Client Email Verification

From WHMCS Documentation

Email Verification checks to ensure that the email address a client registers with is valid and their own.

When you enable this, upon creation of a new client account or change of email address, the system sends an email is to the email address, asking the user to confirm that they intended to register or make the change to the email address.

The validation link they receive is valid for 24 hours. If it expires, the client can request a new verification email by logging in to the client area.

Why enable it?

Enabling Email Verification helps to protect against signing up using incorrectly-typed and unauthorized email addresses. It can also act as part of order review and fraud screening procedures.

When you enable this, the client will not receive the separate Welcome email.

Enabling Email Verification

To enable Email Verification, navigate to Configuration () > System Settings > General Settings > Security or, prior to WHMCS 8.0, Setup > General Settings > Security. Check the Email Verification checkbox and save the changes.

Enable email verification in general settings

Enabling Email Verification will not send an email verification request to any existing clients automatically. Their accounts will display as unverified and continue to operate unaffected.

Default Behaviour

When you enable this, the client will receive an email verification notice when the following events occur:

  • A new user registration.
  • A change of email address for an existing account.

Clients access is not restricted to the client area, services, or support resources prior to email verification completion. This is to allow the client to access the services and support resources they have paid for.

After the client follows the link in the verification email, the client must log in to the client area to complete the verification process. Once they successfully authenticate, a success message will display on the next page.

In the admin area, the email verification banner will no longer display and a Verified badge will display.

Verified email in client profile view

Resending the Verification Email

If a client has not verified their email address, they will see the option to resend the verification email in the banner notice in the client area. Admins also have this ability from the admin client summary page.

Clicking the Resend Verification Email button sends an email with a link that is valid for 60 minutes. If the recipient follows the link after the 60 minute window or multiple times (which invalidates the previous link) then an error will display upon attempting to verify using an older link. The user will have the option to request a new email verification.

Prior to 8.0, the email verification link was valid for 24 hours.

Client Area User Interface

When you enable this, any client who has not completed the email verification process will see a banner reminding them to take action when they log in. This banner appears on all pages of the client area.

No functionality is limited in the client area for clients with an unverified email address.

Email verification banner on client side

Admin Area User Interface

When you enable this, any client who has not completed the email verification process will see a banner at the top of their client summary page and when viewing orders they submitted (pictured below).

Client profile verification banner Manage orders client verification status

An option to resend the verification email is also available from both pages. Clicking this will invalidate any previous verification links.

A badge will also display alongside the client's email address throughout the admin area, denoting whether the client's email address is verified.

Unverified email badge

Verified email badge