Customer Accounts

BoxCart provides a complete frontend account system for your customers, including registration, login, order history, favourites, and profile management — all without exposing the WordPress admin.

Overview

Customer accounts in BoxCart use a custom boxcart_customer WordPress role with minimal capabilities (read only). This role is created automatically on plugin activation and verified on every page load via ensure_customer_role().

The entire account experience is frontend-only. Customers interact with their account through the account page ([boxcart_account]), and by default are redirected away from the WordPress admin area. The admin bar is also hidden for customers, ensuring a clean, store-focused experience.

Account features include:

Registration and login forms on the account page
Dashboard with quick links
Order history with detail view
Edit personal details and change password
Pro: One-click reorder from past orders
Pro: Custom password reset flow with email verification code
Pro: Product favourites
Pro: Customer-side order modification window

Tip

Make sure you have created an Account page with the [boxcart_account] shortcode (or the BoxCart Account block) and assigned it under BoxCart → Settings → General → Page Setup.

Registration

Customers must register or log in before placing an order. They can do either from the checkout page via the boxcart_checkout_register and boxcart_checkout_login AJAX actions, or from /account/ via the [boxcart_account] shortcode.

The registration form collects first name, last name, email, and password. All registered customers are assigned the boxcart_customer role, which grants only the read capability. On plugin uninstall, these users are reassigned to the subscriber role before the custom role is removed.

Login and Dashboard

When a customer is not logged in, the account page displays login and (optionally) registration forms. After logging in, customers are shown the account dashboard by default.

The account page uses the ?view= query parameter to switch between different views:

View Parameter	Page Displayed
`(none)`	Account dashboard (includes favourites, quick links, and recent orders)
`orders`	Order history
`order` (with `?order=`)	Single order view
`edit`	Edit details and change password

For example, to view order history a customer would visit:

https://yoursite.com/account/?view=orders

And to view a specific order (by order number):

https://yoursite.com/account/?view=order&order=BC-20260420-001

The dashboard provides quick links to each section, giving customers an at-a-glance overview of their account. Logged-in customers also benefit from pre-filled checkout details (name, email, phone) drawn from their account profile.

Customer account dashboard showing quick links to orders, edit details, and favourites

Order History

The order history view (?view=orders) displays a list of the customer's past orders, showing key details such as:

Order number
Date placed
Order status
Total amount

Clicking on an order opens the single order view (?view=order&order=), which shows full order details including items, quantities, collection slot, payment method, and order notes.

On BoxCart Pro, each order also includes a "Reorder" button. When clicked, all items from that order are added to the customer's current basket, making it easy to repeat a previous order. This button is not shown on the free build.

Order history list showing order numbers, dates, statuses, and totals with reorder buttons

Tip (Pro)

Quick reorder is a great time-saver for repeat customers on Pro. When a customer clicks Reorder, items are added to their basket and they can proceed straight to checkout.

Order Modifications

Customers can modify pending orders within a configurable time window after placing them. By default, modifications are allowed within 24 hours of the order being placed, but this window is fully configurable by the admin.

When order modifications are enabled, a "Modify Order" button appears on the single order detail view (?view=order&order=) for eligible orders. Customers can modify the following aspects of their order:

Items — adjust quantities of existing order items
Collection slot — change the selected collection slot
Notes — update or add order notes

Each of these modification types can be individually enabled or disabled by the admin. Changes are saved via AJAX, and both the customer and the admin receive email notifications when an order is modified.

The following settings control order modifications, available under BoxCart → Settings → Accounts:

Setting	Key	Default	Description
Allow order modifications	`allow_order_modifications`	Off	Enable or disable the ability for customers to modify their orders.
Modification window (hours)	`modification_window_hours`	24	Number of hours after placing an order during which modifications are allowed.
Allow item modifications	`modify_items`	On	Allow customers to adjust item quantities on their orders.
Allow slot modifications	`modify_slot`	On	Allow customers to change the collection slot on their orders.
Allow note modifications	`modify_notes`	On	Allow customers to update or add notes to their orders.
Allowed statuses	`modification_allowed_statuses`	Pending	Order statuses for which modifications are permitted.

Tip

Order modifications reduce the need for customers to cancel and re-place orders. Set the modification window to a value that gives customers enough time to make changes without impacting your preparation schedule.

Order Messaging

BoxCart includes a two-way messaging system that allows customers to communicate with the shop about their orders. When enabled, a message thread appears below the order details on the single order view (?view=order&order=).

Key features of order messaging:

Customer messages — customers can send messages to the shop directly from their order detail view.
Admin replies — the admin can reply to customer messages from the order view in the BoxCart admin area, creating a two-way conversation thread.
Threaded display — all messages are displayed in chronological order below the order details, showing the sender and timestamp for each message.

Order messaging is controlled by the order_messaging_enabled setting, available under BoxCart → Settings → Accounts. When disabled, the messaging thread and input are hidden from the order view.

Edit Details

The edit details view (?view=edit) allows customers to update their personal information:

First name and last name
Email address
Phone number

Changes are saved via the boxcart_update_account AJAX endpoint. All input is sanitised using sanitize_text_field() and sanitize_email().

The edit details view also includes a change password section, where the customer can enter their current password and set a new one. This is handled by the boxcart_change_password AJAX endpoint.

Password Reset

BoxCart implements a custom frontend password reset flow that keeps customers entirely on the frontend, avoiding any exposure to the WordPress admin login screen.

The reset process works in three steps:

Request a reset code

The customer enters their email address on the account page login form and clicks "Forgot password?". BoxCart sends a verification code to the email address via the boxcart_send_reset_code AJAX endpoint. The code is stored as a WordPress transient (boxcart_pwd_reset_{email_hash}) and expires after 15 minutes. Reset code requests are rate-limited to 3 per hour per email address to prevent abuse.
Enter the verification code

The customer receives the email and enters the verification code on the reset form. The code is validated via the boxcart_verify_reset_code AJAX endpoint.
Set a new password

Once verified, the customer enters and confirms their new password. The password is updated via the boxcart_reset_password AJAX endpoint.

Tip

Login attempts are rate-limited to 5 failed attempts per 15 minutes per IP address to protect against brute-force attacks.

Account Settings

Configure customer account behaviour under BoxCart → Settings → Accounts. The following settings are available:

Setting	Key	Default	Description
Require phone number at checkout	`require_phone`	Off	Make the phone number field required during checkout.
Redirect customers away from wp-admin	`redirect_customers_from_admin`	On	Automatically redirect customers to their frontend account page if they try to access the WordPress admin area.
Hide admin bar for customers	`hide_admin_bar_for_customers`	On	Hide the WordPress admin bar when customers are viewing the site.

Favourites

Logged-in customers can save products to their favourites by clicking the heart icon on any product card. Favourites are stored in user meta as a serialised array of product IDs. On a single-site install the meta key is boxcart_favourites; on a WordPress multisite network it is automatically scoped per subsite as boxcart_favourites_{blog_id} so that favourites on one store don't leak into another.

Key features of the favourites system:

Toggle on/off — Clicking the heart icon adds or removes a product from favourites via the boxcart_toggle_favourite AJAX endpoint. Lookups are restricted to published boxcart_product posts and deduplicated on read.
Filter by favourites — Customers can filter the products page to show only their favourited products. The filter runs server-side via the favourites_only query parameter on boxcart_search_products / boxcart_load_table_products, so "Load more" paginates correctly within the filtered set.
Mutually exclusive with category & search — Activating a category pill, typing in the search box, or picking a category from the dropdown deactivates the favourites filter automatically. This avoids the empty-grid behaviour of intersecting filters.
Retrieve favourites — The boxcart_get_favourites AJAX endpoint returns the customer's full list of favourite product data (IDs, names, images, stock status).

Favourites are only available to logged-in customers.

Tip

Encourage customers to create accounts by highlighting the favourites feature. Combined with quick reorder, it creates a fast, personalised shopping experience for repeat customers.