Abusive content on a store built with WooCommerce

WooCommerce is a free, open-source software product available for anyone to download and use with a self-hosted WordPress site. This document explains how to report a WooCommerce-powered store that contains abusive or malicious content, and what actions WooCommerce can take depending on where the site is hosted.

While WooCommerce powers many legitimate stores, its open-source and distributed nature means some stores may use the platform for purposes that are malicious or that do not align with our values. Our options for addressing these situations are limited. WooCommerce is similar to software such as Microsoft Word: people download it and use it independently, and the software maker cannot restrict usage based on content.

Actions WooCommerce can take

↑ Back to top

Before opening a report, note that our ability to take action depends on where the site is hosted.

Sites hosted on Automattic servers

↑ Back to top

If the site is hosted on Automattic servers, we can review the report and take the necessary measures. These sites are often WordPress.com members, recognizable by the Powered by WordPress.com message displayed in the footer of their page.

To report these sites, go to the WordPress.com content report page. This form only accepts WordPress.com sites and is a straightforward way to confirm whether or not we host the site.

Self-hosted sites

↑ Back to top

If the site is self-hosted, WooCommerce.com does not have access to the store in question. These sites typically download the WooCommerce plugin and upload it to a third-party hosting environment. This means we do not have the capability to remove malicious content or take the store offline.

Upon receiving abuse reports for self-hosted sites, we may take one or both of the following actions:

  • Cancel or disconnect their WooCommerce.com accounts. This means the store cannot receive support or automated updates for extensions purchased from WooCommerce.com. These paid subscriptions are subject to our Terms of Service.
  • Refuse support. If a store does not comply with our Terms of Service, we will not assist them in any way. This includes, but is not limited to, questions about accounts, pre-sales, or technical issues.

If you find a site with abusive content, you can open a support request to report an abusive WooCommerce store. We will evaluate the content and take appropriate action.

Additional reporting options

↑ Back to top

You can also report abusive sites by contacting the site’s hosting company, domain registrar, shipping provider, or payment gateway directly.

Contact the hosting or domain company

↑ Back to top

WooCommerce software requires a hosting company to operate. These companies have their own terms and conditions that the site may violate. You can report the content to them directly.

Use the following resources to identify the hosting provider and domain registrar:

  • Hosting company: The company that stores the site’s data on its servers. To find the hosting provider, go to WhoIsHostingThis? and enter the site address.
WhoIsHostingThis? lookup tool showing hosting provider results for a site address
  • Domain registrar: The company where the URL (site address) is registered. To find the domain registrar, go to Whois.com and enter the site address. The results sometimes include an email address for reporting abuse.
Whois.com lookup results showing domain registrar information

If the lookup results show that Automattic is the host, report the site using the WordPress.com content reporting page.

Contact the payment or shipping provider

↑ Back to top

Most WooCommerce stores connect with a payment or shipping provider. These providers have regulations on which products can be sold using their tools, and abusive content is typically not permitted. You can identify the payment or shipping provider and report the site to them.

  • Check the checkout page: In many cases, the site’s checkout page displays the payment or shipping provider information. For example, the checkout page might mention Stripe or PayPal as payment options, or USPS and Canada Post as shipping options.
  • Inspect the page source: If you are familiar with browser developer tools, inspecting the checkout page can reveal which software handles payments and shipping, even if it is not explicitly mentioned on the page.

Use of your personal data
We and our partners process your personal data (such as browsing data, IP Addresses, cookie information, and other unique identifiers) based on your consent and/or our legitimate interest to optimize our website, marketing activities, and your user experience.