WordPress Ecommerce: Plugin Choosing, Payment Gateways, Merchant Accounts, SaaS

The WooCommerce plugin and extensions

WooCommerce is available for free in the WordPress.org repository. The core plugin has everything needed to define products and prices and accept payment through PayPal. The Stripe Payment Gateway extension was recently made available for free and is the most popular way to accept credit cards directly on your site for WooCommerce, but extensions are available for just about any payment gateway you would want to use.

WooCommerce has dozens of free and paid extensions to enhance the core plugin, integrate with third-party marketing services, introduce new product types, integrate with shipping services, or improve the store management. Two of its most popular extensions are WooCommerce Subscriptions (which allows you to collect recurring payments) and WooCommerce Memberships (which also allows you to collect recurring payments as well as restrict content based on membership levels). The Paid Memberships Pro plugin covered shortly is streamlined for that exact use case, but if you are using WooCommerce already or need another feature handled well by WooCommerce, those extensions are a good way to go.

Customizing WooCommerce through hooks

WooCommerce (like any good WordPress plugin) has an incredible number of action and filter hooks you can use to customize how the plugin is working on your site. Check out their full action and filter hooks reference.

In the following, we will go through some examples to give you an idea of what’s possible using a few typical WooCommerce hooks.

Setting a sitewide sale

There are plugins you can use to set a sitewide sale for your WooCommerce store, but since you’re an awesome developer, you might like to do it yourself through custom code. The following code applies a 10% sale to any product that doesn’t already have a sale price:

// Set sale price to 10% of regular price if not already on sale
function my_get_sale_price($sale_price, $product) {
	if(empty($sale_price)) {
		$sale_price = $product->get_regular_price() * .9;
    $product->set_price($sale_price);
	}

	return $sale_price;
}
add_filter('woocommerce_product_get_sale_price', 'my_get_sale_price',
  10, 2);
add_filter('woocommerce_product_variation_get_sale_price',
  'my_get_sale_price', 10, 2);

WooCommerce products have both a “regular” price and a “sale” price. The final calculated price is just called “price.” The hook you can use to set the sale price is woocommerce_product_get_sale_price; however, you will have to use the woocommerce_product_get_variation_sale_price hook as well to handle products with variations (e.g., Small, Medium, Large T-Shirts).

Note also the line where we call $product->set_price($sale_price). The calculated price isn’t updated automatically after the sale price is returned from this callback, so we have to do it manually. The $product parameter is passed into the callback by reference; updating the product object here updates it outside of the filter as well.

Autocompleting orders

By default, when a new order is created at checkout, the order is put into “pending” status. A site administrator then needs to process the order. For typically shipped goods, process means putting the order items into a box and shipping it out. Once that is done, the order is placed into “completed” status.

For virtual goods, you might want to automatically move the items into “completed” status. Besides saving you a click, many WooCommerce plugins fire when an order goes into completed status. The sooner an order goes into completed status, the sooner those plugins can send their emails, hit their APIs, or whatever else they are doing. The following code will loop through the cart items after checkout and automatically mark the order as completed if all the items in the cart are virtual:

function autocomplete_virtual_orders($order_id) {
	//get the existing order
	$order = new WC_Order($order_id);

	//assume we will autocomplete
	$autocomplete = true;

	//get line items
	if (count( $order->get_items() ) > 0) {
	  foreach ($order->get_items() as $item) {
	    if($item['type'] == 'line_item') {
	      $_product = $order->get_product_from_item( $item );
	      if(!$_product->is_virtual()) {
	        //found a non-virtual product in the cart
	        $autocomplete = false;
	        break;
				}
			}
		}
	}

	//change status if needed
	if(!empty($autocomplete)) {
		$order->update_status('completed', 'Autocompleted.');
	}
}
add_filter('woocommerce_thankyou', 'autocomplete_virtual_orders');

Easy Digital Downloads code examples

Following are a couple of code examples showing how to use the Easy Digital Downloads (EDD) functions and hooks in your larger WordPress app. You can use the edd_has_purchased() function to check whether a user has purchased a specific EDD download. If you already use EDD to sell downloads from yoour site, you can use this function to restrict access to other WordPress pages or app features:

//Restrict access to a page if a user hasn't purchased a specific download yet
function my_template_redirect_check_edd()
{
	global $current_user;

	//Set to slug of page to protect.
	$protected_page_slug = 'customers-only';

	//Set to ID of download to check for.
	$required_download_id = 184;

	//Only protecting one specific page.
	if(!is_page($protected_page_slug))
		return;

	//Redirect if no user or missing purchase.
	if(!is_user_logged_in() ||
	   !edd_has_user_purchased($current_user->ID, $required_download_id)) {
               wp_redirect(get_permalink($required_download_id));
		exit;
	}
}
add_action('template_redirect', 'my_template_redirect_check_edd');

In this example, we used the template_redirect hook in WordPress. If users haven’t purchased the download we are checking for, they are redirected to the frontend page for that download. This is a good way to block access to an entire page (maybe a page that contains content or a shortcode for a contact form, or content you want to keep noncustomers from accessing.

You could do a similar check as a wrapper around any of your PHP code. If you do this often, it would help to abstract the edd_has_user_purchased() check into another function. The following examples includes a helper function to check whether a user has purchased a specific download and then uses that function to add a support link to the primary menu:

//Helper function to check if a user is a plugin customer
function is_plugin_customer($user_id = null)
{
	$plugin_download_id = 184;	//update this

	//default to current user
	if(empty($user_id))
	{
		global $current_user;
		$user_id = $current_user->ID;
	}

	return edd_has_user_purchased($user_id, $plugin_download_id);
}

//Add a support link to primary menu for users who purchased
function add_support_link_to_menu($items, $args)
{
	if($args->theme_location == 'primary' && is_plugin_customer())
	{
		$items .= '<li class="menu-item menu-item-type-post_type
		                      menu-item-object-page menu-item-support">';
		$items .= '<a href="/support/">Support</a>';
		$items .= '</li>';
	}

	return $items;
}
add_filter('wp_nav_menu_items', 'add_support_link_to_menu', 10, 2);

The is_plugin_customer() function applies a handy trick with the $user_id parameter. You can pass a specific $user_id to check, or optionally leave the parameter blank and the function will default to the current user’s ID. The plugin’s download ID (the post ID when editing that download in the dashboard) is hardcoded into the function and used in the edd_has_user_purchased() call that is returned.

The last bit of code uses the wp_nav_menu_items filter to add an additional link to the support page if the user is a plugin customer.

Let’s cover some general ecommerce concepts, before diving into more examples on how to set up a SaaS with WordPress.

Lock down a specific page

Paid Memberships Pro adds a Require Membership checkbox (see Figure 15-8) to the sidebar of the edit post and edit page pages in the WordPress dashboard. To lock down a page for a certain membership level, check the box next to that level.

If more than one level is selected, members of either level can view that page. If no levels are checked, everyone (including nonusers) can view the page.

Figure 15-8. Select the levels required to view this page

Lock down a page by URL

Sometimes it may be easier to restrict access to a page or group of pages by checking the page’s URL. For example, to keep nonmembers out of certain BuddyPress groups, you could add the following code to a custom plugin:

//lock down our members group
function my_buddy_press_members_group()
{
  $uri = $_SERVER['REQUEST_URI'];
	if(strtolower(substr($uri, 0, 16)) == "/groups/members/")
	{
		//make sure they are a member
		if(!pmpro_hasMembershipLevel())
		{
			wp_redirect(pmpro_url("levels"));
			exit;
		}
	}
}
add_action("init", "my_buddy_press_members_group");

The workhorse here is the pmpro_hasMembershipLevel() function. This function can take two parameters. The first is the ID or name of a membership level to check for. The second parameter is the user ID of the user you want to check. If no parameters are set, the function will check whether the current user has any membership level.

You can also do negative checks by passing, for example, -1 as the level ID. pmpro_hasMembershipLevel(-1) will return true if the current user doesn’t have level 1. If you pass a 0 specifically, the function will check that the user has no level at all. So pmpro_hasMembershipLevel(0) will return true if the current user does not have a membership level. (You could also do !pmpro_hasMembershipLevel().)

You can pass multiple level IDs and names in an array. For example, to check for members with level 1 or 2, use this code:

if(pmpro_hasMembershipLevel(array(1,2)))
{
    //do something for level 1 and 2 members here
}

Lock down a portion of a page by shortcode

Another way to restrict access to content is to use shortcodes in your post body content. The following is an example of some page content that will show different messages to different membership levels:

Welcome to SchoolPress!

[membership level="1"]Thanks for your continuing membership.[/membership]

[membership level="-1"]Sign up your school now![/membership]

The [membership] shortcode is fairly simple. It takes one parameter level that, similar to the parameter for the pmpro_hasMembershipLevel() function, can take a level ID, name, or a zero or negative level ID. Any content within the shortcode will be shown based on the stated level. Multiple level IDs can be passed separated by commas.

Lock down a portion of a page by PHP code using the pmpro_hasMembershipLevel() function

When locking down the BuddyPress members group, we used the pmpro_hasMembershipLevel() function. You can also use this function within your page templates or other code to restrict access to content or portions of code. For example, you might find code like this in your header:

<?php if(is_user_logged_in()) { ?>
<div class="user-welcome">
  Welcome
  <?php if(function_exists("pmpro_hasMembershipLevel")
    && pmpro_hasMembershipLevel()) { ?>
	<a href="/<?php echo pmpro_url("account"); ?>">
    <?php echo $current_user->display_name;?>
    </a>
  <?php } else { ?>
	<a href="/<?php echo home_url("/wp-admin/profile.php"); ?>">
    <?php echo $current_user->display_name;?>
    </a>
  <?php } ?>
</div> <!-- end user-welcome -->
<?php } ?>

The preceding code will show members a link to the Paid Memberships Pro account page. Users without a membership level are shown a link to their WordPress profile page.

Restricting nonmembers to the home page

By default, Paid Memberships Pro doesn’t lock down any part of your site unless you specifically tell it to. For some sites, you will want very limited public access (just the sales, about, and contact pages). You can do this by redirecting nonmembers away from any nonapproved page. Use the following code:

function my_template_redirect()
{
	$okay_pages = array(
        pmpro_getOption('billing_page_id'),
        pmpro_getOption('account_page_id'),
        pmpro_getOption('levels_page_id'),
        pmpro_getOption('checkout_page_id'),
        pmpro_getOption('confirmation_page_id')
    );

	//if the user doesn't have a membership, send them home
	if(!is_user_logged_in()
		&& !is_home()
		&& !is_page($okay_pages)
		&& !strpos($_SERVER['REQUEST_URI'], "login"))
	{
	    wp_redirect(home_url('wp-login.php?redirect_to='.
            urlencode($_SERVER['REQUEST_URI'])));
	}
	elseif(is_page()
			&& !is_home()
			&& !is_page($okay_pages)
			&& !pmpro_hasMembershipLevel()
	{
		wp_redirect(home_url());
	}
}
add_action('template_redirect', 'my_template_redirect');

In the preceding code, we set up an array of post IDs for pages that nonmembers should be able to see. We used the pmpro_getOption() function to get the IDs of the pages generated by PMPro and also allow home page access by using the WordPress is_home() function. We also allow access to any page with the word login in the URL, which on our setup will just the login page.

Locking down files

Some of the pages you are locking down may have images or other files attached to them. If the page is locked down, the link or image will not show up on the site for your users. However, users who know the direct URL to the file will be able to download to the file without first being logged in as a member. This is because when Apache processes a URL like http://schoolpress.me/wp-content/uploads/logo.png, it serves the file directly to the user without checking with PHP or WordPress first.

You can change this behavior by adding a rule to your site’s .htaccess file that redirects any URL like the preceding one through a special script bundled with Paid Memberships Pro. Add the following code to the top of your .htaccess file, above the other rewrite rules:

RewriteEngine On
RewriteBase /
RewriteRule ^wp-content/uploads/(.*)$ \
    /wp-content/plugins/paid-memberships-pro/services/getfile.php [L]

How does this work? In WordPress, images and files can be uploaded to a post or page. These files, called attachments by WordPress, are all stored in the /wp-content/uploads/ folder, but they are also associated with the post they were attached to via an entry in the wp_posts table.

Attachments are stored in the wp_posts table with the post_status set to attachment and the post_parent set to the ID of the post to which they’re attached.

The getfile.php script will find the corresponding entry in the wp_posts table for the requested file; and if the attachment’s parent requires membership, it will check to make sure a valid member is logged in before serving the file.

Change user roles based on membership levels

For most of the examples in this section, we assume that members only have access to your site’s frontend application. However, sometimes you may want to give members access to the WordPress dashboard, give them the “author” role so they can post to the blog, or otherwise assign them a role other than “subscriber.”

This code will add the author role to any new member of a particular level. It will also downgrade the member to a subscriber role if their membership level is removed:

function my_pmpro_after_change_membership_level($level_id, $user_id)
{
  if($level_id == 1)
	{
		//New member of level #1.
    //If they are a subscriber, make them an author.
		$wp_user_object = new WP_User($user_id);
		if(in_array('subscriber', $wp_user_object->roles))
			$wp_user_object->set_role('author');
	}
	else
	{
		//Not a member of level #1.
    //If they are an author, make them a subscriber.
		$wp_user_object = new WP_User($user_id);
		if(in_array('author', $wp_user_object->roles))
			$wp_user_object->set_role('subscriber');
	}
}
add_action(
    'pmpro_after_change_membership_level',
    'my_pmpro_after_change_membership_level',
    10,
    2
);

For more information on users and roles, see This Blog.

International and long-form addresses

By default, the Paid Memberships Pro checkout form will show address fields with the city, state, and postal code formatted on their own lines. A drop-down to choose the country appears below the form, as illustrated in Figure 15-9.

Figure 15-9. Paid Memberships Pro international billing address

You may want to change the default country, change the list of countries, or make some of the address fields not required. Here is some example code doing that:

/*
    Change the Default Country from US to GB (Great Britain)
*/
function my_pmpro_default_country($default)
{
	return 'GB';
}
add_filter('pmpro_default_country', 'my_pmpro_default_country');

/*
	Add/remove some countries from the default list.
*/
function my_pmpro_countries($countries)
{
	//remove the US
	unset($countries['US']);

	//add The Moon (LN short for Lunar?)
	$countries['LN'] = 'The Moon';

	//You could also rebuild the array from scratch.
	//$countries = array('CA' => 'Canada', 'US' => 'United States',
    //  'GB' => 'United Kingdom');

	return $countries;
}
add_filter('pmpro_countries', 'my_pmpro_countries');

/*
	(optional) You may want to add/remove certain countries from the list.
    The pmpro_countries filter allows you to do this.
	The array is formatted like
    array('US'=>'United States', 'GB'=>'United Kingdom');
    with the acronym as the key and the full
	country name as the value.
*/
function my_pmpro_countries($countries)
{
	//remove the US
	unset($countries['US']);

	//add The Moon (LN short for Lunar?)
	$countries['LN'] = 'The Moon';

	//You could also rebuild the array from scratch.
	//$countries = array('CA' => 'Canada', 'US' => 'United States',
    //  'GB' => 'United Kingdom');

	return $countries;
}
add_filter('pmpro_countries', 'my_pmpro_countries');

/*
	Change some of the billing fields to be not required.
	Default fields are: bfirstname, blastname, baddress1, bcity, bstate,
    bzipcode, bphone, bemail, bcountry, CardType, AccountNumber,
    ExpirationMonth, ExpirationYear, CVV
*/
function my_pmpro_required_billing_fields($fields)
{
	//remove state and zip
	unset($fields['bstate']);
	unset($fields['bzipcode']);

	return $fields;
}
add_filter('pmpro_required_billing_fields', 'my_pmpro_required_billing_fields');