We recently launched a new Ghost Pro blog and started using Members. Out of our first ~10 signups, we had 1 complaint that the subscribe button didn’t work and noticed another subscriber getting a ?/success=false message from Google Analytics.
It’s a very small sample but a 20% error rate was kind of concerning, so we contacted support. After some back and forth, it looks like the error was caused by a 10 minute expiry on the link in the confirmation email.
I realize there are security considerations when it comes to expiring confirmation links, but would it be possible to extend this window from 10 minutes to 4+ hours? I just feel like subscribers are likely to ignore the initial confirmation message after subscribing and not visit their inbox for hours before realizing they need to confirm.
Also, if a subscriber does miss the expiry window, it would be nice to show a meaningful error message saying their confirm link has expired and they need to resubscribe. Is it the responsibility of the theme to handle the messaging for these errors?
Expiration time of transactional emails can be changed in a core file of ghost:
Open /ghost/versions/3.22.1/node_modules/@tryghost/magic-link/index.js
Search for arguments expiresIn: '10m'(10 Minutes)
Formats are: 1m=1Minute / 1h=1Hour / 1d=1Day / 1y=1Year Expiration is mentioned 4 times in the file, you have to change all 4.
Restart ghost
important note: Updating Ghost, loads new core files, so you have to change expiration time after every ghost version update
Thanks for the help. Self-hosting is tempting. Having access to more config options could be worth it down the road. Ideally we’d like to go with a simpler Ghost hosted solution for the first year so we can focus more on content and building an audience.
I agree it’s a simple pro/con calculation.
DigitalOcean also offers a pre set up droplet with ghost.
That is fairly easy to maintain in the long run.
Set up a CDN like cloudflare infront and your good to go!
I ran into a few challenges when hosting previous versions of Ghost on DigitalOcean. These mostly were the result of trying to repurpose the software for a use case it wasn’t really designed for…so not really a Ghost or a DigitalOcean problem.
One of my motivations in not going that route is avoiding the temptation to hack. The minute we start self-hosting, I’ll just naturally look for things to tweak which I don’t really have time for currently.