diff --git a/app/middleware/coming-soon.global.js b/app/middleware/coming-soon.global.js
index 11dc3cc..c1ee747 100644
--- a/app/middleware/coming-soon.global.js
+++ b/app/middleware/coming-soon.global.js
@@ -12,6 +12,10 @@ export default defineNuxtRouteMiddleware(async (to, from) => {
   if (
     to.path === "/coming-soon" ||
     to.path === "/auth/wiki-login" ||
+    to.path === "/auth/oidc-error" ||
+    to.path === "/auth/logout-confirm" ||
+    to.path === "/auth/logout-success" ||
+    to.path === "/verify" ||
     to.path.startsWith("/admin")
   ) {
     return;
diff --git a/app/pages/auth/wiki-login.vue b/app/pages/auth/wiki-login.vue
index a135fa2..2ce8dbf 100644
--- a/app/pages/auth/wiki-login.vue
+++ b/app/pages/auth/wiki-login.vue
@@ -8,6 +8,7 @@ const uid = route.query.uid as string;
 
 const email = ref("");
 const sent = ref(false);
+const notRegistered = ref(false);
 const loading = ref(false);
 const error = ref("");
 
@@ -15,13 +16,21 @@ async function sendMagicLink() {
   if (!email.value || !uid) return;
   loading.value = true;
   error.value = "";
+  notRegistered.value = false;
 
   try {
-    await $fetch("/oidc/interaction/login", {
-      method: "POST",
-      body: { email: email.value, uid },
-    });
-    sent.value = true;
+    const response = await $fetch<{ success: boolean; registered: boolean }>(
+      "/oidc/interaction/login",
+      {
+        method: "POST",
+        body: { email: email.value, uid },
+      }
+    );
+    if (response.registered === false) {
+      notRegistered.value = true;
+    } else {
+      sent.value = true;
+    }
   } catch (e: any) {
     error.value =
       e?.data?.statusMessage || "Something went wrong. Please try again.";
@@ -29,6 +38,12 @@ async function sendMagicLink() {
     loading.value = false;
   }
 }
+
+function resetForm() {
+  sent.value = false;
+  notRegistered.value = false;
+  email.value = "";
+}
 </script>
 
 <template>
@@ -39,11 +54,11 @@ async function sendMagicLink() {
         <h1 class="wiki-login-title">Wiki</h1>
       </header>
 
-      <hr class="section-divider" />
+      <hr class="section-divider" >
 
       <Transition name="wiki-fade" mode="out-in">
         <form
-          v-if="!sent"
+          v-if="!sent && !notRegistered"
           key="form"
           class="wiki-login-form"
           @submit.prevent="sendMagicLink"
@@ -58,7 +73,7 @@ async function sendMagicLink() {
               autocomplete="email"
               placeholder="you@example.com"
               :disabled="loading"
-            />
+            >
           </div>
 
           <p
@@ -89,7 +104,7 @@ async function sendMagicLink() {
         </form>
 
         <div
-          v-else
+          v-else-if="sent"
           key="sent"
           class="wiki-login-sent"
           role="status"
@@ -99,13 +114,35 @@ async function sendMagicLink() {
           <p class="wiki-login-sent-detail">
             A sign-in link was sent to <strong>{{ email }}</strong>
           </p>
-          <button
-            class="wiki-login-reset"
-            @click="
-              sent = false;
-              email = '';
-            "
-          >
+          <button class="wiki-login-reset" @click="resetForm">
+            Try a different email
+          </button>
+        </div>
+
+        <div
+          v-else
+          key="not-registered"
+          class="wiki-login-sent"
+          role="status"
+          aria-live="polite"
+        >
+          <h2 class="wiki-login-sent-heading">Not a member yet</h2>
+          <p class="wiki-login-sent-detail">
+            <strong>{{ email }}</strong> isn't registered as a Ghost Guild
+            member. If you've pre-registered, an admin needs to invite you
+            before you can sign in.
+          </p>
+          <p class="wiki-login-sent-detail">
+            <a href="https://babyghosts.org/ghost-guild/" class="wiki-login-link"
+              >Pre-register at Baby Ghosts</a
+            >
+            or email
+            <a href="mailto:hello@babyghosts.org" class="wiki-login-link"
+              >hello@babyghosts.org</a
+            >
+            if you think this is a mistake.
+          </p>
+          <button class="wiki-login-reset" @click="resetForm">
             Try a different email
           </button>
         </div>
@@ -220,6 +257,16 @@ async function sendMagicLink() {
   font-weight: 600;
 }
 
+.wiki-login-link {
+  color: var(--candle);
+  text-decoration: underline;
+  text-underline-offset: 2px;
+}
+
+.wiki-login-link:hover {
+  color: var(--candle-dim);
+}
+
 .wiki-login-reset {
   font-family: "Commit Mono", monospace;
   font-size: 12px;
diff --git a/server/routes/oidc/interaction/login.post.ts b/server/routes/oidc/interaction/login.post.ts
index bfa6b5b..a9dd894 100644
--- a/server/routes/oidc/interaction/login.post.ts
+++ b/server/routes/oidc/interaction/login.post.ts
@@ -28,12 +28,9 @@ export default defineEventHandler(async (event) => {
     });
   }
 
-  const GENERIC_MESSAGE =
-    "If this email is registered, we've sent a login link.";
-
   const member = await (Member as any).findOne({ email });
   if (!member) {
-    return { success: true, message: GENERIC_MESSAGE };
+    return { success: true, registered: false };
   }
 
   const config = useRuntimeConfig(event);
@@ -62,7 +59,7 @@ ${baseUrl}/oidc/interaction/verify?token=${token}
 This link expires in 15 minutes. If you didn't request this, you can safely ignore this email.`,
     });
 
-    return { success: true, message: GENERIC_MESSAGE };
+    return { success: true, registered: true };
   } catch (error) {
     console.error("Failed to send OIDC login email:", error);
     throw createError({
diff --git a/server/utils/oidc-provider.ts b/server/utils/oidc-provider.ts
index 71af11b..25edceb 100644
--- a/server/utils/oidc-provider.ts
+++ b/server/utils/oidc-provider.ts
@@ -81,7 +81,7 @@ export async function getOidcProvider() {
       AuthorizationCode: 600, // 10 minutes
       RefreshToken: 14 * 24 * 60 * 60, // 14 days
       Session: 14 * 24 * 60 * 60, // 14 days
-      Interaction: 600, // 10 minutes
+      Interaction: 900, // 15 minutes — must match magic-link JWT TTL so the interaction outlives the token
       Grant: 14 * 24 * 60 * 60, // 14 days
     },