WordPress.org

Veneto

Get WordPress
WordPress.org

Plugin Directory

BeziWorld Withdrawal for WooCommerce

BeziWorld Withdrawal for WooCommerce

By beziworld
Download

Description

BeziWorld Withdrawal for WooCommerce is a free, GPL-licensed compliance toolkit that prepares your shop for the EU Modernisation Directive (Directive (EU) 2023/2673) which takes effect on 19 June 2026.

The directive forces every online shop selling to EU consumers to expose a dedicated, one-click withdrawal function inside the shop interface. This plugin delivers that function — and goes well beyond the minimum.

What this plugin gives you

  • A dedicated Withdrawal tab inside WooCommerce’s My Account area
  • Item-level partial withdrawals with per-line quantity selection
  • Public withdrawal page auto-created on activation — guests enter order number + email to authenticate, no account required
  • Single-use guest token automatically embedded in the order confirmation email
  • Immediate confirmation email on a durable medium, as required by Article 11(3) CRD
  • Configurable withdrawal period (14-60 days, default 14) — increase if you offer an extended return policy
  • Deadline calculator that rolls weekends and public holidays forward to the next working day
  • Polish public holidays preset for 2026-2028 (extensible to any locale through a filter)
  • Refund calculation that respects Article 13(2) CRD: items plus the cheapest standard shipping option you offered
  • Automatic refunds through the original payment gateway when supported (Stripe, PayU, Przelewy24, Tpay, Mollie, etc.)
  • Admin can override the calculated refund amount (restocking fee, partial damage)
  • Configurable rule engine: exclude products, categories, user roles or payment gateways from withdrawal
  • Storefront notices on product / cart / checkout / thank-you pages with WYSIWYG-editable text
  • Predefined reason picker, configurable from settings
  • Customer self-service cancellation while still pending
  • Four customer status emails (confirmation, received, refunded, rejected) — all overridable from your theme
  • Optional automatic transition of the order status when a withdrawal is submitted
  • Full audit trail: IP, user-agent, server-side timestamps in UTC
  • Trash / restore / delete for withdrawal records
  • CSV export of all withdrawal statements
  • WordPress privacy tools integration — exporter and eraser registered by default
  • WP-CLI commands: wp bzww list, wp bzww refund, wp bzww cancel, wp bzww received, wp bzww stats
  • REST API endpoints under /wp-json/bzww/v1/ for headless and mobile clients
  • Gutenberg block and Elementor widget alternatives to the shortcode
  • WooCommerce HPOS (custom order tables) compatible
  • 30+ filters and actions for deep customization (see HOOKS.md in the source repository)
  • Verifiable acknowledgement: each confirmation carries a SHA-256 receipt code recomputable from the stored declaration, so the durable-medium record is tamper-evident
  • Printable acknowledgement certificate the consumer can save as a PDF with the browser print function
  • Always-visible access: a site-wide footer link plus an optional dismissible sticky bar, so the withdrawal function is reachable from every page
  • Annex I generator: one-click withdrawal-information (Annex I.A) and model-withdrawal-form (Annex I.B) pages, generated from your store details, plus [bzww_withdrawal_policy] and [bzww_model_form] shortcodes
  • Optional two-step confirmation with a read-only review screen (off by default)
  • Optional IBAN field for consumers who request a refund to a specific account (never mandatory; validated with the IBAN checksum)
  • Compliance readiness panel in settings — an at-a-glance checklist of what is configured for the directive
  • Honeypot spam protection and per-IP rate limiting on the public lookup and guest submission
  • WCAG 2.1 AA accessibility on the customer-facing forms

Built-in features (no premium upgrade required)

  • Item-level partial withdrawals with quantity
  • Guest withdrawal flow with email-based lookup
  • Automatic refunds via payment gateways
  • Weekend & public-holiday aware deadline
  • Audit trail with IP & user-agent
  • REST API
  • WP-CLI
  • CSV export
  • GDPR exporter/eraser
  • Gutenberg block + Elementor widget

Theme overrides

Every customer-facing template can be overridden by your theme. Drop a copy of any file from templates/ into your-theme/beziworld-withdrawal-for-woocommerce/<same-path>.php and the plugin will use your version.

External services

This plugin performs no analytics, telemetry or remote downloads, and phones nothing home. Everything runs inside your WordPress installation.

The single exception is entirely optional and off by default: if you enter a notification Webhook URL in the settings (for Slack, Discord or your own endpoint), the plugin sends a small JSON payload to that URL when a withdrawal is submitted. The payload contains the event name and the withdrawal and order identifiers (and the order number). No webhook is configured by default and nothing is sent unless you set a URL; the destination is the address you choose.

Screenshots

  • Customer view of the Withdrawal tab inside My Account — eligible orders with the 14-day deadline.
  • Item-level partial withdrawal form — pick which items and how many units to return.
  • Admin list of withdrawal statements with bulk actions and CSV export.
  • Settings page — customer-facing labels, refund policy and eligibility rules.

Blocks

This plugin provides 1 block.

  • Withdrawal Form Renders the EU 2023/2673 withdrawal-from-contract form. Same content as the [bzww_withdrawal_form] shortcode.

Installation

  1. Activate WooCommerce 8.0 or newer if it is not already active.
  2. Upload the plugin via Plugins Add New Upload Plugin, or unzip into /wp-content/plugins/.
  3. Activate the plugin through the Plugins screen.
  4. A Withdraw from contract page is created automatically — link it from your terms of sale.
  5. Go to WooCommerce Withdrawal Settings to review the defaults (button labels, refund policy, eligibility rules, storefront notices).
  6. The plugin is now live. Logged-in customers see the Withdrawal tab inside My Account; guests can use the public page with the [bzww_withdrawal_form] shortcode.

FAQ

Is this plugin enough to make my shop compliant with EU 2023/2673?

The plugin covers the technical requirements: a dedicated withdrawal function, a clearly labelled button, immediate confirmation on a durable medium, item-level selection, and a refund mechanism within 14 days. You still need to update your terms of sale, your privacy policy and the order summary copy. The plugin does not provide legal advice. Consult a lawyer for the specifics of your jurisdiction.

How do guests (logged-out customers) submit a withdrawal?

The plugin auto-creates a public page on activation with the [bzww_withdrawal_form] shortcode. Guests visit that page, enter their order number and the email used at checkout. After verification, the plugin issues a single-use token and shows the same withdrawal form a logged-in customer would see. The link is also embedded in the order confirmation email for one-click access.

Does it support multi-shipment orders?

Yes. The 14-day clock starts after the last parcel is delivered. Because WooCommerce core does not track shipment-level delivery, the plugin uses the order completion timestamp by default and exposes a bzww/order/delivered_at filter so a shipping/tracking plugin can override it.

How are digital products handled?

Per Article 16(m) CRD, sealed digital products and downloadable software are excluded by default. Products flagged as Virtual + Downloadable in WooCommerce are skipped automatically.

Can a customer cancel a pending withdrawal?

Yes. While a statement is in the pending state the customer sees a “Cancel this withdrawal” button on the success page in My Account.

Does it work with HPOS / custom order tables?

Yes. The plugin declares full HPOS compatibility on activation.

Where are records stored?

In a private custom post type, bzww_withdrawal. Each statement is one post with meta fields holding order id, items, amount, IP and user-agent.

How do I add public holidays for a country other than Poland?

Use the bzww/eligibility/holidays filter to return an array of Y-m-d strings. The plugin will roll the 14-day deadline forward when it lands on one of those dates.

Can I customise the withdrawal period?

Yes. WooCommerce Withdrawal Settings Withdrawal period (days) — set anywhere between 14 and 60 days. The default is the 14 days mandated by EU law; the minimum cannot go below the statutory 14.

Can the admin adjust the refund amount before issuing?

Yes. Each withdrawal detail page has an editable Refund amount input pre-filled with the calculated value. Override it to deduct a restocking fee or to account for the condition of returned goods.

Where can I learn about the available hooks?

The plugin is built to be extended. The main filters and actions are listed below; all pass the relevant order or withdrawal so you can tailor behaviour without touching plugin files.

Eligibility & deadlines (filters)

  • bzww/eligibility/excluded_statuses — order statuses excluded from withdrawal.
  • bzww/eligibility/deadline — the computed withdrawal deadline (DateTime).
  • bzww/eligibility/holidays — extra non-working days for weekend/holiday roll-over.
  • bzww/order/delivered_at — override the delivery date the deadline is based on.
  • bzww/rules/order, bzww/rules/item — allow or deny a specific order or line item.
  • bzww/withdrawal/deny_duplicate — whether to block a second statement for the same order.

Refunds (filters)

  • bzww/refund/deadline_days — statutory reimbursement deadline in days (default 14).
  • bzww/refund/args — arguments passed to the WooCommerce refund.
  • bzww/refund/cheapest_shipping — override the cheapest-delivery amount (Art. 13(2)).

Lifecycle (actions)

  • bzww/withdrawal/submitted ( $withdrawal_id, $request, $order )
  • bzww/withdrawal/cancelled ( $withdrawal_id )
  • bzww/withdrawal/status_changed ( $withdrawal_id, $previous, $current )
  • bzww/withdrawal/transition_to_{status} ( $withdrawal_id, $previous )
  • bzww/refund/before, bzww/refund/after, bzww/refund/failed
  • bzww/plugin/booted ( $plugin )

Security, presentation & integration (filters)

  • bzww/submit/rate_limit, bzww/submit/rate_window, bzww/lookup/rate_limit, bzww/lookup/rate_window — throttling.
  • bzww/request/client_ip — resolved client IP behind proxies.
  • bzww/lookup/resolve_order — custom guest order lookup.
  • bzww/csv/columns, bzww/csv/row — admin CSV export shape.
  • bzww/webhook/payload — outbound webhook body.
  • bzww/templates/theme_directory, bzww/templates/located — template overrides.
  • bzww/placement/html, bzww/placement/tokens, bzww/access/label, bzww/access/url — front-end placement.
  • bzww/checkout/digital_consent_text, bzww/assets/should_enqueue, bzww/model_form/policy_html, bzww/model_form/model_form_html.

A REST endpoint GET /wp-json/bzww/v1/stats (capability manage_woocommerce) and the wp bzww CLI commands are also available for monitoring and automation.

Reviews

There are no reviews for this plugin.

Contributors & Developers

“BeziWorld Withdrawal for WooCommerce” is open source software. The following people have contributed to this plugin.

Contributors

Translate “BeziWorld Withdrawal for WooCommerce” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

2.16.0

  • New: optional expiry for the guest withdrawal link. Set WooCommerce Withdrawal Settings Guest link validity (days) to a positive number to have the emailed link stop working after that many days (an expired link sends the consumer back to the lookup form). Default is 0 = no expiry, so existing behaviour is unchanged.
  • Internal: the guest-token issuing and verification logic is now centralised in one place across the form, REST API and My Account flows.

2.15.5

  • Improved: the compliance-readiness panel on the Withdrawal Settings screen now spans the full content width with a cleaner, WordPress-native two-column layout (styling moved into the admin stylesheet).

2.15.4

  • Fix: shop managers can now save the plugin settings. The settings save was previously gated by the administrator-only capability even though the screen is available to shop managers, so their changes were silently rejected.

2.15.3

  • Privacy: the personal-data eraser no longer deletes withdrawal statements whose withdrawal or refund is still in progress (pending/received); these are retained until finalised so a pending reimbursement is never stranded, with only non-essential request metadata removed. Anonymising a retained (refunded) statement now also clears the free-text reason. The personal-data export now includes the received/refunded timestamps and the confirmation channel.

2.15.2

  • Fix: when an explicit delivery date is recorded for an order, it is now normalised to the shop timezone before the withdrawal deadline is computed, so the final day boundary is correct regardless of the timezone the date was stored in.

2.15.1

  • Security: the post-submission confirmation page now shows the acknowledgement verification code and certificate link only to the order owner or to a request that carries the matching receipt code, so the code can no longer be revealed by guessing a withdrawal reference number. Affects only the acknowledgement-certificate feature; refund and submission flows are unchanged.

2.15.0

  • Documentation: the readme now lists the main developer filters and actions inline (eligibility, refunds, lifecycle, security, presentation and integration), instead of linking out for the hook reference.

2.14.0

  • The wp bzww stats command and the /wp-json/bzww/v1/stats REST endpoint now report the number of open statements past the reimbursement deadline (overdue_refunds), so external monitoring and alerting can track compliance risk.
  • Fix: the “All” counter on the Withdrawals list now matches every row the list can display.
  • Internal: the bundled translation compiler now byte-sorts the compiled .mo string table for full gettext conformance.

2.13.0

  • The dashboard widget now highlights, at the top, when open statements have passed the statutory reimbursement deadline — so the compliance risk is visible on login, not only on the Withdrawals screen.

2.12.0

  • Fix: Polish translations now use the correct grammatical plural forms for counts (e.g. processed-statement notices and the admin status counters), instead of falling back to English. The translation build tooling now compiles plural forms into the .mo file.

2.11.0

  • New: the Withdrawals admin screen now shows a warning when open statements have passed the 14-day statutory reimbursement deadline (EU Directive Art. 13(3)), so refunds are not missed. The deadline is filterable via bzww/refund/deadline_days.

2.10.0

  • The Withdrawals admin list now shows a count next to each status filter (All, Pending, Received, Refunded, Rejected, Trash), so you can see your queue at a glance without opening each view.

2.9.0

  • New read-only REST endpoint GET /wp-json/bzww/v1/stats (requires the manage_woocommerce capability) returning withdrawal counts by status, the total, the refunded amount and the shop currency — for headless dashboards and monitoring.

2.8.0

  • The selected predefined withdrawal reason is now stored separately, and the dashboard widget shows the most common reasons over the last 30 days — helping you spot and reduce avoidable returns.
  • Security: the CSV export now neutralises spreadsheet formula injection in consumer-supplied fields (name, email, reason).
  • Fix: automatic order-status transition on submission now works for all statuses (a prefix-handling bug previously skipped statuses such as “completed” and “cancelled”).
  • Hardening: outbound webhook requests no longer follow redirects and reject unsafe (internal) URLs; the Polish holiday preset is now generated algorithmically so it never expires; when a consumer requests a refund to a specific IBAN, automatic reversal to the card is disabled so it can be settled to that account.

2.7.0

  • New WP-CLI command wp bzww stats — prints withdrawal counts by status and the total refunded, for scripting and monitoring.

2.6.0

  • The dashboard widget now shows the withdrawal rate — the share of recent orders that resulted in a withdrawal — computed efficiently and cached.

2.5.0

  • The dashboard widget now also shows the average refund amount and the average time from submission to refund over the last 30 days, alongside the existing status counts and total refunded.

2.4.0

  • New: a “Record delivery date” order action. From the order screen you can stamp the delivery date that starts the 14-day withdrawal clock — useful for marking the last parcel of a multi-shipment order without a separate tracking plugin. The recorded date takes priority over the configured deadline basis.

2.3.0

  • New: configurable basis for the withdrawal deadline — start the 14-day clock from the order completed date (default), the order date, or the payment date — plus an optional “grace days” buffer. A delivery date recorded on the order (meta _bzww_delivered_at, e.g. by a tracking/shipping plugin) still takes priority, so multi-shipment deadlines remain accurate.

2.2.0

  • New (opt-in): outbound webhook notifications. Set a Slack, Discord or generic webhook URL and the plugin posts a small JSON payload when a withdrawal is submitted. Off by default; nothing is sent unless a URL is configured (see Notifications in the settings, and the External services section).

2.1.0

  • New (opt-in): capture the consumer’s Article 16(m) consent at checkout for carts containing immediately-supplied digital content (virtual + downloadable). The acknowledgement is stored on the order with its text and timestamp and recorded as an order note; it can be shown for the record only or required to complete checkout. Applied to the classic checkout; block (Store API) checkout support is planned.

2.0.0

  • Milestone release consolidating the compliance toolkit built across the 1.x series: verifiable SHA-256 acknowledgement receipt, printable certificate, always-visible footer/sticky access, Annex I.A/I.B page generator, optional two-step confirmation, optional IBAN field, honeypot + rate limiting, WCAG 2.1 AA forms, and a compliance readiness panel.
  • New: a contextual Help tab on the settings screen with a quick-start guide and compliance pointers.
  • Documentation: the plugin description now reflects the full feature set.
  • No breaking changes — this is a safe upgrade from any 1.x version; settings and existing withdrawal records are preserved.

1.5.0

  • New: a compliance readiness panel on the settings screen — an at-a-glance checklist (public page published, guest form available, prominent access, withdrawal period, pre-purchase notice, Annex I.A/I.B pages) so you can see what is set up for the directive and what still needs attention.
  • UI: frontend form controls now inherit the active theme’s typography, with clearer keyboard-focus styles and reduced-motion support, for a cleaner look on default block themes (Twenty Twenty-*) and Storefront.

1.4.0

  • New: a printable acknowledgement certificate — a clean, self-contained document of the withdrawal declaration (content, submission time and SHA-256 verification code) that the consumer can save as a PDF with the browser print function. Linked from the confirmation email, the on-screen confirmation, and the admin detail screen. No third-party PDF library is bundled.

1.3.0

  • New: one-click generator for the statutory Annex I texts — a withdrawal-information page (Annex I.A) and a model withdrawal form (Annex I.B), populated from your store details. Available as the shortcodes [bzww_withdrawal_policy] and [bzww_model_form] and as ready-made pages from the settings screen.
  • New: optional two-step confirmation — a read-only review screen with a separate confirmation control before a withdrawal is recorded (off by default; works without JavaScript).
  • Frontend styling refined for readability on default block themes (Twenty Twenty-*) and Storefront, inheriting the theme’s typography.

1.2.0

  • Always-visible access: an optional site-wide footer link (on by default) and an optional dismissible sticky bar make the withdrawal function reachable from every page, in line with the Directive’s “prominent and easily accessible” requirement — no longer only inside the My Account tab.
  • Added an optional IBAN field to the withdrawal form (off by default) for consumers who ask to be refunded to a specific bank account. It is never mandatory; entries are validated with the IBAN checksum, surfaced in the confirmation email and admin detail, and included in the privacy exporter/eraser.
  • Accessibility: error messages now use a focus-managed alert region, required fields are explicitly marked, and the sticky bar has a keyboard-accessible dismiss control (WCAG 2.1 AA).
  • New settings section “Withdrawal access (visibility)” plus an “Offer an IBAN field” toggle.

1.1.0

  • Acknowledgement of receipt now carries a verifiable SHA-256 code derived from the declaration content, so the confirmation can be checked for tampering — strengthening the durable-medium record required by Directive (EU) 2023/2673.
  • Confirmation wording now states clearly that it acknowledges receipt only and does not by itself decide whether the withdrawal is effective or accepted, keeping the receipt distinct from any automatic refund.
  • The verification code is also shown on the on-screen confirmation in My Account and on the public guest page.
  • Added honeypot spam protection and per-IP rate limiting to the public lookup and guest submission endpoints, hardening them against bots and order-number enumeration.
  • Internal: centralised client IP / user-agent retrieval used by the audit trail and the new rate limiter.

1.0.2

  • Pre-escape attribute and label arguments passed to wp_dropdown_pages() on the settings page so the PHPCS escape-output rule no longer flags the call.

1.0.1

  • Move inline checkbox-toggle script on the admin list screen to an enqueued asset (assets/js/admin-list.js).
  • Escape the return value of the the_title filter and the WooCommerce endpoint-title filter.
  • Register the Gutenberg block through a PHP render callback that returns a string, replacing the file-based render that echoed shortcode output.
  • Document and lint-mark the trust boundary on the Elementor widget’s shortcode echo.

1.0.0

  • Initial release.
  • Full EU 2023/2673 compliance: dedicated withdrawal function, immediate confirmation, 14-day refund.
  • Item-level partial withdrawals with per-line quantity.
  • Public lookup page (order number + email) — guests submit without an account.
  • Automatic refund through the original payment gateway when supported.
  • Admin can override the calculated refund amount per statement.
  • Configurable withdrawal period (7-60 days).
  • Deadline calculator with weekend & Polish public-holiday rollover.
  • Rule engine for excluding products, categories, roles and gateways.
  • Storefront notices on product / cart / checkout / thank-you with WYSIWYG text.
  • Four customer status emails (confirmation, received, refunded, rejected) — theme-overridable.
  • Customer self-service cancellation.
  • Trash / restore / delete workflow for withdrawal records.
  • Audit trail with IP, user-agent, timestamps.
  • WordPress privacy tools integration (exporter + eraser).
  • WP-CLI commands.
  • REST API.
  • CSV export.
  • Gutenberg block + Elementor widget.
  • WooCommerce HPOS compatible.
  • Polish translation included (253 strings).

Meta

Ratings

No reviews have been submitted yet.

Your review

See all reviews

Contributors

Support

Got something to say? Need help?

View support forum