How to Control Your WordPress Admin Email Verification Notice

by

If you oversee a network of WordPress sites, you should take note of the admin email verification introduced in WordPress 5.3. How does it work and how can we customize it for our specific needs? We’ll take a look in this post.

You’ll now be periodically asked to confirm that your admin email address is up to date when you log in as an administrator. This reduces the chance of getting locked out of your site if you change your email address.

From About WordPress 5.3
Screenshot of admin email verification during WordPress login

How It Works

Admin email verification is a great feature that will help keep WordPress sites secure. By default, every six months, once the previous verification lifespan has expired, the first user (with the manage_options capability) to login will see the administration email verification screen. They can then choose to either:

  1. confirm the email as valid,
  2. update the email (via General Settings on the site),
  3. defer the verification by three days, or
  4. take no action and return to the site.

While this verification check is very useful toward ensuring the site’s admin email remains accurate and up to date, it can also be a nuisance for users who may not be ultimately responsible for site management. As an agency or network administrator, you may have good reason to disable or conditionally show this verification screen. Here are few options for enhanced control over this WordPress feature.

Customizing the Verification

Fully Disable Admin Email Verification

If you would like to completely bypass this security feature of WordPress, this snippet will suffice.

// Disable administration email verification
add_filter( 'admin_email_check_interval', '__return_false' );

Restrict Admin Email Verification to Specific User(s)

It may be that you want to benefit from periodic admin email verification, but that you want to restrict the verification capability to a specific subset of administrative users. This should be especially useful to those who have administrative oversight for a network of sites. This snippet will hide the admin verification screen from all users except those which are identified by username.

// Restrict users allowed to verify administration email
add_filter( 'admin_email_check_interval', function( $interval ) {
   if ( in_array( $_POST['log'], array( '{{username}}' ) ) ) {
      return false;
   } else {
      return $interval;
   }
} );

Be sure to replace {{username}} with the specific user who should be presented with email verification. Additional users can be specified by adding array elements. Users specified here will still need to have the manage_options capability.

This—along with a custom lifespan—is what I will likely deploy to the network of sites I maintain via MainWP.

Change Frequency of Admin Email Verification Check

As mentioned, WordPress will request re-verification of your email every six months. You can change the frequency of this check (i.e. the lifespan of your admin email) by using the following snippet.

// Set the frequency with which WordPress requests administration email verification
add_filter( 'admin_email_check_interval', function( $interval ) {
   return YEAR_IN_SECONDS;
} );

Reset Admin Email Lifespan When Saving General Settings

WordPress only resets the lifespan of your admin email once someone has taken an appropriate action on the verification screen. The following snippet will also reset the lifespan of your admin email when any user has Saved Changes on the General Settings of your site.

General Settings is where the Administration Email Address option resides.

// Reset admin email lifespan when saving General Settings
add_action( 'load-options.php', function() {
   add_action( 'admin_action_update', function() {
      if ( strpos( wp_get_referer(), 'options-general.php' ) !== false ) {
         $admin_email_check_interval = (int) apply_filters( 'admin_email_check_interval', 6 * MONTH_IN_SECONDS );
         update_option( 'admin_email_lifespan', time() + $admin_email_check_interval );
      }
   });
});

A Few Final Thoughts

I really appreciate that WordPress developers continue to keep security in mind as they build out new features. It’s also great that we can retain control and customize our sites as needed. I hope you find these code snippets useful. Deploy them wisely.

If you’re interested in other ways to customize WordPress or the tools surrounding it, I have these and other snippets available at snippet.farm. Thanks for reading!

Everyone has their thing. Ours is domain names.