Shop as Customer

Switch to any customer account to place orders on their behalf, troubleshoot checkout issues, or test the shopping experience. Every session is logged with timestamps and duration.

Installation

  1. Download the plugin ZIP from your Addnetic account.
  2. In WordPress, go to Plugins → Add New → Upload Plugin.
  3. Select the ZIP file and click Install Now.
  4. Click Activate Plugin.

After activation, a Shop As Customer button appears in the WordPress admin bar.

Requirements

RequirementMinimum version
WordPress6.2
WooCommerce8.2 (must be active)
PHP8.1

Compatibility

  • HPOS (High-Performance Order Storage) — fully compatible, declared via FeaturesUtil
  • Multisite — each site has its own logs table

Languages

The admin interface is translated into:

  • English
  • Italian
  • French
  • Spanish
  • German

Additional translations can be added via standard WordPress .po/.mo files using the text domain woo-shop-as-customer.

Getting started

  1. Click Shop As Customer in the WordPress admin bar (top right).
  2. A search modal opens — type at least 2 characters to search by name or email.
  3. Click Switch next to the customer you want to impersonate.
  4. You're now browsing the store as that customer.
  5. A persistent notification bar reminds you who you're browsing as — click Back to Admin when done.

Switching to a customer

Search

The search modal lets you find any customer by name, email, or username. Results show:

  • Display name
  • Email address
  • Role
  • Total order count
  • Avatar

Search results exclude administrators and shop managers — you can only switch to non-admin users.

What you can do while impersonating

While browsing as a customer, you see exactly what they see:

  • Their cart and saved items
  • Their prices (including role-based pricing if applicable)
  • Their shipping options and rates
  • Their payment methods at checkout

You can also place orders on their behalf. Orders created while impersonating are attributed to the customer.

Switching back

Click Back to Admin in the persistent notification bar at the bottom of the page. You're immediately returned to your admin account. The session end time is logged automatically.

Persistent bar

While impersonating a customer, a fixed notification bar appears at the bottom of every page (both frontend and admin). It shows:

  • The customer's display name
  • Their role
  • A Back to Admin button

The bar ensures you always know you're in an impersonation session. The body receives a wsac-impersonating CSS class so themes can adjust styling if needed.

Session logging

Every impersonation session is logged in a dedicated database table. Each log entry records:

  • Administrator — who initiated the switch
  • Customer — which customer was impersonated
  • Start time — when the session started
  • End time — when the admin switched back (or "Active" if the session is still ongoing)
  • Duration — how long the session lasted

Viewing logs

Go to WooCommerce → Customer Switch Logs to see all sessions. The log table is paginated and shows the most recent sessions first.

Automatic cleanup

When the plugin is deactivated, all active (open) sessions are automatically closed with the current timestamp.

Security

Admin-only access

Only users with the manage_woocommerce capability can use the impersonation feature. By default, this includes administrators and shop managers.

Cannot impersonate admins

The plugin explicitly prevents impersonation of users with the manage_options capability (administrators). This is a hard security constraint that cannot be overridden.

Cannot impersonate self

Switching to your own account is blocked.

Rate limiting

The search and switch AJAX endpoints are rate-limited to 30 requests per minute per admin user. This prevents abuse and protects against automated attacks. When the limit is exceeded, the plugin returns a 429 error.

Nonce verification

All AJAX requests (search and switch) require a valid WordPress nonce. The switch-back URL is also nonce-protected.

For developers

Hooks

The plugin fires custom action hooks during switching:

HookTypeParametersDescription
wsac_switched_to_customerAction$customer_id, $original_user_idFired after switching to a customer
wsac_switched_back_to_adminAction$original_user_id, $customer_idFired after switching back to admin

CSS class

The wsac-impersonating class is added to the <body> element (both frontend and admin) when a session is active. Use this to conditionally style your theme or hide sensitive UI elements during impersonation.

Extending access

By default, only users with manage_woocommerce can switch. The capability check is centralized in WSAC_Capabilities::can_switch_users(). To allow additional roles, grant them the manage_woocommerce capability via standard WordPress methods.

Data storage

Sessions are stored in the wp_wsac_logs table with columns:

  • id — auto-increment primary key
  • admin_id — the admin who initiated the session
  • customer_id — the customer who was impersonated
  • timestamp_start — session start time
  • timestamp_end — session end time (NULL if still active)
  • duration — session duration in seconds (NULL if still active)

Deactivating the plugin keeps all log data. The table is only created on activation — it is not removed on deactivation or deletion.