Restrict Product Purchase by Email

A lightweight WooCommerce plugin that allows you to limit access to specific products based on the customer's email address.

Will this cause failed orders in the store?

No! This plugin prevents restricted users from completing checkout by showing an error before the order is processed — it does not create a failed order. Instead, it halts the checkout with a clear message, ensuring only eligible customers can proceed.

Why this matters: Because no actual order is submitted, you won’t end up with cluttered “Failed” orders in your WooCommerce dashboard. This keeps your order list clean and saves you time from having to manually review or delete unnecessary records.

Does it work with Variations?

Yes! During checkout, the plugin checks both the parent product ID and the variation ID.

If either one has a restriction CSV file (product-123.csv or product-456.csv for a variation), the plugin will enforce it.

The first restriction it finds that doesn’t match the email will trigger a custom error message (if available) or the default one.

This means you can:

  • Restrict a whole variable product (using the parent product ID), or
  • Restrict just one specific variation (using the variation’s ID), or
  • Even do both (use separate email lists for parent and variation products).

How do I find a Product Variation ID?

To easily find a product variation ID in WooCommerce, follow these steps:

  • In the WordPress Admin Panel
  • Go to Products > All Products.
  • Find the variable product and click “Edit”.
  • Scroll down to the Product Data section.
  • Click on the “Variations” tab.
  • Expand a variation (click the triangle next to it).
  • You’ll see “Variation ID: ####” right above the variation settings.

I got a "Link Expired Error" what causes that?

A nonce (short for number used once) is a security token WordPress uses to verify that a form submission comes from a legitimate source. By default, WordPress nonces expire after 24 hours, but for certain operations (like uploads), the browser session or page refresh can also affect their validity. If a user leaves the page open too long and then submits a form (like uploading a CSV or updating a message), the old nonce is no longer valid, resulting in an error like:

“Link has expired”
or
“Invalid nonce”

TL;DR:

It happens because WordPress uses time-limited security tokens to protect forms, and if the page sits open too long, those tokens expire.

Refreshing the page regenerates a new valid nonce, so simply reloading fixes it.

Why does the Error Message only display after Checkout is submitted?

The “Restrict Product Purchase by Email” plugin uses the woocommerce_checkout_process action hook to validate whether a customer is allowed to purchase a restricted product.

When the Plugin Runs

The plugin checks the customer’s email only when the WooCommerce checkout form is submitted—that is, when the customer clicks the “Place Order” button. At this point:

  • WooCommerce begins validating all submitted checkout fields.
  • The plugin retrieves the submitted billing email.
  • It checks the email against the allowed list (CSV) for each product or variation in the cart.
  • If the email is not permitted for any product, the plugin adds an error using wc_add_notice().
  • This error stops the checkout process and displays a message at the top of the checkout form.

When It Doesn’t Run
The plugin does not run:

  • When products are added to the cart.
  • When the customer is simply viewing the cart or checkout page.
  • When the customer fills in the email field but does not submit the form.
  • This is because woocommerce_checkout_process is triggered only during form submission, not during form rendering or field updates.

TL;DR:
The email restriction check is performed only when the customer submits the checkout form, because it relies on WooCommerce’s checkout validation phase. Therefore, any restriction error will only appear after the customer clicks “Place Order.”