Age Verification Manager

Age Verification Manager (AVM) adds a flexible, privacy‑aware age gate to WooCommerce stores. Instead of a one‑size‑fits‑all popup, AVM lets you decide where and when to challenge visitors (site entry, restricted product or taxonomy pages, add‑to‑cart, and checkout), how they can verify (self‑confirm or date of birth), and how long that verification should be remembered. It supports object‑level rules for products, categories/tags/brands, pages, and posts, along with a global policy version so you can force re‑verification after regulatory or policy changes.

Verification status can be stored in a signed cookie and, for logged‑in customers, mirrored in user meta to persist across sessions. AVM integrates with WordPress privacy tools, can operate in consent‑aware mode alongside a CMP, and includes logs and WP‑CLI utilities for auditing and compliance.

Age Verification Manager helps you comply with age‑restricted sales and content regulations by:

• Showing an age gate based on configurable triggers (entry, product/term views, specific pages/posts, add‑to‑cart, and checkout).
• Allowing verification via “Self confirm” or “Date of birth”.
• Enforcing a global minimum age or object‑level requirements.
• Remembering verification with a signed cookie and/or user meta (for logged‑in users).
• Respecting consent/cookie banner choices with “Consent Mode”.
• Logging verification events for auditing and troubleshooting.
• Providing role/IP bypass, “Forget me” options, and My Account integration.
• Offering WP‑CLI commands to export, purge and audit coverage.

---

---

Requirements

↑ Back to top

• PHP: 7.4+ (8.0+ recommended)
• WordPress: 6.1+
• WooCommerce: 7.0+
• WP‑CLI (optional, for CLI commands)
• Pretty permalinks recommended (needed for My Account endpoint)

---

Usage

↑ Back to top

Plugin settings overview

↑ Back to top

Location: WooCommerce → Settings → Products → Age Verification

• General
  • Enable age verification: on/off
  • Global minimum age: default minimum age enforced when required
  • Default method: self_confirm or dob
  • Mode: forced (header hint, strict) or soft (front‑end only)
  • Cookie TTL (days): how long verification is remembered
  • Policy version: increment to force everyone to re‑verify
• Triggers (where to require verification)
  • On entry (site‑wide non‑singular pages)
  • On restricted views (WooCommerce product pages, product categories/tags/brands)
  • On cart/checkout
  • On specific pages
  • On specific posts
• Methods
  • Self confirm
  • Date of birth (stores DOB/age in snapshot if used)
• Messages & flow
  • Failure message: supports placeholders {minimum_age}/{min_age}
  • Failure redirect URL: optional redirect after failed verification
  • Popup delay (seconds): delay opening the gate on page load
• Consent mode (privacy‑aware operation)
  • Enable consent mode
  • Consent provider (auto/other)
  • Consent category key (e.g. functional)
  • Behavior without consent:
    • non_persistent: operate without persistent cookies (session only)
    • block: block verification until functional consent granted
  • Consent prompt texts and fallback URL
• Bypass & roles
  • Bypass for logged‑in users
  • Restrict bypass by selected roles
  • Bypass by IP list (comma‑separated)
  • Shop manager capabilities:
    • Manage AVM settings
    • View AVM logs
• Appearance
  • Template: none, tailwind, tailwind_plus, tw_elements, flowbite
  • Colors, fonts, sizing, overlay style (color/image/blur)
  • Button colors and DOB input theme
• Developer & misc
  • Disable devtools (front‑end)
  • Translatable UI strings via standard WP translation

Notes

• Increment “Policy version” to invalidate stored verification and force re‑verification.
• Consent mode defers cookie setting until consent, or blocks verification entirely (when set to “block”).

Per product settings

↑ Back to top

• Product (WooCommerce → Products → Edit → General tab)
  • “Age Verification” checkbox (Require verification for this product)
• Terms (Products → Categories / Tags / Brands)
  • “Require Age Verification” checkbox on add/edit forms
• Pages/Posts
  • “Age Check” meta box with “Require age verification” checkbox (only visible when respective triggers are enabled)

Notes

• When the object (product/term/page/post) is marked “Require Age Verification”, the enforced minimum defaults to the global minimum age unless _avm_min_age is set.
• When site‑wide entry/cart/checkout triggers are enabled, global minimum age applies accordingly.

Logs

↑ Back to top

Location: Users → Age Verification Logs

• Features
  • Filter by status, context, date range or month (m=YYYYMM)
  • Search, pagination and per‑page (Screen Options)
  • Columns: Timestamp, User, Status, Source, Method, Min Age, Policy
  • Export CSV (respects current filters)
  • Delete filtered or all logs (with nonce + capability guard)
• Capabilities
  • View logs: view_avm_logs
  • Delete logs: manage_avm_settings
• Privacy
  • IPs are hashed in the database
  • WordPress privacy exporter/eraser supported:
    • Export: includes user meta snapshot and recent log rows
    • Eraser: clears user meta and anonymizes log user_id

---

Scenarios & Use cases

↑ Back to top

1) Age‑restricted products (single product)

↑ Back to top

Configure the gate only for selected products (e.g., alcohol, vaping, knives, supplements).

Steps

1. Go to WooCommerce → Settings → Products → Age Verification.
2. Under Triggers, enable:
   • On restricted views
   • On cart/checkout
3. Set Global minimum age (e.g., 18 or 21).
4. Edit the product → General tab → check “Age Verification”.
5. Choose Methods (Self confirm or Date of birth) and set a Failure message if needed.
6. Test:
   • Visit the product page → the modal should open.
   • Try adding to cart and proceeding to checkout without verifying → should be blocked with a notice.

2) Category‑level restrictions (e.g., “Wine”)

↑ Back to top

Require verification whenever a visitor lands on a product in certain categories or browses those taxonomy pages.

Steps

1. Triggers: enable On restricted views and On cart/checkout.
2. Products → Categories → Edit a category (e.g., “Wine”) → check “Require Age Verification”.
3. Repeat for Tags or Brands (if using a brands taxonomy) as needed.
4. Test by browsing the category archive and product pages in that category.

3) Site‑wide entry gate (content portals)

↑ Back to top

Show a gate when users first arrive on the site or browse non‑singular pages.

Steps

1. Triggers: enable On entry.
2. Choose Mode:
   • forced (adds an HTTP hint and enforces on the server)
   • soft (front‑end only)
3. Appearance: pick a template (Tailwind / Tailwind+ / TW Elements / Flowbite) and adjust colors, font, title size, and overlay.
4. Optional: set Popup delay (seconds) to gently show the modal after a short delay.
5. Methods: choose Self confirm and/or Date of birth. Set Failure message and optional redirect.

4) Specific pages and posts (editor teams or blog content)

↑ Back to top

Challenge readers only on selected pages or posts.

Steps

1. Triggers: enable On specific pages and/or On specific posts.
2. Edit the page/post:
   • Use the “Age Check” meta box to enable “Require age verification”.
   • Optional: add _avm_min_age to override the minimum for that object.
3. Test by visiting the enabled page/post.

Notes

• Page/post triggers are ignored if the global “Everywhere (entry)” gate is enabled; use one approach to avoid duplicate prompts.

5) Cart/checkout enforcement (legal compliance at purchase)

↑ Back to top

Ensure the shopper is verified before restricted items can be added to cart or purchased.

Steps

1. Triggers: enable On cart/checkout.
2. Mark restricted products (or their categories/tags/brands) as requiring verification (see scenarios 1–2).
3. Set Global minimum age.
4. Test:
   • Attempt to add restricted products to the cart without verifying → add‑to‑cart validation should block and open the modal.
   • At checkout, the plugin calculates the maximum required age across items and enforces it.

6) Force re‑verification after a policy change

↑ Back to top

Invalidate all existing verifications when laws or store policy change.

Steps

1. Increase the Policy version (e.g., from 1 to 2) in the settings.
2. Save. Existing cookies and user snapshots with an older policy_version will no longer be accepted.
3. Optionally add a banner informing customers that re‑verification is required.

---

Advanced

↑ Back to top

WP CLI

↑ Back to top

Alias: wp avm … (long form: wp age-verification-manager …)

• Export logs to CSV/JSON

# CSV export for January 2025
wp avm logs-export /tmp/avm-logs.csv --format=csv --from=2025-01-01 --to=2025-01-31

# JSON export of blocked events only
wp avm logs-export ./blocked.json --format=json --result=blocked

• Purge logs (supports dry run and filters)

# Show how many rows would be deleted
wp avm logs-purge --before=2025-01-01 --dry-run

# Purge blocked results, no prompt
wp avm logs-purge --result=blocked --yes

# Purge all logs (dangerous)
wp avm logs-purge --all --yes

• Scan products that require verification (coverage audit)

# All products with AVM flags
wp avm scan-products --format=table

# Filter by category/tag
wp avm scan-products --category=alcohol --tag=restricted --format=json

• Coverage report summary

wp avm report
wp avm report --category=alcohol --format=json

Hooks & Filters (with example snippets)

↑ Back to top

• avm_after_verify_pass / avm_after_verify_fail

add_action('avm_after_verify_pass', function(array $snapshot, WP_REST_Request $request){
    // e.g., tag session/user, grant capability, trigger analytics
    error_log('AVM success policy '.$snapshot['policy_version'].' via '.$snapshot['method']);
}, 10, 2);

• avm_should_enqueue

// Prevent front-end assets from enqueueing on specific contexts
add_filter('avm_should_enqueue', function($enqueue){
    if (is_page_template('landing-no-gate.php')) {
        return false;
    }
    return $enqueue;
});

• avm_cookie_payload

add_filter('avm_cookie_payload', function(array $payload, array $snapshot){
    // Attach extra metadata to the signed cookie (keep payload small)
    $payload['site'] = get_bloginfo('name');
    return $payload;
}, 10, 2);

• avm_is_context_restricted

add_filter('avm_is_context_restricted', function($restricted, $context, $type, $id, $min_age){
    // Whitelist a specific page ID from enforcement
    if ($type === 'page' && (int)$id === 123) {
        return false;
    }
    return $restricted;
}, 10, 5);

• avm_min_age_for_context

add_filter('avm_min_age_for_context', function($age, $type, $id){
    // Require at least 21yo for products in “wine” category
    if ($type === 'product' && has_term('wine', 'product_cat', $id)) {
        return max((int)$age, 21);
    }
    return (int)$age;
}, 10, 3);

• avm_is_verified_for_age

add_filter('avm_is_verified_for_age', function($verified, $min_age){
    // Custom override if user has been KYC-verified elsewhere
    if (!$verified && is_user_logged_in() && get_user_meta(get_current_user_id(), 'kyc_verified', true)) {
        return true;
    }
    return $verified;
}, 10, 2);

• avm_add_to_cart_validation_override / avm_checkout_process_override

add_filter('avm_add_to_cart_validation_override', function($override, $passed, $product_id){
    // Allow programmatic bypass for specific product in testing
    if (current_user_can('manage_options') && $product_id === 55) {
        return true; // force allow
    }
    return $override; // null to keep default behavior
}, 10, 6);

add_filter('avm_checkout_process_override', function($override, $max_required_age, $restricted_product_id){
    // Example: fail closed if age > 25
    if ($max_required_age > 25) {
        return false; // force block with notice
    }
    return $override; // null to keep default behavior
}, 10, 3);

• avm_rest_can_verify

add_filter('avm_rest_can_verify', function($allowed, WP_REST_Request $request){
    // Example: deny from certain IP ranges
    $ip = $_SERVER['REMOTE_ADDR'] ?? '';
    if ($ip && strpos($ip, '10.') === 0) {
        return false;
    }
    return $allowed;
}, 10, 2);

• avm_privacy_policy_guide_content

add_filter('avm_privacy_policy_guide_content', function($html, $ttl_days, $consent_mode_enabled, $behavior){
    return $html . '<p><em>Our retention policy: 90 days.</em></p>';
}, 10, 4);

---

FAQ

↑ Back to top

How do I force everyone to re‑verify?

Increase “Policy version” in the settings. Stored cookies and user snapshots with an older version will be considered invalid.

Why isn’t the modal showing?

• Check if the correct triggers are enabled.
• Ensure your user/role/IP is not bypassed.
• Confirm the object (product/term/page/post) is marked “Require Age Verification” or is covered by a site‑wide trigger.
• Make sure front‑end assets are enqueued (no theme/plugin disabling via avm_should_enqueue).
• If using the My Account endpoint for the first time, re‑save permalinks.

• Cookies are not being set
  • With Consent Mode enabled, persistent cookies are only set after functional consent. In “block” mode, verification is blocked until consent.

Where are settings and logs?

• Settings: WooCommerce → Settings → Products → Age Verification
• Logs: Users → Age Verification Logs

How do I allow customers to clear verification?

• Enable “Allow user clear” in settings. Use the shortcode:[avm_clear_verification] <!-- Optional content becomes the button label -->

Can I bypass for staff?

• Yes. Enable logged‑in bypass and select roles, or add office IPs.

Does the plugin send data to third parties?

• No. All data remains on your site/database.

Is DOB stored?

• If the “Date of birth” method is used, DOB and derived age are stored in the user snapshot and may appear in logs. Use privacy tools to export/erase.

How do I export or purge logs?

• Via the Logs UI (CSV export) or WP‑CLI:
  
  wp avm logs-export /path/file.csv --from=2025-01-01 wp avm logs-purge --before=2025-01-01 --yes

My Account “Age verification” menu item is missing

• It appears only for logged‑in users and when the “Allow user clear” option is enabled. Re‑save permalinks after first activation.