Effective user management is critical for WooCommerce stores to maintain security, operational efficiency, and customer satisfaction. This guide covers WooCommerce-specific user management including store roles, customer accounts, and programmatic user control using WooCommerce hooks and functions.
WooCommerce User Architecture
WooCommerce extends WordPress's user system with eCommerce-specific roles and customer data management:
Key Components
- WordPress Users - Core authentication and authorization
- WooCommerce Roles - Store-specific capabilities (Shop Manager, Customer)
- Customer Data - Stored via WC_Customer class and meta tables
- Order History - Linked to customer accounts
- Subscriptions - Recurring customer relationships (if using WooCommerce Subscriptions)
WooCommerce User Types
| User Type | Access Level | Primary Use Case |
|---|---|---|
| Administrator | Full WordPress + WooCommerce control | Store owner, technical lead |
| Shop Manager | WooCommerce operations only | Daily store management |
| Customer | Front-end purchasing | All shoppers |
| Subscriber | No WooCommerce access | Blog readers, newsletter |
| Custom Roles | Defined capabilities | Inventory, fulfillment, marketing |
Managing Store Staff
Adding Shop Managers
Shop Managers can handle daily operations without WordPress core access:
// Create shop manager programmatically
function create_woocommerce_shop_manager($email, $username, $first_name, $last_name) {
// Check if user exists
if (email_exists($email)) {
return new WP_Error('email_exists', 'Email already registered');
}
// Generate secure password
$password = wp_generate_password(16, true, true);
// Create user
$user_id = wp_create_user($username, $password, $email);
if (is_wp_error($user_id)) {
return $user_id;
}
// Set as shop manager
wp_update_user(array(
'ID' => $user_id,
'first_name' => $first_name,
'last_name' => $last_name,
'role' => 'shop_manager'
));
// Send welcome email
wp_new_user_notification($user_id, null, 'user');
return $user_id;
}
Using WooCommerce Hooks for User Management
// Hook into new customer registration
add_action('woocommerce_created_customer', 'track_new_customer_registration', 10, 3);
function track_new_customer_registration($customer_id, $new_customer_data, $password_generated) {
// Set custom meta for new customers
update_user_meta($customer_id, '_registered_via', 'checkout');
update_user_meta($customer_id, '_registration_date', current_time('mysql'));
update_user_meta($customer_id, '_is_new_customer', 'yes');
// Track in analytics
if (function_exists('gtag')) {
?>
<script>
gtag('event', 'sign_up', {
'method': 'woocommerce_checkout'
});
</script>
<?php
}
}
// Track customer login
add_action('wp_login', 'track_woocommerce_customer_login', 10, 2);
function track_woocommerce_customer_login($user_login, $user) {
// Only track customers, not admins
if (in_array('customer', $user->roles)) {
update_user_meta($user->ID, 'last_login', current_time('mysql'));
// Get customer data via WC_Customer
$customer = new WC_Customer($user->ID);
$total_spent = $customer->get_total_spent();
$order_count = $customer->get_order_count();
// Track returning customers
if ($order_count > 0) {
update_user_meta($user->ID, '_customer_type', 'returning');
}
}
}
Customer Account Management
Using the WC_Customer Class
The WC_Customer class provides programmatic access to customer data:
// Get customer object
$customer = new WC_Customer(get_current_user_id());
// Get customer data
$email = $customer->get_email();
$first_name = $customer->get_first_name();
$last_name = $customer->get_last_name();
$billing_address = $customer->get_billing_address();
$shipping_address = $customer->get_shipping_address();
// Get customer metrics
$total_spent = $customer->get_total_spent();
$order_count = $customer->get_order_count();
$avatar_url = $customer->get_avatar_url();
// Check customer status
$is_paying_customer = $customer->get_is_paying_customer();
$date_created = $customer->get_date_created();
$date_modified = $customer->get_date_modified();
// Update customer data
$customer->set_billing_email('newemail@example.com');
$customer->set_billing_phone('555-1234');
$customer->save(); // Save changes
Customer Segmentation by Value
// Segment customers by lifetime value
function get_customer_segment($customer_id) {
$customer = new WC_Customer($customer_id);
$total_spent = $customer->get_total_spent();
$order_count = $customer->get_order_count();
if ($total_spent > 1000 && $order_count > 5) {
return 'vip';
} elseif ($total_spent > 500 || $order_count > 3) {
return 'loyal';
} elseif ($order_count > 0) {
return 'customer';
} else {
return 'prospect';
}
}
// Apply segment-based pricing
add_filter('woocommerce_product_get_price', 'apply_segment_pricing', 10, 2);
function apply_segment_pricing($price, $product) {
if (!is_user_logged_in()) {
return $price;
}
$segment = get_customer_segment(get_current_user_id());
switch ($segment) {
case 'vip':
return $price * 0.85; // 15% discount
case 'loyal':
return $price * 0.90; // 10% discount
default:
return $price;
}
}
Managing Customer Sessions
WooCommerce manages customer sessions for cart persistence:
// Get current customer session
$session = WC()->session;
// Get session data
$cart_hash = $session->get('cart_hash');
$customer_id = $session->get('customer_id');
// Set session data
$session->set('custom_data', 'value');
// Clear customer session
$session->destroy_session();
// Check if session is set
if ($session->has_session()) {
// Session exists
}
WooCommerce-Specific Hooks
User Registration Hooks
// Before customer is created
add_action('woocommerce_register_post', 'validate_custom_registration_fields', 10, 3);
function validate_custom_registration_fields($username, $email, $errors) {
// Custom validation
if (!isset($_POST['terms_accepted'])) {
$errors->add('terms_required', 'You must accept the terms and conditions');
}
}
// After customer is created
add_action('woocommerce_created_customer', 'assign_customer_to_group', 10, 1);
function assign_customer_to_group($customer_id) {
// Assign to default customer group
update_user_meta($customer_id, '_customer_group', 'retail');
update_user_meta($customer_id, '_loyalty_points', 0);
}
Account Update Hooks
// When customer updates account details
add_action('woocommerce_save_account_details', 'track_account_update', 10, 1);
function track_account_update($user_id) {
$customer = new WC_Customer($user_id);
// Log account changes
error_log(sprintf(
'Customer %d updated account: %s %s',
$user_id,
$customer->get_first_name(),
$customer->get_last_name()
));
// Update modified timestamp
update_user_meta($user_id, '_account_last_modified', current_time('mysql'));
}
// Validate account details before saving
add_action('woocommerce_save_account_details_errors', 'validate_account_details', 10, 1);
function validate_account_details(&$errors) {
if (isset($_POST['account_phone']) && !preg_match('/^[0-9-+()]+$/', $_POST['account_phone'])) {
$errors->add('invalid_phone', 'Please enter a valid phone number');
}
}
Role-Based Access Control
Restrict Features by Role
// Hide wholesale products from retail customers
add_filter('woocommerce_product_is_visible', 'restrict_wholesale_products', 10, 2);
function restrict_wholesale_products($visible, $product_id) {
$product = wc_get_product($product_id);
// Check if product is wholesale-only
if ($product->get_meta('_wholesale_only') === 'yes') {
// Only show to users with wholesale role
if (!current_user_can('view_wholesale_products')) {
return false;
}
}
return $visible;
}
// Restrict payment methods by role
add_filter('woocommerce_available_payment_gateways', 'restrict_payment_gateways');
function restrict_payment_gateways($gateways) {
// Net terms only for approved wholesale customers
if (isset($gateways['net_30'])) {
if (!current_user_can('use_net_terms')) {
unset($gateways['net_30']);
}
}
return $gateways;
}
Custom Capabilities
// Add custom WooCommerce capabilities
function add_custom_woocommerce_capabilities() {
// Get shop manager role
$shop_manager = get_role('shop_manager');
// Add custom capabilities
$shop_manager->add_cap('view_wholesale_products');
$shop_manager->add_cap('manage_inventory');
$shop_manager->add_cap('view_customer_data');
// Get wholesale customer role (create if needed)
$wholesale = get_role('wholesale_customer');
if (!$wholesale) {
add_role('wholesale_customer', 'Wholesale Customer', array(
'read' => true,
'view_wholesale_products' => true,
'use_net_terms' => true
));
}
}
add_action('init', 'add_custom_woocommerce_capabilities');
Customer Data Privacy (GDPR)
Export Customer Data
// Export customer data (GDPR compliance)
function export_woocommerce_customer_data($email) {
$customer = get_user_by('email', $email);
if (!$customer) {
return new WP_Error('no_customer', 'Customer not found');
}
$wc_customer = new WC_Customer($customer->ID);
$data = array(
'personal_info' => array(
'email' => $wc_customer->get_email(),
'first_name' => $wc_customer->get_first_name(),
'last_name' => $wc_customer->get_last_name(),
'phone' => $wc_customer->get_billing_phone()
),
'addresses' => array(
'billing' => $wc_customer->get_billing(),
'shipping' => $wc_customer->get_shipping()
),
'stats' => array(
'total_spent' => $wc_customer->get_total_spent(),
'order_count' => $wc_customer->get_order_count(),
'account_created' => $wc_customer->get_date_created()
),
'orders' => array()
);
// Get orders
$orders = wc_get_orders(array(
'customer_id' => $customer->ID,
'limit' => -1
));
foreach ($orders as $order) {
$data['orders'][] = array(
'order_id' => $order->get_id(),
'date' => $order->get_date_created(),
'total' => $order->get_total(),
'status' => $order->get_status()
);
}
return $data;
}
Delete Customer Data
// Anonymize customer data (GDPR right to erasure)
function anonymize_woocommerce_customer($customer_id) {
$customer = new WC_Customer($customer_id);
// Anonymize personal data
$customer->set_email('deleted-' . $customer_id . '@localhost');
$customer->set_first_name('Deleted');
$customer->set_last_name('User');
$customer->set_billing_first_name('Deleted');
$customer->set_billing_last_name('User');
$customer->set_billing_phone('');
$customer->set_billing_email('deleted-' . $customer_id . '@localhost');
$customer->save();
// Delete WordPress user
require_once(ABSPATH . 'wp-admin/includes/user.php');
wp_delete_user($customer_id);
error_log("Customer {$customer_id} anonymized and deleted");
}
Best Practices
- Use WC_Customer class for all customer data operations
- Leverage WooCommerce hooks instead of WordPress core hooks when available
- Implement proper role separation - Don't grant shop managers admin access
- Track customer metrics - Use total_spent and order_count for segmentation
- Enforce MFA for shop managers and administrators
- Regular access audits - Review who has access to what
- Document role changes - Log all role assignments and removals
- GDPR compliance - Provide data export and deletion tools
Available Guides
Roles and Permissions
Understanding WooCommerce roles, capabilities, and permission management:
- Administrator vs Shop Manager vs Customer
- WooCommerce-specific capabilities
- Creating custom roles
- Role-based access control
Adding and Removing Users
User lifecycle management from invitation to offboarding:
- Manual and programmatic user creation
- Bulk user imports
- Changing user roles
- Safe user deletion and offboarding
Next Steps
- Roles and Permissions - Understand WooCommerce capabilities
- Adding and Removing Users - User management workflows
- WooCommerce Integrations - Set up analytics tracking