WordPress email verification
Verify emails on WordPress forms
Drop a small functions.php hook that calls Verifly with wp_remote_get and rejects undeliverable, disposable, and role addresses on WPForms, Contact Form 7, and native WordPress user registration.
$res = wp_remote_get(
add_query_arg( 'email', rawurlencode( $email ), 'https://verifly.email/api/v1/verify' ),
array( 'headers' => array( 'Authorization' => 'Bearer ' . VERIFLY_API_KEY ) )
);
$data = json_decode( wp_remote_retrieve_body( $res ), true );
// $data['result'] === 'undeliverable'Real-time SMTP mailbox checks
Single, batch, and async bulk verification
Disposable, role account, and catch-all detection
Pay-as-you-go credits with no subscription lock-in
Search fit
Built for WordPress email verification
Use Verifly when you need a simple API, predictable pricing, and clean JSON results before emails hit your product, CRM, or campaign tool.
Why WordPress accepts emails that bounce
WordPress core and every popular form plugin validate email with is_email(), which only checks that the string looks like an address. Nothing in the stack confirms the mailbox exists. So a spam bot or a mistyped signup sails through registration, WPForms, or Contact Form 7, and the confirmation, notification, or newsletter you send hard-bounces.
For membership sites and lead-gen forms this is a real cost: junk user accounts, unreachable leads sitting in your CRM, and a sending domain whose reputation slips every time a bounce lands. Disposable and role addresses (info@, admin@, sales@) are especially common on public WordPress forms and are exactly what you want to filter at submission time.
Verifly runs a live SMTP mailbox check and returns a deliverable / undeliverable / risky verdict with disposable, role, and catch-all flags. Since WordPress ships wp_remote_get, you can call Verifly from a single functions.php hook — no build step, no external SDK.
Add a reusable verification helper in functions.php
- Grab a free Verifly key at verifly.email/api/v1/autonomous/register — 100 credits, no card, no captcha.
- Define the key once (in wp-config.php as a constant so it stays out of your theme files).
- Add a helper that calls Verifly with wp_remote_get and returns true only when the address is safe to accept.
- Hook the helper into whichever form you use: registration_errors for native signup, wpforms_process for WPForms, or wpcf7_validate_email* for Contact Form 7.
- Fail open on a request error so a verifier outage never breaks your forms.
// wp-config.php
define( 'VERIFLY_API_KEY', 'vf_your_api_key' );
// functions.php
function verifly_is_deliverable( $email ) {
$res = wp_remote_get(
add_query_arg( 'email', rawurlencode( $email ), 'https://verifly.email/api/v1/verify' ),
array(
'timeout' => 15,
'headers' => array( 'Authorization' => 'Bearer ' . VERIFLY_API_KEY ),
)
);
if ( is_wp_error( $res ) ) {
return true; // fail open on a verifier outage
}
$data = json_decode( wp_remote_retrieve_body( $res ), true );
if ( ! is_array( $data ) ) {
return true;
}
return ! ( 'undeliverable' === ( $data['result'] ?? '' ) || ! empty( $data['disposable'] ) );
}Gate registration and form plugins
With the helper in place, blocking a bad address is one hook per form. The registration_errors filter stops WordPress from creating the user. For WPForms and Contact Form 7 the pattern is the same idea — add a field error so the submission is refused and the visitor is asked for a real address.
// Native WordPress registration
add_filter( 'registration_errors', function ( $errors, $login, $email ) {
if ( $email && ! verifly_is_deliverable( $email ) ) {
$errors->add( 'verifly_email', 'Please use a real, deliverable email address.' );
}
return $errors;
}, 10, 3 );
// WPForms (validate the email field)
add_action( 'wpforms_process', function ( $fields, $entry, $form_data ) {
foreach ( $fields as $id => $field ) {
if ( 'email' === $field['type'] && ! verifly_is_deliverable( $field['value'] ) ) {
wpforms()->process->errors[ $form_data['id'] ][ $id ] = 'Undeliverable email address.';
}
}
}, 10, 3 );
// Contact Form 7
add_filter( 'wpcf7_validate_email*', function ( $result, $tag ) {
$email = isset( $_POST[ $tag->name ] ) ? sanitize_email( wp_unslash( $_POST[ $tag->name ] ) ) : '';
if ( $email && ! verifly_is_deliverable( $email ) ) {
$result->invalidate( $tag, 'Please enter a real, deliverable email address.' );
}
return $result;
}, 20, 2 );FAQ
Frequently asked questions
Do I need a plugin to use Verifly on WordPress?
No. WordPress already includes wp_remote_get, so a short helper in functions.php (or a small custom plugin if you prefer) is all you need. There is no external SDK, build step, or dependency to install.
Which forms can I gate this way?
Any form that exposes a validation hook. The examples cover native user registration, WPForms, and Contact Form 7, but the same verifly_is_deliverable() helper works with Gravity Forms, Ninja Forms, or WooCommerce checkout using each plugin's own validation filter.
Will a Verifly outage break my forms?
No. The helper fails open: on a WP_Error or an unparseable body it returns true, so submissions still go through. You can tighten that to fail-closed if a verified email is mandatory for your site.
Does it block disposable and role addresses?
Yes. Each response carries disposable, role, and catch-all flags alongside the deliverability verdict, so you can refuse throwaway domains and generic role@ addresses in the same helper — the example already rejects disposable.
How do I clean the users I already have?
Export your existing user emails and send them to POST /verify/batch, then act on the undeliverable rows. Verifly's async bulk pipeline handles large exports in a single job, so a big membership site clears in one pass.
What does it cost for a WordPress site?
Pricing is pay-as-you-go from $2 per 1,000 checks down to $0.60 per 1,000 at volume, with 100 free credits to start and no monthly minimum, so a low-traffic site pays only for real submissions.