Skip to main content
The Verilock WordPress plugin embeds identity verification into your WordPress site. Verify users during registration, restrict content to verified users, or require KYC at WooCommerce checkout for regulated products.

Prerequisites

  • WordPress 6.0 or later
  • PHP 8.1 or later
  • WooCommerce 8.0+ (for checkout verification)
  • Verilock Business or Enterprise plan

Installation

1

Install the Plugin

Download the plugin from the Verilock dashboard or search for Verilock Identity in the WordPress plugin directory.
# Or install via WP-CLI
wp plugin install verilock-identity --activate
2

Configure API Credentials

In WordPress admin, navigate to Settings > Verilock and enter:
  • API Key: Your Verilock API key
  • Webhook Secret: Your webhook signing secret
Click Verify Credentials to test the connection.
3

Configure Webhook Endpoint

The plugin automatically registers a webhook endpoint at:
https://yoursite.com/wp-json/verilock/v1/webhook
Copy this URL and add it as a webhook endpoint in your Verilock dashboard.
4

Choose Verification Triggers

Select when identity verification is required:
  • Registration: Verify new users after account creation
  • WooCommerce Checkout: Verify customers before order completion
  • Manual: Embed verification via shortcode

Verification Triggers

When enabled, new users are redirected to the Verilock hosted verification flow after registration. Their account remains in a pending_verification state until approved.
SettingDescriptionDefault
require_verificationBlock access until verifiedtrue
verification_profileProfile to use (basic/standard/enhanced)standard
redirect_afterURL to redirect to after verificationAccount page

Hosted Flow Embedding

The plugin embeds the Verilock hosted verification flow using either a modal overlay or a full-page redirect:
ModeDescription
ModalOverlay on the current page. Recommended for checkout flows.
RedirectFull-page redirect to Verilock. Recommended for registration.
Configure the mode in Settings > Verilock > Display Mode.

User Meta Fields

After verification, the plugin stores the result in WordPress user meta:
Meta KeyValue
verilock_statusapproved, declined, pending, expired
verilock_session_idSession ID (e.g., ses_a1b2c3d4e5f6)
verilock_verified_atISO 8601 timestamp
verilock_risk_scoreNumeric risk score (0-100)
Use these meta fields to conditionally display content or restrict access using WordPress role/capability checks or third-party membership plugins.

Webhook Processing

The plugin automatically processes the following webhook events:
EventPlugin Action
session.approvedSet user status to approved, grant verified role
session.declinedSet user status to declined, send notification email
session.expiredSet user status to expired, prompt re-verification
Ensure your WordPress site is accessible via HTTPS. Verilock will not deliver webhooks to HTTP endpoints.

Troubleshooting

Verify the webhook URL is reachable from the internet. Check that no security plugin (Wordfence, Sucuri) is blocking the /wp-json/verilock/v1/webhook endpoint. Allowlist Verilock IPs if necessary.
Verify the product categories are correctly mapped in Settings > Verilock > WooCommerce. Check that the order total meets the configured threshold.