WordPress email verification

Verify emails on WordPress forms

Drop a small functions.php hook that calls Verifly with wp_remote_get and rejects undeliverable, disposable, and role addresses on WPForms, Contact Form 7, and native WordPress user registration.

Verify an email with wp_remote_getAPI
$res = wp_remote_get(
    add_query_arg( 'email', rawurlencode( $email ), 'https://verifly.email/api/v1/verify' ),
    array( 'headers' => array( 'Authorization' => 'Bearer ' . VERIFLY_API_KEY ) )
);
$data = json_decode( wp_remote_retrieve_body( $res ), true );
// $data['result'] === 'undeliverable'

Real-time SMTP mailbox checks

Single, batch, and async bulk verification

Disposable, role account, and catch-all detection

Pay-as-you-go credits with no subscription lock-in

Search fit

Built for WordPress email verification

Use Verifly when you need a simple API, predictable pricing, and clean JSON results before emails hit your product, CRM, or campaign tool.

Reject undeliverable emails on WordPress user registration
Gate WPForms submissions with a live mailbox check
Validate Contact Form 7 emails before the message sends
Strip disposable and role addresses from form leads

Why WordPress accepts emails that bounce

WordPress core and every popular form plugin validate email with is_email(), which only checks that the string looks like an address. Nothing in the stack confirms the mailbox exists. So a spam bot or a mistyped signup sails through registration, WPForms, or Contact Form 7, and the confirmation, notification, or newsletter you send hard-bounces.

For membership sites and lead-gen forms this is a real cost: junk user accounts, unreachable leads sitting in your CRM, and a sending domain whose reputation slips every time a bounce lands. Disposable and role addresses (info@, admin@, sales@) are especially common on public WordPress forms and are exactly what you want to filter at submission time.

Verifly runs a live SMTP mailbox check and returns a deliverable / undeliverable / risky verdict with disposable, role, and catch-all flags. Since WordPress ships wp_remote_get, you can call Verifly from a single functions.php hook — no build step, no external SDK.

Add a reusable verification helper in functions.php

  1. Grab a free Verifly key at verifly.email/api/v1/autonomous/register — 100 credits, no card, no captcha.
  2. Define the key once (in wp-config.php as a constant so it stays out of your theme files).
  3. Add a helper that calls Verifly with wp_remote_get and returns true only when the address is safe to accept.
  4. Hook the helper into whichever form you use: registration_errors for native signup, wpforms_process for WPForms, or wpcf7_validate_email* for Contact Form 7.
  5. Fail open on a request error so a verifier outage never breaks your forms.
wp-config.php + functions.php helper
// wp-config.php
define( 'VERIFLY_API_KEY', 'vf_your_api_key' );

// functions.php
function verifly_is_deliverable( $email ) {
    $res = wp_remote_get(
        add_query_arg( 'email', rawurlencode( $email ), 'https://verifly.email/api/v1/verify' ),
        array(
            'timeout' => 15,
            'headers' => array( 'Authorization' => 'Bearer ' . VERIFLY_API_KEY ),
        )
    );

    if ( is_wp_error( $res ) ) {
        return true; // fail open on a verifier outage
    }

    $data = json_decode( wp_remote_retrieve_body( $res ), true );
    if ( ! is_array( $data ) ) {
        return true;
    }

    return ! ( 'undeliverable' === ( $data['result'] ?? '' ) || ! empty( $data['disposable'] ) );
}

Gate registration and form plugins

With the helper in place, blocking a bad address is one hook per form. The registration_errors filter stops WordPress from creating the user. For WPForms and Contact Form 7 the pattern is the same idea — add a field error so the submission is refused and the visitor is asked for a real address.

Native registration + WPForms + Contact Form 7
// Native WordPress registration
add_filter( 'registration_errors', function ( $errors, $login, $email ) {
    if ( $email && ! verifly_is_deliverable( $email ) ) {
        $errors->add( 'verifly_email', 'Please use a real, deliverable email address.' );
    }
    return $errors;
}, 10, 3 );

// WPForms (validate the email field)
add_action( 'wpforms_process', function ( $fields, $entry, $form_data ) {
    foreach ( $fields as $id => $field ) {
        if ( 'email' === $field['type'] && ! verifly_is_deliverable( $field['value'] ) ) {
            wpforms()->process->errors[ $form_data['id'] ][ $id ] = 'Undeliverable email address.';
        }
    }
}, 10, 3 );

// Contact Form 7
add_filter( 'wpcf7_validate_email*', function ( $result, $tag ) {
    $email = isset( $_POST[ $tag->name ] ) ? sanitize_email( wp_unslash( $_POST[ $tag->name ] ) ) : '';
    if ( $email && ! verifly_is_deliverable( $email ) ) {
        $result->invalidate( $tag, 'Please enter a real, deliverable email address.' );
    }
    return $result;
}, 20, 2 );

FAQ

Frequently asked questions

Do I need a plugin to use Verifly on WordPress?

No. WordPress already includes wp_remote_get, so a short helper in functions.php (or a small custom plugin if you prefer) is all you need. There is no external SDK, build step, or dependency to install.

Which forms can I gate this way?

Any form that exposes a validation hook. The examples cover native user registration, WPForms, and Contact Form 7, but the same verifly_is_deliverable() helper works with Gravity Forms, Ninja Forms, or WooCommerce checkout using each plugin's own validation filter.

Will a Verifly outage break my forms?

No. The helper fails open: on a WP_Error or an unparseable body it returns true, so submissions still go through. You can tighten that to fail-closed if a verified email is mandatory for your site.

Does it block disposable and role addresses?

Yes. Each response carries disposable, role, and catch-all flags alongside the deliverability verdict, so you can refuse throwaway domains and generic role@ addresses in the same helper — the example already rejects disposable.

How do I clean the users I already have?

Export your existing user emails and send them to POST /verify/batch, then act on the undeliverable rows. Verifly's async bulk pipeline handles large exports in a single job, so a big membership site clears in one pass.

What does it cost for a WordPress site?

Pricing is pay-as-you-go from $2 per 1,000 checks down to $0.60 per 1,000 at volume, with 100 free credits to start and no monthly minimum, so a low-traffic site pays only for real submissions.