Client Email Verification

From WHMCS Documentation

Email Verification checks to ensure that the email address a client registers with is valid and their own.

When you enable this, upon creation of a new client account or change of the account owner's email address, the system sends an email asking the user to confirm that they intended to register or make the change to the email address.

The validation link they receive is valid for 60 minutes. If it expires, the user can request a new verification email by logging in to the client area.

Why enable it?

Enabling Email Verification helps to protect against signing up using incorrectly-typed and unauthorized email addresses. It can also act as part of order review and fraud screening procedures.

To help reduce the number of emails new clients are sent after signing up, the client will not receive the separate Welcome email when Email Verification is enabled.

Enabling Email Verification

To enable Email Verification, navigate to Configuration () > System Settings > General Settings > Security or, prior to WHMCS 8.0, Setup > General Settings > Security. Check the Email Verification checkbox and save the changes.

Enable email verification in general settings

Enabling Email Verification will not send an email verification request to any existing users automatically. Their accounts will display as unverified and continue to operate unaffected.

Default Behaviour

An email verification notice is sent when the following events occur:

  • A new user completes registration.
  • An existing account owner changes their email address.

User access is not restricted to the client area, services, or support resources prior to email verification completion. This is to allow the user to access the services and support resources they have paid for.

After the user follows the link in the verification email, the user must log in to the client area to complete the verification process. Once they successfully authenticate, a success message will display on the next page.

In the admin area, the email verification banner will no longer display.

Verified email in client profile view

Resending the Verification Email

If a user has not verified their email address, they will see the option to resend the verification email in the banner notice in the client area. Admins also have this ability from the client summary page.

Clicking the Resend Verification Email button sends an email with a link that is valid for 60 minutes. If the recipient follows the link after the 60 minute window or multiple times (which invalidates the previous link) then an error will display upon attempting to verify. The user will have the option to request a new email verification.

Prior to 8.0, the email verification link was valid for 24 hours.

Client Area User Interface

Any user who has not completed the email verification process will see a banner reminding them to take action when they log in. This banner appears on all pages of the client area.

No functionality is limited in the client area for users with an unverified email address.

Email verification banner on client side

Admin Area User Interface

A banner will be displayed at the top of the client summary page and when viewing orders for any account where the account owner has not completed the email verification process.

Client profile verification banner

Manage orders client verification status

An option to resend the verification email is also available from both pages. Clicking this will invalidate any previous verification links.

A badge will display alongside the user's email address, denoting whether the email address is verified.

User verified badge