In 2020, eCommerce website stores need to take data privacy seriously.
We have already seen the GDPR guidelines in Europe and new privacy regulation in states like California. Even if you don’t live in Europe or the United States, you can expect privacy laws to impact you soon. It’s important to make sure that only approved users can access your customer and order information.
In this guide, I’ll explain how you can manage privacy on your WordPress eCommerce site. I’ll show you how to control access to the order permissions in WooCommerce, the most popular WordPress eCommerce plugin.
In Parts 1 and 2, we’ll see the default permissions for WooCommerce users. Then in Parts 3, 4 and 5, I’ll show you how to set customized permissions for user roles. We’ll create user roles that can view, edit and create orders for customers.
Part #1. Default Permissions for WooCommerce Users
When you install WooCommerce, you get two additional user roles: Shop Manager and “Customer”. If you go to the “Users” screen on your site, you’ll be able to see both of these roles in this dropdown menu:
By default, WooCommerce is locked down tightly. After installation, very few users are allowed to access your WooCommerce admin area. Only users who have the new “Shop Manager” role (or the default “Administrator” role) can access the WooCommerce admin area.
In fact, WooCommerce will automatically block many users from accessing the WordPress admin area. Why does WooCommerce do this? I think it is to avoid distracting customers and also for security. Normal customers on your WooCommerce site do not need to see the WordPress admin dashboard or the WordPress toolbar.
If a user is in the “Administrator” or “Shop Manager” user roles, they will be able to access the entire WooCommerce admin. There are no default roles where users can access only some parts of WooCommerce features.
In this guide, I’ll show you how to customize WooCommerce permissions. For example, we will allow some users to edit orders and refunds. To do this we’re going to use the PublishPress Capabilities plugin.
Part #2. Default Permissions for WooCommerce Orders
You will find your eCommerce orders under the “Orders” link in WooCommerce. These orders are stored in a WordPress post type, so you can create, edit and delete them in exactly the same way as with regular posts.
When you have the PublishPress Capabilities plugin installed, go to “Capabilities” in your WordPress admin menu. You can see that link in the image above.
In the image below, you can see edit, delete and read permissions for many key areas of WooCommerce. Using PublishPress Capabilities, you can control permissions for WooCommerce products, orders, and coupons. We’re going to be using this screen throughout this tutorial.
Part #3. Give Access to View WooCommerce Orders
In this first section, I’ll show you how to give some extra users access to the “Orders” area.
These users will be able to VIEW all the orders on your site, but they won’t be able to EDIT those orders. This role is perfect for anyone who needs to help you fulfill orders, but should not be processing them.
- Make sure you have the PublishPress Capabilities plugin installed.
- Go to “Capabilities” in your WordPress admin area.
- In the “Select Role to View / Edit box”, choose a role you want to access the “Orders” area. In this image, I’m choosing the “Editor” role:
- On the left side, check the box in the “Orders” row and “Edit” column.
- On the right side, check the box “Orders” in the “Reading” area.
- Click the “Save Changes” button.
Now you can test your updated “Editor” role. I find that one of the easiest ways to test a new permission change is to install the User Switching plugin. Rather than messing around with resetting passwords, that plugin allows you to move between user accounts with just a couple of mouse clicks.
When you view your site using the “Editor” role, you will now see the “Orders” menu link. However, notice that you can NOT see any other WooCommerce features. The main “WooCommerce” and “Products” links are both hidden.
This user will be able to SEE all the orders in your Wooommerce store. They can click the eye icon in the screen below and they will be able to see the order details. However, they will not be able to edit orders.
Part #4. Give Access to Edit WooCommerce Orders
After our first changes, the “Editor” user can view orders for customers. However, they can not edit existing orders. In this next section, we’ll go a step further and allow Editors to also make changes to orders.
Here’s what do in order to allow Editors to update orders:
- Go back to “Capabilities” in the WordPress admin menu.
- Look in the right sidebar and make sure you have “Editor” selected again.
- Check the “Orders” box in the “Edit Others” column.
Now going a step further, if you want to allow Editors to delete WooCommerce orders, do this:
- Check these four boxes in the “Capabilities” area:
These updated settings will allow Editors to change details of any order and also move orders to the trash. So, please be careful about giving access to these permissions. Your Editors will have full control over any existing orders in your store. They will be able to change the order status, email invoices and do anything they want with your orders.
Part #5. Give Access to Create WooCommerce Orders
Let’s take our “Editor” role a step further and also give them the ability to create new orders. This is an even more powerful permission than we granted them in the last action.
To do this, we’ll rely on the “Create posts” capability.
- Go back to “Capabilities” in your WordPress admin menu.
- Look for the “Type-Specific Capabilities” box in the right sidebar.
- Check the “Orders” box.
- Check the “Use create_posts capability” box.
- Click the “Update” button.
- Look in the right sidebar and make sure you have “Editor” selected.
- Check the “Orders” box in the “Create” box column.
Now when you test your Editor role, you have permission to VIEW, EDIT, DELETE and CREATE WooCommerce Orders.
Look on the Orders screen, and this user will see an “Add order” button in the top left corner.
More on WooCommerce Permissions
In this guide, we focused on orders: one, single part of WooCommerce.
However, in this guide, you’ve seen that PublishPress Capabilities can control Products and Coupons, amongst other WooCommerce features.
- Guide to Boosting WordPress Site Speed by Reducing TTFB - August 3, 2020
- WordPress Hosting Company Seravo Saves Peatland and Becomes Carbon Negative - July 31, 2020
- Why Now is the Right Time to Make Your Website Multilingual - July 21, 2020
Where Should We Send
Your WordPress Deals & Discounts?
Subscribe to Our Newsletter and Get Your First Deal Delivered Instant to Your Email Inbox.
Thank you for subscribing.
Something went wrong.