Summary and recommendation
WooCommerce user management can be run manually, but complexity usually increases with role models, licensing gates, and offboarding dependencies. This guide gives the exact mechanics and where automation has the biggest impact.
WooCommerce user management runs entirely through the WordPress Admin Dashboard (Users → All Users).
The permission model is role-based: every app interaction is gated by capabilities attached to a role, and WooCommerce adds its own store-specific roles-Shop Manager and Customer-on top of the standard WordPress set.
Custom roles are not available in core;
they require a third-party plugin such as User Role Editor or custom code.
Quick facts
| Admin console path | WordPress Admin Dashboard → Users |
| Admin console URL | Official docs |
| SCIM available | No |
| SCIM tier required | Free + Plugins |
| SSO prerequisite | Yes |
User types and roles
| Role | Permissions | Cannot do | Plan required | Seat cost | Watch out for |
|---|---|---|---|---|---|
| Administrator | Full access to all WordPress and WooCommerce settings, including store configuration, plugin management, user management, orders, products, reports, and coupons. | No functional restrictions within the WordPress/WooCommerce installation. | Free (core plugin) | No per-seat cost; role is part of WordPress core. | Administrators can manage other Administrators only if they are the site owner (on WordPress.com-hosted sites, Super Admin is required). On self-hosted WordPress, any Administrator can manage all users. |
| Shop Manager | Manage WooCommerce orders, products, coupons, reports, and customers. Can edit users with roles below Shop Manager. Access to WooCommerce settings but not WordPress core settings (plugins, themes, site options). | Cannot install or manage plugins/themes, cannot access WordPress core settings, cannot manage Administrator-level users. | Free (core plugin) | No per-seat cost. | Shop Manager has the 'edit_users' capability scoped to non-Administrator roles. Granting this role to untrusted users carries risk as they can modify customer data and order records. |
| Customer | Can log in, view and edit their own account details (My Account), view their own order history, manage saved addresses, and change their password. | Cannot access the WordPress admin dashboard or any store management screens. | Free (core plugin) | No per-seat cost. | Customer accounts are created automatically on checkout if account creation is enabled, or manually by an Administrator/Shop Manager. |
| Subscriber | WordPress core role. Can log in and manage their own profile. WooCommerce does not assign additional capabilities to this role by default. | Cannot access WooCommerce My Account order history unless explicitly granted WooCommerce customer capabilities. | Free (core plugin) | No per-seat cost. | Subscriber role is a WordPress default and is not the same as the WooCommerce Customer role. Assigning Subscriber instead of Customer will prevent users from accessing order history. |
Permission model
- Model type: role-based
- Description: WooCommerce extends the WordPress core role-based capability system. Each user is assigned one role; roles map to a set of capabilities (e.g., 'manage_woocommerce', 'edit_shop_orders'). Capabilities are checked at runtime to gate access to features. WooCommerce adds its own capabilities on top of WordPress defaults.
- Custom roles: Yes
- Custom roles plan: Custom roles require a third-party plugin (e.g., User Role Editor, Members) or custom code; not available natively in WooCommerce core. No specific paid WooCommerce plan required-depends on chosen plugin.
- Granularity: Capability-level granularity is available via code or third-party role-editor plugins. Out of the box, WooCommerce ships with two store-specific roles (Shop Manager, Customer) plus inherits WordPress roles (Administrator, Editor, Author, Contributor, Subscriber).
How to add users
- Log in to WordPress Admin Dashboard.
- Navigate to Users → Add New.
- Enter the required fields: username, email address.
- Set a password (auto-generated or manual entry).
- Select the appropriate role from the Role dropdown (e.g., Customer, Shop Manager, Administrator).
- Click 'Add New User' to save.
- Optionally check 'Send the new user an email about their account' to notify them.
Required fields: Username, Email address
Watch out for:
- Username cannot be changed after account creation in WordPress core.
- If 'Allow customers to create an account on the My Account page' is enabled in WooCommerce → Settings → Accounts & Privacy, customers can self-register; this creates a Customer-role account automatically.
- Bulk user creation natively is not supported; requires a third-party plugin or the paid Customer/Order CSV Import Suite extension.
- Email notifications to new users depend on WordPress email delivery being correctly configured (SMTP plugin often required on self-hosted installs).
| Bulk option | Availability | Notes |
|---|---|---|
| CSV import | Yes | Requires the paid 'Customer/Order CSV Import Suite' extension (woocommerce.com) or a third-party plugin. No native CSV import in WooCommerce core. Extension path: WooCommerce → CSV Import Suite (after installation). |
| Domain whitelisting | No | Automatic domain-based user add |
| IdP provisioning | No | Not documented |
How to remove or deactivate users
- Can delete users: Yes
- Delete/deactivate behavior: WordPress (and WooCommerce) supports permanent user deletion via Users → All Users → Delete. There is no native 'deactivate' or 'suspend' state in WordPress core or WooCommerce core. Deletion is permanent. When deleting a user, WordPress prompts the administrator to either delete all content attributed to that user or reassign it to another user.
- WooCommerce core does not provide a native deactivate/suspend function.
- To effectively block access without deleting: navigate to Users → All Users, click the user, change their role to a role with no meaningful permissions, or use a third-party plugin (e.g., 'Disable Users' or similar) to block login.
- Some security plugins (e.g., Wordfence) provide user blocking functionality as an alternative to deletion.
| Data impact | Behavior |
|---|---|
| Owned records | When deleting a user, WordPress prompts: 'Delete all content' (permanently removes posts/pages attributed to that user) or 'Attribute all content to [another user]'. WooCommerce orders are stored as custom post types; the same reassignment prompt applies. |
| Shared content | Orders, reviews, and other WooCommerce records linked to the deleted user's ID may lose their user association if not reassigned at deletion time. |
| Integrations | Any API keys or webhook configurations associated with the user account are not automatically revoked on user deletion; these must be manually reviewed under WooCommerce → Settings → Advanced → REST API. |
| License freed | WooCommerce has no per-seat licensing model; deleting a user does not free a paid seat. |
Watch out for:
- There is no recycle bin or undo for user deletion in WordPress core; deletion is immediate and permanent.
- Customer order history is stored against the order record (with billing email), not solely against the user account, so order data may persist in the database even after user deletion depending on reassignment choice.
- Administrators cannot delete their own account from the Users screen; another Administrator must perform the deletion.
- On WordPress Multisite, user deletion from a single site only removes the user from that site; the network-level account remains unless deleted by a Super Admin.
License and seat management
| Seat type | Includes | Cost |
|---|---|---|
| WordPress/WooCommerce User Account | All user roles (Administrator, Shop Manager, Customer, etc.). No per-seat cost in WooCommerce core. | $0 per seat (core plugin is free; no seat-based pricing) |
| WooCommerce.com Extension License | Paid extensions (e.g., Subscriptions, Memberships, CSV Import Suite) are licensed per site, not per user/seat. Annual renewal required for updates and support. | Varies by extension; e.g., WooCommerce Subscriptions $279/year per site, WooCommerce Memberships $199/year per site. |
- Where to check usage: WordPress Admin → Users → All Users. Filter by role using the role links at the top of the Users table (e.g., 'Administrator', 'Shop Manager', 'Customer'). Total user count per role is displayed.
- How to identify unused seats: No native 'last login' tracking in WordPress core or WooCommerce core. Identifying inactive users requires a third-party plugin (e.g., 'WP Last Login', 'Inactive Logout') that logs last login timestamps.
- Billing notes: WooCommerce core has no seat-based billing. Extension licenses are per-site annual subscriptions purchased from WooCommerce.com. Hosting costs are separate and determined by the hosting provider. There is no WooCommerce-managed billing console for user seats.
The cost of manual management
WooCommerce core carries no per-seat cost, so adding or removing users does not affect billing. Extension licenses are per-site annual subscriptions-for example, WooCommerce Subscriptions runs $279/year per site and Memberships $199/year per site. Hosting costs are separate and set entirely by the hosting provider;
there is no WooCommerce-managed billing console for user seats.
What IT admins are saying
Community evidence is not specific enough to quote or summarize yet for this app.
The decision
WooCommerce is the right fit when you need a self-hosted store with full database ownership and are comfortable assembling a plugin stack for gaps in core. It is a poor fit if your team needs enterprise identity features-SSO, IdP provisioning, or automated deprovisioning-without significant plugin investment.
Every app in your stack that requires clean offboarding will expose the same gap: no native suspend, no SCIM, and no last-login signal in core. Teams managing more than a handful of admin or Shop Manager accounts should establish a documented offboarding checklist early, since deletion is immediate and permanent with no undo.
Bottom line
WooCommerce gives you granular role-based access control and zero per-seat cost, but every app lifecycle task beyond basic add/remove requires you to close gaps with plugins or custom code.
The absence of native user deactivation, last-login tracking, and bulk import means that operational overhead scales with your user base in ways that are not obvious at initial setup.
Teams that treat user lifecycle management as a first-class concern should audit their plugin stack before go-live rather than after.
Automate WooCommerce workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
