How to set up User email verification after Signup?

You know how all these websites send out links to their new users for them to verify their Email address? I'm trying to set up something like this but after some research I still haven't found a good explanation on how to implement this.

I'm open for plugin recommendations, however most of the plugins I found have a ton of other features that I don't really need.

Without using a plugin, how would I go about adding this to my code?

My approach would be to add a 'Email not verified' attribute to the user meta after signup and send out an email with some kind of verification key to the user. How can I verify if the user actually clicked on that link though?

Thanks for any advice

Answers 1

  • You can use user_register hook

    add_action( 'user_register', 'my_registration', 10, 2 );
    function my_registration( $user_id ) {
        // get user data
        $user_info = get_userdata($user_id);
        // create md5 code to verify later
        $code = md5(time());
        // make it into a code to send it to user via email
        $string = array('id'=>$user_id, 'code'=>$code);
        // create the activation code and activation status
        update_user_meta($user_id, 'account_activated', 0);
        update_user_meta($user_id, 'activation_code', $code);
        // create the url
        $url = get_site_url(). '/my-account/?act=' .base64_encode( serialize($string));
        // basically we will edit here to make this nicer
        $html = 'Please click the following links <br/><br/> <a href="'.$url.'">'.$url.'</a>';
        // send an email out to user
        wp_mail( $user_info->user_email, __('Email Subject','text-domain') , $html);

    You can check for $_GET['act'] and then activate if that's a valid key by updating the meta value account_activated. You can use wp_authenticate_user hook to verify activation status every time when user tries to login.

    Snippet to validate:

    add_action( 'init', 'verify_user_code' );
    function verify_user_code(){
            $data = unserialize(base64_decode($_GET['act']));
            $code = get_user_meta($data['id'], 'activation_code', true);
            // verify whether the code given is the same as ours
            if($code == $data['code']){
                // update the user meta
                update_user_meta($data['id'], 'is_activated', 1);
                wc_add_notice( __( '<strong>Success:</strong> Your account has been activated! ', 'text-domain' )  );

Related Questions