Arik Sahaj Checkout turns WhatsApp into a real WooCommerce checkout flow. Unlike basic "click-to-chat" plugins, this plugin creates a real WooCommerce order (a
shadow order) the moment a customer clicks the WhatsApp button protecting your inventory from overselling while the customer completes the conversation on WhatsApp.
Why a "Shadow Order"?
When a customer clicks the WhatsApp button, the plugin:
- Creates a real WooCommerce order with the selected product, quantity, and variations
- Reduces stock immediately (atomic no race conditions)
- Opens WhatsApp with a pre-filled message including the Order ID
- Suppresses transactional emails so admin and customer aren't notified prematurely
The result: your inventory is protected, your dashboard has a clean record of every WhatsApp inquiry, and you never oversell.
Key Features
- Real WooCommerce Orders: Every click creates a trackable WooCommerce order.
- Atomic Inventory Protection: Stock reduced via
wc_reduce_stock_levels() — safe under concurrent load
- Variable Product Support: Captures size, color, and other variation selections
- High-Performance Order Storage (HPOS) compatible: Full support for WooCommerce HPOS.
- Cart & Checkout Blocks compatible: Works alongside the WooCommerce Blocks experience
- Popup-Blocker Safe: Opens WhatsApp tab synchronously on click; never blocked.
- Honeypot Anti-Spam: Built-in bot protection without CAPTCHA.
- Rate Limiting: Per-IP and per-user, configurable, with HTTP 429 responses.
- Customizable Message Templates: Use placeholders for product name, order ID, total, variations, date
- Flexible Button Positioning: Before, after, or replace the Add to Cart button
- Configurable Order Status: Choose any valid WooCommerce status for shadow orders
- Email Suppression: Shadow orders never trigger admin/customer emails
- Block Theme Support: Compatible with Twenty Twenty-Four and other block themes
- Translation Ready: Full i18n/l10n support
- Multisite Compatible: Network activation with per-site settings
- Accessibility-First: ARIA attributes, keyboard navigation,
prefers-reduced-motion, high-contrast mode
- RTL Support: Right-to-left languages fully supported
- WP-CLI Compatible: Plugin activation via
wp plugin activate works correctly
How It Works
- Customer browses your shop and selects a product
- Clicks "Order via WhatsApp"
- Plugin creates a real WooCommerce order with status of your choice (default: On Hold)
- Stock is reduced automatically
- WhatsApp opens in a new tab with a pre-filled message including the Order ID
- Customer messages you on WhatsApp you reference the Order ID in your WooCommerce dashboard
Perfect For
- Stores that primarily take orders via WhatsApp (common in South Asia, MENA, Latin America)
- Businesses with limited online checkout (no payment gateway, no shipping calculator)
- Shops wanting inventory protection without complex multi-step checkout
- Stores selling variable products via WhatsApp
- Brick-and-mortar businesses using WordPress as a catalog
Theme Compatibility
Tested with the following themes (single product page and shop archive):
- Storefront
- Astra
- OceanWP
- Divi
- The7
- Flatsome
- Avada
- GeneratePress
- Kadence
- Blocksy
- Block theme
The plugin uses high-specificity CSS selectors and CSS custom properties to override aggressive
!important button rules from popular themes without breaking other site styles.
Technical Highlights
- Object-oriented PHP architecture with singletons
- PHP 7.4+ compatible (no PHP 8.x-only syntax)
- Follows WordPress Coding Standards (WPCS)
- Security-first: nonce verification, capability checks, input sanitization, output escaping
- WooCommerce email hooks safely wrapped in try/finally
- Cryptographically secure token generation via
random_bytes()
- Atomic stock reduction (no race conditions)
- HPOS-aware uninstall (cleans both
wc_orders_meta and postmeta)
- Multisite-aware uninstall (loops all sites in network)
- No
wp_cache_flush() abuse — targeted cache invalidation only
wc_get_logger() integration for production debugging
- Defensive class/function existence checks throughout
1.0.5
Maintenance and compatibility release. Refreshes compatibility for WordPress 7.0 and WooCommerce 10.9 and clears the "not tested with the latest 3 major releases" notice. No functions, features, styles, or CSS were changed.
1.0.4
Major update. Fixes fatal error on activation caused by PHP 8.x-only syntax. Adds popup-blocker bypass, honeypot anti-spam, multisite uninstall, block theme support, and full accessibility compliance. Upgrade immediately.
1.0.2
Critical update. Fixes fatal AJAX errors on servers with PHP mail() disabled and button style settings not applying.
1.0.0
Initial release.
1.0.5
Release Date: July 5, 2026
Maintenance and compatibility release. No functions, features, styles, or CSS were changed; this release only refreshes the version number, the compatibility headers, and the readme tags.
- Compatibility: Confirmed against WordPress 7.0 — Tested up to raised from 6.7 to 7.0 (clears the "not tested with the latest 3 major releases of WordPress" notice).
- Compatibility: Tested with WooCommerce 10.9 — WC tested up to raised from 9.5 to 10.9. Continues to declare HPOS compatibility and uses standard WooCommerce order APIs.
- Housekeeping: Plugin header Version and the ARIKSAC_VERSION constant bumped to 1.0.5; Stable tag updated to 1.0.5.
- Readme: Refreshed search tags for discoverability.
1.0.4
Release Date: May 12, 2026
Critical Bug Fixes
- Fixed fatal error on activation caused by PHP 8.0+ syntax used without proper version requirement. Removed
match expressions, mixed type hint, int|WP_Error union return types, : never return type, str_contains(), and declare(strict_types=1) from all files. Plugin now requires PHP 7.4+ which matches the declared header.
- Fixed
is_product_archive() fatal error — this function does not exist in WooCommerce. Replaced with is_woocommerce() plus standard archive checks.
- Fixed
'replace_add_to_cart' button position breaking variable products by removing the entire add-to-cart template (including variation dropdowns). Now uses CSS-based hiding that preserves variation selection.
- Fixed
woocommerce_is_sold_individually filter being applied globally, affecting all products on the site. Removed entirely.
- Fixed race condition where stock could be oversold between the stock check and stock reduction. Stock reduction now runs before status change to close the window.
- Fixed email suppression filters leaking if
update_status() threw an exception. Wrapped in try/finally to guarantee filter restoration.
Security Hardening
- Added HTTP method enforcement on AJAX endpoint (POST-only).
- Added honeypot anti-spam field with
ariksac_honeypot_field and ariksac_ajax_pre_check filters for reCAPTCHA/hCaptcha integration.
- Added per-user rate limiting in addition to per-IP rate limiting (CDN/proxy-safe).
- Added
ariksac_trust_proxy_headers filter (default false) — REMOTE_ADDR is now the authoritative IP source. Prevents X-Forwarded-For spoofing of rate limits and order IP records.
- Added strict sanitization callbacks for button position, yes/no settings, and order status (whitelisted against
wc_get_order_statuses()).
- Changed message template sanitizer from
wp_kses_post to sanitize_textarea_field — WhatsApp messages should be plain text.
- Added phone number validation with inline admin error feedback.
- Replaced
wp_die(-1) from check_ajax_referer with proper JSON 403 response.
User Experience
- Fixed popup blocker preventing WhatsApp from opening — window now opens synchronously on click and is navigated after AJAX response.
- Added HTTP 429 rate-limit detection with dedicated error message.
- Added HTML entity decoding for server-returned error messages.
- Added
aria-busy toggle during loading state for screen reader accessibility.
- Added smooth fallback notice container for block themes without
.woocommerce-notices-wrapper.
- Added 30-second AJAX timeout to prevent indefinite hangs.
- Added double-click prevention via
aria-busy state check.
- Added WC logger integration — errors viewable at WooCommerce → Status → Logs.
Theme Compatibility
- Added Twenty Twenty-Four and block theme compatibility selectors.
- Added Flatsome, Avada, GeneratePress, Kadence, Blocksy compatibility patterns.
- Added
box-sizing: border-box to prevent padding overflow in strict themes.
Accessibility
- Added
prefers-reduced-motion media query for spinner animation.
- Added Windows High Contrast Mode (
forced-colors: active) support.
- Added
aria-live regions for notices.
- Added print stylesheet (hides WhatsApp UI from printed pages).
- Added focus-visible states throughout admin and frontend.
Internationalization
- Added RTL stylesheet rules for Arabic, Hebrew, Urdu, and other RTL languages.
- Removed translated strings from default database storage — translation now happens at output time, language-switch safe.
Order Quality
- Logged-in customers now have orders attached to their WordPress account.
- Pre-fills billing email and name from user profile when available.
- Added
_ariksac_order_source = 'whatsapp' meta for filtering in admin.
- Added
{date} placeholder for message templates.
- Added
ariksac_message_placeholders filter for custom placeholders.
- Improved
wc_price() output cleaning — currency symbols and now display correctly in WhatsApp messages.
- User agent truncated to 200 characters for DB column safety.
Uninstall & Cleanup
- Multisite-aware uninstall loops through all sites in network.
- Cleans both HPOS
wc_orders_meta and legacy postmeta regardless of current mode.
- Cleans rate-limit transients with proper prefix-based queries.
- Cleans cron events, user meta, and custom capabilities.
- Replaced
wp_cache_flush() with targeted wp_cache_delete() — no longer impacts other plugins' Redis/Memcached cache.
Other
- Bumped minimum WordPress version requirement to 6.0.
- Bumped tested WooCommerce version to 9.5.
- Added
wp_color_picker palette support in admin.
- Added Help & Documentation tab with placeholder reference and system requirements check.
1.0.2
Release Date: March 13, 2026
- Fixed fatal error caused by WooCommerce email notifications firing during shadow order creation on servers with PHP mail() disabled.
- Fixed
update_meta_data() warning on _customer_ip_address and _customer_user_agent. Replaced with proper WC setter methods.
- Fixed button style settings not applying due to CSS specificity wars with theme
!important rules. Added high-specificity selector list.
- Fixed CSS notice selectors mismatched with JS-applied classes.
- Fixed debug data exposed in production AJAX error responses.
- Added button style result caching for performance on archive pages.
- Added The7 theme compatibility.
- Added dark mode support for notice styles.
1.0.0
Release Date: January 2026
- Initial release
- Shadow order system with WhatsApp integration
- Variable product support
- HPOS compatibility
- Security features (nonce, rate limiting, input sanitization)
- Customizable message templates
- Flexible button positioning