Customer Accounts

BoxCart provides a complete frontend account system for your customers, including registration, login, order history, favourites, and profile management — all without exposing the WordPress admin.

Overview

Customer accounts in BoxCart use a custom boxcart_customer WordPress role with minimal capabilities (read only). This role is created automatically on plugin activation and verified on every page load via ensure_customer_role().

The entire account experience is frontend-only. Customers interact with their account through the account page ([boxcart_account]), and by default are redirected away from the WordPress admin area. The admin bar is also hidden for customers, ensuring a clean, store-focused experience.

Account features include:

Registration and login forms on the account page
Dashboard with quick links
Order history with detail view and quick reorder
Edit personal details and change password
Custom password reset flow with email verification code
Product favourites

Tip

Make sure you have created an Account page with the [boxcart_account] shortcode (or the BoxCart Account block) and assigned it under BoxCart → Settings → General → Page Setup.

Guest Checkout

BoxCart supports guest checkout, allowing customers to place orders without creating an account. This is controlled by the guest_checkout setting, which is enabled by default.

When guest checkout is enabled:

Customers can complete an order by entering their name, email, and optional phone number — no account required.
A "Create an account" checkbox appears on the checkout page, giving guests the option to create an account during checkout.
If the customer ticks the checkbox, they are prompted to enter a password. The account is created when the order is placed.

When guest checkout is disabled, customers must log in or register before they can complete an order.

Tip

You can encourage account creation by enabling the "Create an account" info popup (see Account Settings), which displays the benefits of registering.

Registration

Customer registration can happen in two ways:

During checkout

When guest_checkout is enabled, customers can tick the "Create an account" checkbox at checkout and enter a password. The account is created automatically when the order is placed.
On the account page

When the require_registration setting is enabled, a registration form is displayed on the account page for new customers. The form collects first name, last name, email, and password.

To enable registration on the account page, go to BoxCart → Settings → Accounts and tick "Enable registration on the account page".

All registered customers are assigned the boxcart_customer role, which grants only the read capability. On plugin uninstall, these users are reassigned to the subscriber role before the custom role is removed.

Login and Dashboard

When a customer is not logged in, the account page displays login and (optionally) registration forms. After logging in, customers are shown the account dashboard by default.

The account page uses the ?view= query parameter to switch between different views:

View Parameter	Page Displayed
`(none)`	Account dashboard
`orders`	Order history
`order` (with `?id=`)	Single order view
`edit`	Edit details and change password
`favourites`	Favourite products

For example, to view order history a customer would visit:

https://yoursite.com/account/?view=orders

And to view a specific order:

https://yoursite.com/account/?view=order&id=42

The dashboard provides quick links to each section, giving customers an at-a-glance overview of their account. Logged-in customers also benefit from pre-filled checkout details (name, email, phone) drawn from their account profile.

Screenshot: Customer account dashboard showing quick links to orders, edit details, and favourites

Order History

The order history view (?view=orders) displays a list of the customer's past orders, showing key details such as:

Order number
Date placed
Order status
Total amount

Clicking on an order opens the single order view (?view=order&id=), which shows full order details including items, quantities, collection slot, payment method, and order notes.

Each order includes a "Reorder" button. When clicked, all items from that order are added to the customer's current basket, making it easy to repeat a previous order.

Screenshot: Order history list showing order numbers, dates, statuses, and totals with reorder buttons

Tip

The quick reorder feature is a great time-saver for repeat customers. When a customer clicks Reorder, items are added to their basket and they can proceed straight to checkout.

Order Modifications

Customers can modify pending orders within a configurable time window after placing them. By default, modifications are allowed within 24 hours of the order being placed, but this window is fully configurable by the admin.

When order modifications are enabled, a "Modify Order" button appears on the single order detail view (?view=order&id=) for eligible orders. Customers can modify the following aspects of their order:

Items — adjust quantities of existing order items
Collection slot — change the selected collection slot
Notes — update or add order notes

Each of these modification types can be individually enabled or disabled by the admin. Changes are saved via AJAX, and both the customer and the admin receive email notifications when an order is modified.

The following settings control order modifications, available under BoxCart → Settings → Accounts:

Setting	Key	Default	Description
Allow order modifications	`allow_order_modifications`	Off	Enable or disable the ability for customers to modify their orders.
Modification window (hours)	`modification_window_hours`	24	Number of hours after placing an order during which modifications are allowed.
Allow item modifications	`modify_items`	On	Allow customers to adjust item quantities on their orders.
Allow slot modifications	`modify_slot`	On	Allow customers to change the collection slot on their orders.
Allow note modifications	`modify_notes`	On	Allow customers to update or add notes to their orders.
Allowed statuses	`modification_allowed_statuses`	Pending	Order statuses for which modifications are permitted.

Tip

Order modifications reduce the need for customers to cancel and re-place orders. Set the modification window to a value that gives customers enough time to make changes without impacting your preparation schedule.

Order Messaging

BoxCart includes a two-way messaging system that allows customers to communicate with the shop about their orders. When enabled, a message thread appears below the order details on the single order view (?view=order&id=).

Key features of order messaging:

Customer messages — customers can send messages to the shop directly from their order detail view.
Admin replies — the admin can reply to customer messages from the order view in the BoxCart admin area, creating a two-way conversation thread.
Threaded display — all messages are displayed in chronological order below the order details, showing the sender and timestamp for each message.

Order messaging is controlled by the order_messaging_enabled setting, available under BoxCart → Settings → Accounts. When disabled, the messaging thread and input are hidden from the order view.

Edit Details

The edit details view (?view=edit) allows customers to update their personal information:

First name and last name
Email address
Phone number

Changes are saved via the boxcart_update_account AJAX endpoint. All input is sanitised using sanitize_text_field() and sanitize_email().

The edit details view also includes a change password section, where the customer can enter their current password and set a new one. This is handled by the boxcart_change_password AJAX endpoint.

Password Reset

BoxCart implements a custom frontend password reset flow that keeps customers entirely on the frontend, avoiding any exposure to the WordPress admin login screen.

The reset process works in three steps:

Request a reset code

The customer enters their email address on the account page login form and clicks "Forgot password?". BoxCart sends a verification code to the email address via the boxcart_send_reset_code AJAX endpoint. The code is stored as a WordPress transient (boxcart_pwd_reset_{email_hash}) and expires after 15 minutes. Reset code requests are rate-limited to 3 per hour per email address to prevent abuse.
Enter the verification code

The customer receives the email and enters the verification code on the reset form. The code is validated via the boxcart_verify_reset_code AJAX endpoint.
Set a new password

Once verified, the customer enters and confirms their new password. The password is updated via the boxcart_reset_password AJAX endpoint.

Tip

Login attempts are rate-limited to 5 failed attempts per 15 minutes per IP address to protect against brute-force attacks.

Account Settings

Configure customer account behaviour under BoxCart → Settings → Accounts. The following settings are available:

Setting	Key	Default	Description
Allow guest checkout	`guest_checkout`	On	Allow customers to place orders without creating an account.
Enable registration on the account page	`require_registration`	Off	Show a registration form on the account page for new customers.
Require phone number at checkout	`require_phone`	Off	Make the phone number field required during checkout.
Redirect customers away from wp-admin	`redirect_customers_from_admin`	On	Automatically redirect customers to their frontend account page if they try to access the WordPress admin area.
Hide admin bar for customers	`hide_admin_bar_for_customers`	On	Hide the WordPress admin bar when customers are viewing the site.
Show info button	`show_create_account_info`	On	Display an info button (?) next to "Create an account" that opens a popup with benefits.
Popup Title	`create_account_info_title`	Benefits of creating an account	Title displayed in the "Create an account" info popup.
Popup Content	`create_account_info_text`	See below	Enter each benefit on a new line. Displayed as a bulleted list in the popup.

"Create an Account" Info Popup

When show_create_account_info is enabled, an info button (?) appears next to the "Create an account" checkbox at checkout. Clicking it opens a popup that displays the benefits of creating an account as a bulleted list.

The default popup content lists the following benefits:

Track your orders and view order history
Faster checkout next time — your details will be saved
Save your favourite products for quick access
Easily reorder previous orders with one click

You can customise both the popup title and the content text under BoxCart → Settings → Accounts. Enter each benefit on a new line in the content field — each line is rendered as a bullet point.

Favourites

Logged-in customers can save products to their favourites by clicking the heart icon on any product card. Favourites are stored in user meta (boxcart_favourites) as a serialised array of product IDs.

Key features of the favourites system:

Toggle on/off — Clicking the heart icon adds or removes a product from favourites via the boxcart_toggle_favourite AJAX endpoint.
Filter by favourites — Customers can filter the products page to show only their favourited products, making it easy to find frequently ordered items.
Retrieve favourites — The boxcart_get_favourites AJAX endpoint returns the customer's full list of favourite product IDs.

Favourites are only available to logged-in customers. The heart icon is not displayed for guest visitors.

Tip

Encourage customers to create accounts by highlighting the favourites feature. Combined with quick reorder, it creates a fast, personalised shopping experience for repeat customers.