How can we improve WHMCS?

Share, discuss and vote for what you would like to see added to WHMCS

  1. Home
  2. Ideas
  3. Client Area
  4. Force email verification before account provisioning

Force email verification before account provisioning



94 Votes
Login to Vote
I run a two week free trial period for my hosting. It seems this is getting abused now and with no conversions. Most do not bother to verify their email address and I think the sign up is spam related.
As an added step before a free hosting period is provisioned it would be useful to insist that the email must be verified to cut down on fake signups. I cannot see an option for this currently.

Can this please be introduced.

20 Comments

Login to post a comment.

sitesme commented 2 hours ago
I don't quite understand this. If there is a hook created by WHMCS team: https://whmcs.community/topic/339228-prevent-orders-from-clients-with-an-unverified-e-mail-address/ - why not implement this natively as a simple checkbox in the admin area?
David Roe commented 2 weeks ago
Fake spam accounts have become a massive problem and they are getting around the recaptcha option. I think a common sense feature like this should be integral to WHMCS instead of having to constantly update Google recaptcha.
hsojhsoj commented 2 weeks ago
50 fake signups yesterday, and 50 today, and each one has to be deleted manually, so painful.
sahostking commented 1 month ago
lets see if they take this seriously. They keep monitoring votes on a feature request instead of also looking at "importance".
Audrey Kinlok commented 2 months ago
We are getting 30 bot signups per day, many with fake email addresses. I cannot see why this has not been implemented.
Richard Osborne commented 16th July
Currently we are dealing with between 10 and 30 fake signups per day. Restricting access to the client area before email verification would really help.
Valentin Scerbacov commented 18th June
Absolutely MUST be implemented!!!
Mr. P commented 4th April 23
Its been 3 years now and this feature is not yet implemented. However whmcs team is busy adding NordVPN and stuffs which no one requested.
Official Response
WHMCS commented 3rd June 23
Hi Mr. P,
With an average of just 10 votes each year, this request hasn't garnered as much support as some other suggestions. The higher trending requests are more likely to be considered first. Please do keep advocating for this suggestion and we can potentially consider it in future.
Official Response
WHMCS commented 19th August 21
Hi all,
Thanks for this suggestion and your votes and comments. Please do keep supporting it!

In the meantime domain registration and module creation functions can be aborted based upon custom conditions which you can specify using these action hook points:

- https://developers.whmcs.com/hooks-reference/domain/#preregistrarregisterdomain
- https://developers.whmcs.com/hooks-reference/module/#premodulecreate

You could write some PHP to review the client's isEmailAddressVerified() value within the Client Class: https://classdocs.whmcs.com/8.1/WHMCS/User/Client.html#method_isEmailAddressVerified
And if it evaluates to false, return the appropriate abort response to prevent the action.
Kamil Porembiński commented 20th August 21
So all official modules from WHMCS will be using this Hooks? Because problem is with WHMCS modules only.
Kamil Porembiński commented 28th June 21
This should be a standard, because WHMCS is not GPDR ready.
Heiko commented 16th March 20
Agree with this.
Will add an additional security layer and prevent dummy email addresses.
We encounter clients create dummy email addresses which causes unnecessary admin tasks.
Thibaut Robert commented 19th October 18
It's really important to implant this fonctionnality.
Michael Koontz commented 3rd October 18
This would definitely cut down on spam registrations! Please consider implementing this!
Jonathon Lucas commented 20th September 18
Don't know why this wasn't added when they added the basic email verification - this would prevent a lot of SPAM orders and shouldn't be a lot of work.
David H commented 14th September 18
I have again had another run of registrations with emails that do not exist. One even an attempt at a paid service that failed at the checkout card capture.

Any update on this please?