{"id":297856,"date":"2026-04-24T05:57:08","date_gmt":"2026-04-24T05:57:08","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/eu-withdrawal-button-for-woocommerce\/"},"modified":"2026-04-24T05:59:17","modified_gmt":"2026-04-24T05:59:17","slug":"eu-withdrawal-button-for-woocommerce","status":"publish","type":"plugin","link":"https:\/\/cs.wordpress.org\/plugins\/eu-withdrawal-button-for-woocommerce\/","author":13261307,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"2.0.0","stable_tag":"2.0.0","tested":"6.9.4","requires":"6.2","requires_php":"7.4","requires_plugins":null,"header_name":"EU Withdrawal Button for WooCommerce","header_author":"Riin Agency","header_description":"Helps WooCommerce store owners implement the withdrawal flow described in EU Directive 2023\/2673.","assets_banners_color":"9f8585","last_updated":"2026-04-24 05:59:17","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/riin.eu\/withdrawal-plugin","header_author_uri":"https:\/\/riin.eu","rating":0,"author_block_rating":0,"active_installs":10,"downloads":135,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"2.0.0":{"tag":"2.0.0","author":"Nalut","date":"2026-04-24 05:59:17"}},"upgrade_notice":{"1.1.0":"

New tier system with Freemius licensing. Improved compatibility with custom order number plugins.<\/p>","1.0.0":"

Initial release.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3514355,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3514355,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3514355,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3514355,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["2.0.0"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3514355,"resolution":"1","location":"assets","locale":"","width":1877,"height":1556},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3514355,"resolution":"2","location":"assets","locale":"","width":1723,"height":1176},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3514355,"resolution":"3","location":"assets","locale":"","width":1379,"height":914},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3514355,"resolution":"4","location":"assets","locale":"","width":3012,"height":1372},"screenshot-5.png":{"filename":"screenshot-5.png","revision":3514355,"resolution":"5","location":"assets","locale":"","width":2970,"height":1272},"screenshot-6.png":{"filename":"screenshot-6.png","revision":3514355,"resolution":"6","location":"assets","locale":"","width":2984,"height":1568},"screenshot-7.png":{"filename":"screenshot-7.png","revision":3514355,"resolution":"7","location":"assets","locale":"","width":2988,"height":1078}},"screenshots":{"1":"Sticky bar with withdrawal button on the storefront","2":"Withdrawal form modal","3":"Confirmation step with order summary","4":"WooCommerce settings page"},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[255182,395,55969,245590,286],"plugin_category":[45],"plugin_contributors":[],"plugin_business_model":[],"class_list":["post-297856","plugin","type-plugin","status-publish","hentry","plugin_tags-consumer-rights","plugin_tags-eu","plugin_tags-returns","plugin_tags-withdrawal","plugin_tags-woocommerce","plugin_category-ecommerce","plugin_committers-nalut"],"banners":{"banner":"https:\/\/ps.w.org\/eu-withdrawal-button-for-woocommerce\/assets\/banner-772x250.png?rev=3514355","banner_2x":"https:\/\/ps.w.org\/eu-withdrawal-button-for-woocommerce\/assets\/banner-1544x500.png?rev=3514355","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/eu-withdrawal-button-for-woocommerce\/assets\/icon-128x128.png?rev=3514355","icon_2x":"https:\/\/ps.w.org\/eu-withdrawal-button-for-woocommerce\/assets\/icon-256x256.png?rev=3514355","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/eu-withdrawal-button-for-woocommerce\/assets\/screenshot-1.png?rev=3514355","caption":"Sticky bar with withdrawal button on the storefront"},{"src":"https:\/\/ps.w.org\/eu-withdrawal-button-for-woocommerce\/assets\/screenshot-2.png?rev=3514355","caption":"Withdrawal form modal"},{"src":"https:\/\/ps.w.org\/eu-withdrawal-button-for-woocommerce\/assets\/screenshot-3.png?rev=3514355","caption":"Confirmation step with order summary"},{"src":"https:\/\/ps.w.org\/eu-withdrawal-button-for-woocommerce\/assets\/screenshot-4.png?rev=3514355","caption":"WooCommerce settings page"},{"src":"https:\/\/ps.w.org\/eu-withdrawal-button-for-woocommerce\/assets\/screenshot-5.png?rev=3514355","caption":""},{"src":"https:\/\/ps.w.org\/eu-withdrawal-button-for-woocommerce\/assets\/screenshot-6.png?rev=3514355","caption":""},{"src":"https:\/\/ps.w.org\/eu-withdrawal-button-for-woocommerce\/assets\/screenshot-7.png?rev=3514355","caption":""}],"raw_content":"\n

EU Directive 2023\/2673 introduces new requirements for online stores regarding consumer withdrawal rights, taking effect on June 19, 2026<\/strong>.<\/p>\n\n

EU Withdrawal Button for WooCommerce<\/strong> helps you implement a clear, accessible withdrawal flow for your customers:<\/p>\n\n

The 4-Step Flow<\/h4>\n\n
    \n
  1. Visible Button<\/strong> \u2014 Sticky bar with a withdrawal button on every page<\/li>\n
  2. Withdrawal Form<\/strong> \u2014 Customer enters order number + email for verification<\/li>\n
  3. Confirmation Step<\/strong> \u2014 Order summary with a separate \"Confirm withdrawal\" button<\/li>\n
  4. Notifications<\/strong> \u2014 Confirmation email to customer + notification to merchant<\/li>\n<\/ol>\n\n

    Features<\/h4>\n\n
      \n
    • Sticky bar with configurable text and button<\/li>\n
    • Modal popup or dedicated page mode<\/li>\n
    • Order validation (order number + email + 14-day window check)<\/li>\n
    • Custom WooCommerce order status: \"Withdrawal Requested\"<\/li>\n
    • WooCommerce email integration (shows in WooCommerce \u2192 Settings \u2192 Emails)<\/li>\n
    • Support for custom order number plugins (Sequential Order Numbers, etc.)<\/li>\n
    • WCAG 2.1 AA accessible (keyboard navigation, focus trap, ARIA labels)<\/li>\n
    • Rate limiting for abuse prevention<\/li>\n
    • Translation-ready with .pot file<\/li>\n
    • HPOS (High-Performance Order Storage) compatible<\/li>\n<\/ul>\n\n

      Who Is This For?<\/h4>\n\n

      WooCommerce store owners who sell to EU consumers and want to provide a clear withdrawal process for their customers.<\/p>\n\n

      Disclaimer<\/h4>\n\n

      This plugin is a technical tool that helps implement a withdrawal flow. It does not constitute legal advice and does not guarantee compliance with any specific regulation. Consult a legal professional to ensure your store meets all applicable requirements.<\/p>\n\n\n

        \n
      1. Upload the eu-withdrawal-button-for-woocommerce<\/code> folder to \/wp-content\/plugins\/<\/code><\/li>\n
      2. Activate the plugin through the 'Plugins' menu in WordPress<\/li>\n
      3. Go to WooCommerce \u2192 Settings \u2192 Withdrawal Button to configure<\/li>\n
      4. The withdrawal button will appear on your storefront<\/li>\n<\/ol>\n\n\n
        \n

        What does this plugin do?<\/h3><\/dt>\n

        It adds a visible withdrawal button to your store, along with a form where customers can submit withdrawal requests. The plugin validates the order, notifies both parties via email, and tracks the request.<\/p><\/dd>\n

        What happens when a customer submits a withdrawal?<\/h3><\/dt>\n

        The customer receives a confirmation email, the merchant receives a notification, an order note is added, and the order status changes to \"Withdrawal Requested\" (configurable).<\/p><\/dd>\n

        Can I exclude certain products?<\/h3><\/dt>\n

        Product category exclusions and per-product exceptions are available in the paid version.<\/p><\/dd>\n

        Does it work with custom order number plugins?<\/h3><\/dt>\n

        Yes, the plugin searches by WooCommerce order ID, custom order number meta fields, and order number output \u2014 compatible with Sequential Order Numbers and similar plugins.<\/p><\/dd>\n

        Is my data sent to third parties?<\/h3><\/dt>\n

        The plugin stores withdrawal data in your own WordPress database. The Freemius SDK is used for license management and asks for your opt-in consent on activation.<\/p><\/dd>\n\n<\/dl>\n\n\n

        2.0.0<\/h4>\n\n
          \n
        • WordPress.org edition<\/strong>. First release published on the WordPress.org plugin directory. Feature parity with 1.5.x, Lite tier only. Paid upgrades continue to be distributed via riin.eu.<\/li>\n
        • Code: Full prefix refactor to ra_euwb_<\/code> \/ RA_EUWB_<\/code> \/ ra-euwb-<\/code> across options, hooks, CSS classes, JS globals, nonces and admin menu slugs, to comply with the WordPress.org guidelines on unique prefixes. Existing WC order status slugs (wc-ewb-withdrawn<\/code>, wc-ewb-completed<\/code>), the database table ({prefix}ewb_withdrawals<\/code>) and the _ra_euwb_deactivated_withdrawal<\/code> order meta key are preserved so existing installations continue to work without data migration.<\/li>\n
        • Code: Removed all inline <style><\/code> and <script><\/code> output. Admin order-status colours and the frontend ra-euwb-hidden<\/code> utility class are now part of the enqueued stylesheets. Frontend button colours are static (overridable via theme CSS) instead of dynamic option-backed inline styles.<\/li>\n
        • Code: Custom CSS setting removed from the free build (WordPress.org guideline: plugins must not execute arbitrary user-supplied CSS from options).<\/li>\n
        • Code: Text domain updated from eu-withdrawal-button<\/code> to eu-withdrawal-button-for-woocommerce<\/code> to match the WordPress.org plugin slug.<\/li>\n
        • Misc: Removed the now-unused class-ewb-i18n.php<\/code> helper (text domain is loaded directly via load_plugin_textdomain()<\/code> on init<\/code>).<\/li>\n<\/ul>\n\n

          1.5.0<\/h4>\n\n
            \n
          • Compliance Update \u2014 EU Directive 2023\/2673<\/strong>. All compliance-critical features are available in the free version.<\/li>\n
          • Guest-friendly direct link in order emails<\/strong>: The WooCommerce customer \"processing\" and \"completed\" order emails now include a \"Withdraw from this order\" button. The link opens the withdrawal form pre-verified against the order \u2014 no login required. Solves the guest-checkout compliance gap (the directive explicitly requires that withdrawal must not depend on having a customer account).<\/li>\n
          • Dismissible sticky bar<\/strong>: Visitors can close the sticky bar with an X button. Dismissal is remembered for a configurable number of days (default 7, configurable 0\u201330) via localStorage<\/code>. My Account pages ignore the dismissal and always show the bar (EU compliance \u2014 customer must be able to request a withdrawal there).<\/li>\n
          • Partial withdrawal support<\/strong>: Customers can now select specific items and quantities to withdraw instead of the whole order. The confirmation step shows per-item checkboxes and quantity inputs, pre-filled with the full order.<\/li>\n
          • Optional IBAN field<\/strong>: Customers can provide a bank account for the refund (useful when they paid by card or want the refund sent to a different account). Leaving it empty tells the merchant to refund to the original payment method. The IBAN is shown prominently in the merchant notification email and in the admin withdrawals list.<\/li>\n
          • Configurable sticky bar display<\/strong>: New \"Show sticky bar on\" multiselect under Withdrawal Button \u2192 General lets merchants pick which page types show the sticky bar (Homepage, Shop & product pages, Cart & checkout, Other). The My Account pages always show the sticky bar (EU compliance \u2014 customer must be able to request a withdrawal there). Existing installations default to My Account pages only<\/strong> after the upgrade, so update your settings if you want the sticky bar elsewhere.<\/li>\n
          • Discreet footer link<\/strong>: Optional small \"Right of withdrawal\" link can be shown in the footer (useful when the sticky bar is disabled on most pages).<\/li>\n
          • Admin: Withdrawals list now shows a Full \/ Partial badge and a hoverable list of the selected items per request, plus a dedicated IBAN column.<\/li>\n
          • Emails: Customer confirmation and merchant notification emails now list only the selected withdrawn items (with a partial-withdrawal notice when applicable) and show the IBAN. Legacy rows from pre-1.5.0 fall back to the full-order view.<\/li>\n
          • Database: New withdrawn_items<\/code> (JSON) and iban<\/code> columns on {prefix}ewb_withdrawals<\/code>. The upgrade runs automatically on plugin load via dbDelta()<\/code> \u2014 no manual action required.<\/li>\n
          • Security: Submitted item selections are re-validated server-side against the actual order (quantities clamped, unknown items rejected) to prevent tampering.<\/li>\n
          • Security hardening (CIA audit pass): (a) CSV export now escapes spreadsheet formula injection (leading =<\/code>, +<\/code>, -<\/code>, @<\/code>, tab, CR) and includes the Withdrawn Items<\/code> + IBAN<\/code> columns that were previously silently misaligned. (b) Client IP detection no longer trusts HTTP_X_FORWARDED_FOR<\/code> \/ HTTP_CLIENT_IP<\/code> by default \u2014 sites behind a trusted reverse proxy (e.g. Cloudflare) can opt in via the ewb_trust_forwarded_ip<\/code> filter. (c) Submission now holds a MySQL advisory lock per order around the duplicate check + insert, closing the race window that allowed two simultaneous clicks to create duplicate withdrawal rows. (d) The public ewb_validate_order<\/code> and ewb_lookup_by_key<\/code> endpoints are now rate-limited (30 requests per 5 minutes per IP). (e) \"Order not found\" and \"email does not match the order\" are collapsed into a single generic verification error to prevent order enumeration. (f) Support form Reply-To header explicitly strips CR\/LF defending against header injection.<\/li>\n<\/ul>\n\n

            1.4.0<\/h4>\n\n
              \n
            • IMPORTANT: Clarified \"Withdrawal Completed\" semantics. Renamed the user-facing label to \"Withdrawal Closed\" everywhere it appeared (order status, emails, order notes, My Account box, admin). The status no longer implies that an automatic refund has been issued \u2014 merchants must refund manually via WooCommerce \u2192 Orders. Automatic wc_create_refund()<\/code> integration is planned for a future Pro release. Internal status slug (wc-ewb-completed<\/code>) is unchanged so existing orders continue to work.<\/li>\n
            • IMPORTANT FIX: The sticky bar, withdrawal form, confirmation email, \"closed\" email and admin information guide previously hardcoded \"14 days\" even when merchants configured a different ewb_withdrawal_days<\/code> value. All texts now reflect the configured value dynamically with proper single\/plural handling. Merchants can also use the {days}<\/code> placeholder in the custom Bar text field.<\/li>\n
            • Updated customer closed-request email to clearly state that the merchant will issue the refund manually, instead of claiming the refund has already been processed.<\/li>\n
            • Added a \"Heads up\" admin notice on every plugin settings tab explaining the manual refund workflow.<\/li>\n
            • Performance & reliability: Order number lookup fallback (step 3) now filters by the configured withdrawal window (days + 2 buffer) instead of the arbitrary \"last 500 orders\" limit, and is capped at 1000 orders scanned. Both bounds are adjustable via the ewb_order_lookup_cutoff_date<\/code> and ewb_order_lookup_max_scan<\/code> filters. A warning is logged if the fallback triggers \u2014 this helps merchants spot custom order number plugins that don't use the standard _order_number<\/code> meta key.<\/li>\n
            • Code quality: Custom CSS (Basic+) now uses wp_add_inline_style()<\/code> attached to the main ewb-frontend<\/code> stylesheet handle instead of printing a raw <style><\/code> tag on wp_head<\/code>. This integrates with minify\/cache plugins and follows WordPress standards.<\/li>\n<\/ul>\n\n

              1.3.3<\/h4>\n\n
                \n
              • Fix: Removed the parent => woocommerce<\/code> menu setting so the Freemius SDK can properly register its own admin pages (connect\/opt-in, account, pricing). Previously the activation flow tried to redirect users to admin.php?page=ewb-withdrawal<\/code> which WordPress rejected with \"Sorry, you are not allowed to access this page.\" because the submenu was never registered. Plugin Settings link still opens WooCommerce \u2192 Settings \u2192 Withdrawal Button via first-path<\/code>.<\/li>\n<\/ul>\n\n

                1.3.2<\/h4>\n\n
                  \n
                • Fix: Freemius \"Opt In\" and Account\/Pricing pages now work correctly. Previously the menu used an embedded WooCommerce settings URL as its slug, which prevented the Freemius SDK from rendering its own admin pages (opt-in form, account, pricing, checkout)<\/li>\n
                • Added a dedicated ewb-withdrawal<\/code> plugin page for Freemius SDK, with first-path<\/code> redirecting Settings link to the WooCommerce \u2192 Settings \u2192 Withdrawal Button tab (existing UX preserved)<\/li>\n<\/ul>\n\n

                  1.3.1<\/h4>\n\n
                    \n
                  • Fix: \"Get Basic\" and \"Get Pro\" buttons in the Upgrade tab now open the Freemius in-admin checkout (iframe) instead of redirecting to the marketing site<\/li>\n
                  • Fix: Restored the \"License\" \/ \"Activate License\" link on the Plugins page by registering the Freemius account page (ewb-account<\/code>)<\/li>\n
                  • Added dedicated Freemius pricing page (ewb-pricing<\/code>) for in-admin checkout flow<\/li>\n
                  • Updated Upgrade tab FAQ to reflect the new in-admin checkout experience<\/li>\n<\/ul>\n\n

                    1.3.0<\/h4>\n\n
                      \n
                    • Freemius: Premium code is now properly marked with is__premium_only()<\/code> gates so Freemius can auto-generate a clean free build without premium features<\/li>\n
                    • Renamed class-ewb-rest-api.php<\/code> to class-ewb-rest-api__premium_only.php<\/code> so Freemius excludes it from the free build<\/li>\n
                    • Added Requires Plugins: woocommerce<\/code> header (WordPress 6.5+ plugin dependencies)<\/li>\n
                    • readme.txt: added nalut<\/code> to contributors<\/li>\n<\/ul>\n\n

                      1.2.1<\/h4>\n\n
                        \n
                      • Fix: Plugin text domain is now properly loaded, enabling translations via WPML \/ Loco Translate \/ .mo files<\/li>\n
                      • Add wpml-config.xml for admin text translation support<\/li>\n<\/ul>\n\n

                        1.2.0<\/h4>\n\n
                          \n
                        • Switched to Freemius-only distribution (independent of WordPress.org)<\/li>\n
                        • Disabled WordPress.org compliance mode in Freemius SDK<\/li>\n<\/ul>\n\n

                          1.1.0<\/h4>\n\n
                            \n
                          • Added tier system (Lite \/ Basic \/ Pro)<\/li>\n
                          • Freemius integration for license management<\/li>\n
                          • Support tab with contact info<\/li>\n
                          • Upgrade tab with plan comparison<\/li>\n
                          • Improved custom order number compatibility<\/li>\n
                          • Various bug fixes and improvements<\/li>\n<\/ul>\n\n

                            1.0.0<\/h4>\n\n
                              \n
                            • Initial release<\/li>\n
                            • 4-step withdrawal flow<\/li>\n
                            • Sticky bar with configurable text<\/li>\n
                            • Modal popup and page display modes<\/li>\n
                            • WooCommerce email integration<\/li>\n
                            • Custom order status: Withdrawal Requested<\/li>\n
                            • Rate limiting<\/li>\n
                            • HPOS compatibility<\/li>\n
                            • WCAG 2.1 AA accessibility<\/li>\n
                            • Translation-ready<\/li>\n<\/ul>","raw_excerpt":"Helps WooCommerce store owners implement the withdrawal flow described in EU Directive 2023\/2673.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/cs.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/297856","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cs.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/cs.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/cs.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=297856"}],"author":[{"embeddable":true,"href":"https:\/\/cs.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/nalut"}],"wp:attachment":[{"href":"https:\/\/cs.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=297856"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/cs.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=297856"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/cs.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=297856"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/cs.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=297856"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/cs.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=297856"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/cs.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=297856"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}