I have set up the registration form using this chunk of code:
wp_create_user($username, $password, $email);
Note that i have did all kinds of validation before use this code. The registration is working fine now. But it register and activate the user account immediately after the form get submitted.
What i want is confirming the email of a user before they can use the account. User have to check there email account and click the confirmation link and user account get registered/active.
I had to implement this for a client site and ended up creating my own system.
I hash the email and date created timestamp and store it as a key in usermeta, then i email that key to the user’s email in the form of a link. The link points to a page where I’ve created a rewrite rule and added my own query var so I can make nice
site.com/authorize/{key}
links.When they click through the link, I look up the matching user with that key and delete the key so they can now log in. I actually also log them in right there with wp_signon and use wp_redirect to send them to a welcome page.
On my custom login form I check if the key has been deleted for a user before letting them log in.
There may be a plugin to enable this same process, or perhaps some of it can be achieved via hooks where I’ve just rewritten it, I’m not sure, I didn’t explore doing it that way because of additional unique requirements for this particular project.