How can we improve WHMCS?

Share, discuss and vote for what you would like to see added to WHMCS

Force email verification before account provisioning



I run a two week free trial period for my hosting. It seems this is getting abused now and with no conversions. Most do not bother to verify their email address and I think the sign up is spam related.
As an added step before a free hosting period is provisioned it would be useful to insist that the email must be verified to cut down on fake signups. I cannot see an option for this currently.

Can this please be introduced.

20 Comments

Login to post a comment.

I don't quite understand this. If there is a hook created by WHMCS team: https://whmcs.community/topic/339228-prevent-orders-from-clients-with-an-unverified-e-mail-address/ - why not implement this natively as a simple checkbox in the admin area?
Fake spam accounts have become a massive problem and they are getting around the recaptcha option. I think a common sense feature like this should be integral to WHMCS instead of having to constantly update Google recaptcha.
50 fake signups yesterday, and 50 today, and each one has to be deleted manually, so painful.
lets see if they take this seriously. They keep monitoring votes on a feature request instead of also looking at "importance".
We are getting 30 bot signups per day, many with fake email addresses. I cannot see why this has not been implemented.
Currently we are dealing with between 10 and 30 fake signups per day. Restricting access to the client area before email verification would really help.
Absolutely MUST be implemented!!!
Its been 3 years now and this feature is not yet implemented. However whmcs team is busy adding NordVPN and stuffs which no one requested.
Hi Mr. P,
With an average of just 10 votes each year, this request hasn't garnered as much support as some other suggestions. The higher trending requests are more likely to be considered first. Please do keep advocating for this suggestion and we can potentially consider it in future.
Hi all,
Thanks for this suggestion and your votes and comments. Please do keep supporting it!

In the meantime domain registration and module creation functions can be aborted based upon custom conditions which you can specify using these action hook points:

- https://developers.whmcs.com/hooks-reference/domain/#preregistrarregisterdomain
- https://developers.whmcs.com/hooks-reference/module/#premodulecreate

You could write some PHP to review the client's isEmailAddressVerified() value within the Client Class: https://classdocs.whmcs.com/8.1/WHMCS/User/Client.html#method_isEmailAddressVerified
And if it evaluates to false, return the appropriate abort response to prevent the action.
So all official modules from WHMCS will be using this Hooks? Because problem is with WHMCS modules only.
This should be a standard, because WHMCS is not GPDR ready.
Agree with this.
Will add an additional security layer and prevent dummy email addresses.
We encounter clients create dummy email addresses which causes unnecessary admin tasks.
It's really important to implant this fonctionnality.
This would definitely cut down on spam registrations! Please consider implementing this!
Don't know why this wasn't added when they added the basic email verification - this would prevent a lot of SPAM orders and shouldn't be a lot of work.
I have again had another run of registrations with emails that do not exist. One even an attempt at a paid service that failed at the checkout card capture.

Any update on this please?