Email Verification Bypass
Email Verification Bypass allows Google sign-in users to skip the email verification step required by email verification plugins. Since Google already verifies email ownership, double verification is unnecessary.
PRO Feature
Email Verification Bypass is a PRO feature. Upgrade to PRO to unlock this functionality.
The Problem
Some WooCommerce stores use email verification plugins:
- Prevent fake registrations
- Verify customer emails
- Reduce fraud
But for Google users:
- Google already verified their email
- Double verification is redundant
- Creates unnecessary friction
The Solution
Email Verification Bypass:
- Detects supported verification plugins
- Auto-verifies Google sign-in users
- Skips verification email
- Seamless user experience
Supported Plugins
OneTap Login integrates with 3 popular email verification plugins:
1. Email Verification for WooCommerce (WPFactory/Algoritmika)
Plugin: Email Verification for WooCommerce
Detection: alg_wc_ev functions
Bypass method: Sets user as verified in plugin meta
2. Customer Email Verification (WebToffee/Tyche)
Plugin: Customer Email Verification
Detection: wt_email_verification functions
Bypass method: Marks email as verified
3. WooCommerce Email Verification (Codeixer)
Plugin: WooCommerce Email Verification
Detection: codeixer_ev functions
Bypass method: Updates verification status
Configuration
Enable Bypass
- Go to Settings > OneTap Login
- Click Users tab (or Integrations)
- Enable Bypass email verification for Google users
- Save Changes
Settings
| Setting | Description |
|---|---|
| Enable bypass | Toggle feature on/off |
| Auto-detect plugins | Automatically detect installed plugins |
| Specific plugin | Select specific plugin if multiple |
How It Works
Detection Flow
User registers via Google
↓
OneTap checks for verification plugins
↓
Plugin found → Mark user as verified
↓
No plugin → Normal registration
↓
User account ready immediately
Technical Implementation
// Simplified example
if ($is_google_registration) {
// WPFactory plugin
if (function_exists('alg_wc_ev_is_user_verified')) {
update_user_meta($user_id, 'alg_wc_ev_is_activated', '1');
}
// WebToffee plugin
if (class_exists('Wt_Email_Verify')) {
update_user_meta($user_id, 'wt_email_verified', 'yes');
}
// Codeixer plugin
if (function_exists('codeixer_ev_is_verified')) {
update_user_meta($user_id, '_codeixer_email_verified', 'true');
}
}
User Experience
Without Bypass
1. User clicks Google sign-in
2. Account created
3. "Please verify your email" message
4. Verification email sent
5. User clicks link in email
6. Account verified
7. User can now use account
Steps: 7 | Time: 2-5 minutes
With Bypass
1. User clicks Google sign-in
2. Account created and verified
3. User can immediately use account
Steps: 3 | Time: 3 seconds
Why It's Safe
Google's Verification
Google verifies email ownership when:
- Account created
- Email added to account
- Periodic re-verification
Google email = verified email.
No Spoofing Risk
Users can't fake Google authentication:
- OAuth2 flow requires Google account
- JWT token contains verified email
- Plugin validates token with Google
Audit Trail
OneTap logs bypass events:
- User ID
- Timestamp
- Verification plugin bypassed
Compatibility
Plugin Status
| Plugin | Tested | Bypass Works |
|---|---|---|
| WPFactory Email Verification | v2.x | Yes |
| WebToffee Email Verification | v1.x | Yes |
| Codeixer Email Verification | v1.x | Yes |
Other Verification Plugins
For unsupported plugins:
- May still require verification
- Contact support for integration
- Can use hooks to extend
Hooks for Developers
Add Custom Plugin Support
add_action('onetap_google_user_registered', function($user_id) {
// Custom verification plugin bypass
if (function_exists('my_verification_plugin')) {
update_user_meta($user_id, '_my_plugin_verified', 'yes');
}
});
Conditionally Bypass
add_filter('onetap_should_bypass_verification', function($bypass, $user_id) {
// Don't bypass for certain domains
$user = get_user_by('id', $user_id);
if (str_ends_with($user->user_email, '@suspicious-domain.com')) {
return false;
}
return $bypass;
}, 10, 2);
Log Bypass Events
add_action('onetap_verification_bypassed', function($user_id, $plugin_name) {
error_log("User {$user_id} bypassed verification for {$plugin_name}");
}, 10, 2);
Troubleshooting
Bypass Not Working
Causes:
- Feature disabled
- Plugin not detected
- Plugin version incompatible
- Registration not via Google
Solutions:
- Enable in settings
- Verify plugin is active
- Update plugins
- Check registration method
User Still Asked to Verify
Causes:
- Existing user (not new registration)
- Different verification plugin
- Plugin settings override
Solutions:
- Bypass is for new registrations only
- Check which plugin is installed
- Review verification plugin settings
Wrong Plugin Detected
Causes:
- Multiple plugins installed
- Detection order
- Plugin conflicts
Solutions:
- Use only one verification plugin
- Specify plugin in settings
- Deactivate unused plugins
Security Considerations
When to Use Bypass
Recommended:
- Standard e-commerce stores
- Sites prioritizing conversion
- When Google auth is trusted
Consider carefully:
- High-risk transactions
- Regulated industries
- When additional verification needed
When NOT to Use
- You have specific verification requirements
- Regulatory compliance requires email verification
- Multi-factor authentication is needed
Manual Verification Option
Even with bypass enabled, admins can:
- Manually require verification for specific users
- Override bypass status
- Re-verify if needed
Metrics
Track the impact:
| Metric | Without Bypass | With Bypass |
|---|---|---|
| Registration completion | ~70% | ~95% |
| Time to first login | 3-10 min | Instant |
| Support tickets | Higher | Lower |
Best Practices
Do's
- Enable for standard stores
- Test with new registrations
- Monitor for issues
- Keep plugins updated
Don'ts
- Don't disable verification plugin entirely
- Don't assume all email plugins supported
- Don't bypass for non-Google users
Next Steps
- Auto Registration - User creation
- Account Linking - Existing users
- Security Overview - Security measures