How it works
Dieser Inhalt ist noch nicht in deiner Sprache verfügbar.
Recover captures carts shoppers leave behind and emails one secure, one-click link to bring them back to checkout. Everything runs on your own site. This page follows a single cart end to end, then covers the cron worker, the admin view, and the security and privacy model.
The lifecycle
Section titled “The lifecycle”- Snapshot. As soon as a shopper has items in the cart, Recover saves a private snapshot, the product/variation ids, quantities and totals, keyed to the WooCommerce session (and user id when logged in). It is re-saved on add-to-cart, cart update and item removal, so it always reflects the live cart.
- Capture the email. For logged-in customers the email is read from the account immediately. For guests, a small script on the checkout page posts the billing-email field to the server after a valid address is entered, but only once the consent box (which the script injects) is ticked, when consent is required.
- Abandon. A pending cart that has had no activity for longer than Mark abandoned after is flipped to abandoned on the next cron run. Only carts that have a stored email and consent are eligible.
- Email. Once the email delay after abandonment has also elapsed, the next run sends one recovery email with a tokenised restore link via
wp_mail. - Restore. Clicking the link empties the current cart and re-adds the saved items, then redirects to the cart page. The cart is marked recovered at this point.
- Recover on order. Placing an order (classic or block checkout) also marks the matching cart recovered, so a shopper who returns on their own still counts.
Early email capture
Section titled “Early email capture”The capture script (assets/js/capture.js) is vanilla JavaScript loaded defer in the footer, only on the checkout page and only when Capture guest carts is on. It finds the billing-email field, injects the consent checkbox when consent is required, and on blur (or consent change) sends a valid address via fetch to a nonce-checked AJAX endpoint. It fails silently and never blocks checkout. If consent is required but not given, the server returns success without storing the email, no nagging, no half-captured data.
The cron worker
Section titled “The cron worker”Recovery runs on a WordPress cron schedule under the recover_process_carts hook, hourly. The event is scheduled on activation and self-heals, if it is ever missing (for example a plugin update applied by file copy without re-activation), the worker reschedules it on the next admin load. Each run does two idempotent passes:
- Sweep, mark up to 200 pending carts that are inactive past your window as abandoned.
- Send, for up to 50 due abandoned carts that have an email, consent and no email yet, send the recovery link and flag the row.
Because the send is gated on that per-row flag, a re-run or an overlapping run never double-sends. Exactly one email is sent per cart.
The carts list and recovery rate
Section titled “The carts list and recovery rate”Under WooCommerce → Recover Carts you see the most recent carts with their email, item count, value, status badge, emails-sent count and last activity. Above the table, four cards show pending, abandoned and recovered counts plus the recovery rate, recovered as a percentage of abandoned + recovered. This is where you gauge how much revenue the plugin is bringing back.
The restore link
Section titled “The restore link”Each cart has a 64-character cryptographically random token (bin2hex(random_bytes(32))). The restore link is the cart URL with a recover_token query argument carrying only that token, no customer id, no email, nothing personal. The handler rejects anything that is not exactly 64 hex characters, and re-adds only items that are still purchasable and in stock; anything sold out or removed is skipped. Already-recovered tokens simply redirect to the cart. Without the exact token a cart cannot be restored, so there is no enumeration or IDOR risk.
Security model
Section titled “Security model”- All output is escaped and all input sanitised.
- The email-capture AJAX request and the per-email wipe form are nonce-protected.
- Both admin pages require the
manage_woocommercecapability. - The restore link is a read-only, token-authorised GET, no nonce is possible (it arrives by email), so the unguessable token is the authorisation.
- Only a small vanilla-JavaScript capture snippet runs on the front end, deferred and checkout-only; no jQuery.
Privacy model
Section titled “Privacy model”- Self-hosted. Emails go through
wp_mail; cart data lives in your own database. Nothing is sent to any external service. - Consent-gated. Guest email capture only happens after the consent tick, and only consented carts are ever emailed.
- Data wipe. From WooCommerce → Recover Carts the Erase action deletes every stored cart for a given email address in one click.
You remain responsible for your store’s privacy policy.
Storage and clean uninstall
Section titled “Storage and clean uninstall”Cart data lives in a single {prefix}_recover_carts table; the schema version is tracked in the recover_db_version option. Deactivating unschedules the worker but keeps your data. Deleting the plugin runs the uninstall routine, which drops the table, removes the recover_settings and recover_db_version options, and clears the scheduled task, leaving nothing behind.
Compatibility
Section titled “Compatibility”Recover declares compatibility with WooCommerce HPOS (Custom Order Tables) and the Cart/Checkout Blocks; the order-placed hook is wired for both the classic and Store API checkout.