Linux 软件免费装
Banner图

WWU Right of Withdrawal for Popular Ecommerce Platforms

开发者 mredodos
webwakeup
anideaforbusiness
更新时间 2026年7月3日 05:43
PHP版本: 8.1 及以上
WordPress版本: 7.0
版权: GPL-3.0-or-later
版权网址: 版权信息

标签

woocommerce gdpr fluentcart right of withdrawal recesso

下载

1.3.2 1.4.0

详情介绍:

Product page & docs: webwakeup.it/wwu-withdrawal-button | source code, issues & contributions: GitHub From 19 June 2026, EU law (Directive (EU) 2023/2673, new Art. 11a of the Consumer Rights Directive; Italy: Art. 54-bis Codice del Consumo) requires online stores to provide a withdrawal function that lets consumers withdraw from a distance contract as easily as they concluded it. WWU Withdrawal Button adds that function — and everything around it you need to run it and to prove you did it right — to WooCommerce, FluentCart and Easy Digital Downloads. How it works (in plain terms)
  1. An eligible customer opens their order and clicks the statutory "Withdraw from contract here" button — in their account, from a link in the order e-mail, or on a public page (no account needed: they look the order up with its number + e-mail).
  2. A simple two-step form appears: they review what they are withdrawing from (optionally ticking only some items — partial withdrawal is allowed), then confirm. No reason required, no hoops.
  3. The instant they confirm, the customer receives an acknowledgement of receipt on a durable medium — an e-mail, a PDF copy and a permanent verifiable link — showing exactly what was withdrawn and the precise date and time. The order is flagged "withdrawal requested".
  4. Every step is written to a tamper-evident, append-only log (hash-chained and timestamped) so you can prove what happened and when. You then handle the refund as usual — the plugin records that too.
That is the whole customer experience. Everything below exists to make it correct, easy to run, and defensible. For your customers For you (the merchant) Smart legal handling (so you don't have to think about it) Evidence, timestamps & integrity Privacy & GDPR Documents & compliance Integrations & automation Platforms & licence This plugin is a technical aid to compliance and is not legal advice. Have your own counsel review your store's documents.

安装:

  1. Upload the plugin to /wp-content/plugins/ and activate it.
  2. Activate WooCommerce and/or FluentCart.
  3. Go to Withdrawal Button → Settings, enable the function, and choose your applicability mode (EU/EEA only is the default).
  4. Publish the generated Annex I-B model form and update your Privacy / Terms / pre-contractual information from the Compliance page.

升级注意事项:

1.2.13 Partial withdrawal now lets the customer pick a quantity per item (e.g. 1 of 3) — an optional, no-JS number field; blank = the whole line. Shown on the receipt, dashboard and REST API. Informational and fully back-compatible (additive data). Issue #47. 1.2.12 Now requires PHP 8.1 (was 7.4); ships Dompdf 3.1.5. Custom CSS field removed — restyle via WordPress Customizer → Additional CSS. Timestamping is now opt-in: no external calls by default. PHP 7.4–8.0 sites stay on 1.2.11; a compatible build is on GitHub. 1.2.11 Fixes the Consent Records admin page (and CSV export) showing only WooCommerce consents: it now reads cross-platform from the tamper-evident evidence log, so Easy Digital Downloads and FluentCart consents appear too. Read-only — the immutable log is never altered. (GitHub #41.) 1.2.10 WordPress.org compliance pass: wp_unslash() added on the settings-save inputs (already sanitised) and a false-positive prepared-SQL error silenced on the integrity query. Over-long upgrade notices trimmed. No change to the withdrawal flow or your data. 1.2.9 Type-aware withdrawal window: for all-digital orders the 14-day countdown now starts at the order date (contract conclusion); orders with physical items are unchanged (delivery/completed date). Informational only — the button is never hidden on this. No breaking changes. 1.2.8 Completes the guest fix: the [webwakeupwdb_button] shortcode and the order-actions link now also route guests to the public withdrawal page, not just the automatic button, so a guest is never sent to the login screen. Logged-in customers unaffected. 1.2.7 Fixes the withdrawal button in the order recap sending guest (no-account) customers to the login screen; guests are now routed to the public withdrawal page. Logged-in customers are unaffected. No breaking changes. 1.2.6 Completes the bundled translations (Italian, German, French, Spanish, Swedish) for recent admin strings that were still showing in English — the Legal clauses editor, the Notification email(s) field and the Compliance reminders. (Swedish is machine-assisted, pending native review.) 1.2.5 Fixes PHP 7.4 compatibility: the bundled PDF library (Dompdf) had been requiring PHP 8.1 and showed a Composer platform error on PHP 7.4 sites; it is now pinned to the 7.4-compatible 2.x line. Also: the notification e-mail field now accepts multiple comma-separated recipients. 1.2.4 Housekeeping + WordPress.org compliance hardening (input sanitisation, output escaping, explicit REST permission callbacks). The display name is now "WWU Right of Withdrawal"; the slug is unchanged. No change to the withdrawal flow or your data. 1.2.3 Follow-up to the 1.2.2 e-mail fix: a failed acknowledgement e-mail now shows the exact transport reason (for example the SMTP plugin's "Could not authenticate") in the admin notice and the immutable log, instead of a generic "email failed", so an SMTP misconfiguration is obvious at a glance. 1.2.2 Critical: fixes a fatal "critical error" when sending the acknowledgement e-mail (on confirmation and admin resend), caused by an SMTP plugin throwing inside wp_mail. The send now fails gracefully instead of crashing. Also: set FluentCart handling to Off if you use its native add-on. 1.2.1 Fixes the WooCommerce "Right of withdrawal" account tab returning a 404 on a fresh install — a one-time rewrite flush now runs after activation (re-saving Permalinks also fixes it). You can also edit the legal clauses from Settings → Legal clauses (no code). 1.2.0 Reminder: installing the button does not update your shop's legal texts. Your Terms & Conditions and pre-contractual information must describe the new withdrawal-button modality (Art. 6 CRD). The plugin now flags this and gives you the ready-to-paste clauses. No change to the flow. 1.0.0-alpha.43 Adds a consumer-facing "why exempt" note: on orders exempt under Art. 59, the plugin explains why the withdrawal button is absent (the exception + legal reference) instead of showing nothing. Editable, fail-safe, only on genuinely exempt orders; button visibility unchanged. 1.0.0-alpha.42 Adds an optional "which products" checklist to the withdrawal form (partial withdrawal), shown on the receipt and the Requests dashboard. Optional and fail-open — leaving it empty withdraws from the whole order as before. No breaking changes. 1.0.0-alpha.41 Adds a FluentCart handling mode (Auto/Always/Off) so this plugin steps aside automatically when FluentCart's own withdrawal add-on is installed. No breaking changes; WooCommerce and EDD are unaffected. 1.0.0-alpha.40 Restores the admin UI styling (the UI Kit is now bundled) and adds Swedish (statutory button label + complete UI translation, pending native review). No breaking changes. 1.0.0-alpha.39 Critical fix: the Settings page no longer crashes with a "Class … Settings not found" fatal. Update recommended for everyone. Also includes a mail-safety fix and a WooCommerce/conflict audit. 1.0.0-alpha.38 Subscriptions are handled correctly: the button shows on the initial order only and is hidden on renewals (one 14-day right per contract). Two opt-in toggles under Settings → Subscriptions. If you use WooCommerce/FluentCart/EDD subscriptions, test on staging. 1.0.0-alpha.37 FluentCart stores can now use the {{wwu.recesso_url}} merge-tag in FluentCart's own e-mails. No change for WooCommerce/EDD. FluentCart users: add the tag to a template and test on staging (FluentCart's own native withdrawal feature is also coming soon). 1.0.0-alpha.36 Security hardening from a full audit (0 critical/high): SSRF guard on the RFC 3161 endpoint, rate limits on the withdrawal endpoints, input length caps. Recommended for all installs; no behaviour change for consumers. 1.0.0-alpha.35 EDD stores now show the withdrawal button on the purchase receipt + purchase history, and add the withdrawal link to the EDD receipt e-mail (parity with WooCommerce/FluentCart). Set a public withdrawal page in Settings and re-test the EDD customer flow on staging. 1.0.0-alpha.34 FluentCart: consent now renders on the block/modal checkout too and is category-aware; order notes appear in the FluentCart timeline. No change for WooCommerce/EDD stores. FluentCart users: re-test the checkout consent on staging (checklist included). 1.0.0-alpha.33 Adds Easy Digital Downloads (EDD 3.0+) support. No change for WooCommerce/FluentCart stores. If you run EDD, test the checkout + button on staging. 1.0.0-alpha.32 Adds consent capture on the WooCommerce block Checkout (requires WooCommerce 9.9+ for the conditional field). No change to the classic checkout. Test on staging if you use the block checkout. 1.0.0-alpha.31 Settings/exemptions UI overhaul + completed Italian/FR/ES/DE translations (the exemption section was partly in English). No change to the withdrawal flow. Safe to update. 1.0.0-alpha.30 Adds FluentCart checkout consent capture for the conditional exemptions (parity with WooCommerce). Test on a staging FluentCart store before production; fail-safe (the button stays) until the field is verified on your setup. 1.0.0-alpha.29 Completes the digital/service exemptions: durable-medium confirmation e-mail, configurable consent retention with automatic IP anonymisation, a GDPR privacy clause and a Consent records page. Review the new clause + retention setting. Test on staging; not yet stable. 1.0.0-alpha.28 Adds lawful consent capture at checkout for digital-immediate and service-performed exemptions. If you exempt those product types, the button is now hidden only after the consumer ticks the required acknowledgement. Test on staging; not yet a stable release. 1.0.0-alpha.19 Recommended for FluentCart stores: fixes the customer-account withdrawal page (was blank) and the per-order button. Test on staging before production; not yet a stable release. 1.0.0-alpha.17 Feature-complete alpha. Test thoroughly on staging before production; not yet a stable release.

常见问题:

Who must comply?

Any trader concluding distance B2C contracts via an online interface with EU/EEA consumers, regardless of the trader's own country (Rome I Art. 6). Switzerland-resident consumers are out of scope (voluntary mode).

Does it replace the model withdrawal form?

No. The button is additional to the Annex I-B model form, which remains mandatory in pre-contractual information. The plugin generates both.

Can it publish a single "Right of withdrawal" policy page?

Yes. Since 1.3.0 the plugin assembles one consolidated Right-of-withdrawal notice from your live settings and the Art. 59 exceptions you selected. Publish it with the [webwakeupwdb_policy] shortcode, let the plugin auto-create a page for it (one click to recreate if you delete it), or download it as a PDF — all from Compliance → "Informativa sul diritto di recesso", where you can also freeze it to static HTML. Optionally, two opt-in toggles add the same clauses to your Complianz Privacy Policy and Terms & Conditions (EU-only, off by default). It complements — it does not replace — your own Terms.

Do digital products lose the right of withdrawal automatically?

No. The right of withdrawal applies by default, including to digital products. It is removed only for the two conditional Art. 59 exemptions (digital content with immediate access; a service fully performed) and only when the consumer gives prior express consent + acknowledgement at checkout. The plugin captures that on the WooCommerce checkout (a required tick-box), stores it as evidence, and only then hides the button — otherwise the button stays (fail-safe). Physical products never need consent. For the digital exemption the plugin also e-mails the consumer a durable-medium confirmation, as the law requires.

Do I have to keep a register of these consents?

The law does not name a "register", but the burden of proof is on you (Art. 6(9) Dir. 2011/83/EU; GDPR accountability Art. 5(2)) — you must be able to prove the consent. The plugin keeps it for you: the agreed wording, a SHA-256 hash, the date/time and (optionally) the IP are stored on the order and anchored in the tamper-evident log; a Consent records admin screen lists and exports them. The IP is anonymised automatically after the retention period.

Is the timestamp legally valid? Should I enable it?

Yes — and we recommend you do. A trusted timestamp gives you an independent "data certa": proof of the exact moment a withdrawal was received, which is the fact the statutory 14-day deadline turns on and the hardest thing to prove after the fact. OpenTimestamps is free, needs no account, and provides an independently-verifiable Bitcoin-anchored proof; a pluggable RFC 3161 / eIDAS qualified-timestamp provider is available for the strongest "data certa". It is off by default (WordPress.org requires external connections to be opt-in) and only an anonymous one-way hash is ever sent — never personal data — so turn it on in Settings → Receipt & evidence (the Dashboard checklist links you straight there).

Which PHP version do I need? What about PHP 7.4?

The build in the WordPress.org directory requires PHP 8.1+ (it bundles the latest Dompdf 3.x PDF engine, whose dependencies need 8.1). If your host still runs PHP 7.4 or 8.0, the directory simply will not offer you this update — install the PHP 7.4-compatible build from our GitHub releases instead (identical features, Dompdf pinned to the 2.x line). That legacy build is a courtesy bridge and will not be maintained forever: PHP 7.4 reached end-of-life in November 2022, so please plan to move your store to PHP 8.1+ (it is faster and more secure), after which you get the directory version with automatic updates.

更新日志:

1.4.0 1.3.2 1.3.1 1.2.13 1.2.12 1.2.11 1.2.10 1.2.9 1.2.8 1.2.7 1.2.6 1.2.5 1.2.4 1.2.3 1.2.2 1.2.1 1.2.0 1.1.1 1.1.0 1.0.1 1.0.0 1.0.0-alpha.45 1.0.0-alpha.44 1.0.0-alpha.43 1.0.0-alpha.42 1.0.0-alpha.41 1.0.0-alpha.40 1.0.0-alpha.39 1.0.0-alpha.38 1.0.0-alpha.37 1.0.0-alpha.36 1.0.0-alpha.35 1.0.0-alpha.34 1.0.0-alpha.33 1.0.0-alpha.32 1.0.0-alpha.31 1.0.0-alpha.30 1.0.0-alpha.29 1.0.0-alpha.28 1.0.0-alpha.27 1.0.0-alpha.19 1.0.0-alpha.18 1.0.0-alpha.17 1.0.0-alpha.1