services they have paid for and your support resources.

Upon the client following the link sent in the verification email, the client will be required to log into the client area to complete the verification process. Once successfully authenticated, a success confirmation message will be displayed on the next page.

Verified email successfully

In the admin area, the email verification banner will no longer be present and a Verified badge will display alongside the client's email address.

Verified email in client profile view

Resending the Verification Email

If a client has not verified their email address, they will see the option to resend the verification email in the banner notice displayed within the client area. Admins also have this ability from the admin client summary page.

Clicking the Resend Verification Email button sends an email with a link that is valid for 24 hours. If the link is followed after the 24 hour window or if the button is clicked again (which invalidates the previous link) then an error will be displayed upon attempting to verify using an older link. Again however, the user will have the option to request a new email verification.

Client Area User Interface

When enabled, any client who has not completed the email verification process will be prompted with a banner reminding them to take action when they login. This banner is displayed on all pages of the client area.

No functionality is limited in the client area for clients with an unverified email address.

Email verification banner on client side

Admin Area User Interface

When enabled, any client who has not completed the email verification process will have a banner shown at the top of their client summary page and when viewing orders submitted by them (pictured below).

Client profile verification banner Manage orders client verification status

An option to resend the verification email is also available from both pages. Be aware that clicking this will invalidate any previous verification links.

A badge will also display alongside the client's email address throughout the admin backend denoting whether the client's email address is verified or not.

Unverified email badge

Verified email badge