Abusive Content on a Store Built with WooCommerce

WooCommerce is a free, open-source product that is available for anyone to download and use with their self-hosted WordPress site.

While this means a lot of wonderful products are sold through our software, the open-source and distributed nature of WooCommerce means that there may also be stores using the platform for purposes that are malicious or that otherwise do not align with our values.

Our options for addressing these situations are limited. In effect, WooCommerce is similar to software such as Microsoft Word, in that people download it and use it independently, and it’s impossible for Microsoft to restrict that usage based on the contents of a document.

What Can Be Done?

↑ Back to top

Before opening a report with us, please note that our ability to take action will depend on where the site is hosted. 

If the site is hosted on Automattic servers we will be able to take a closer look we will review the report provided and take the necessary measures. These sites often are our WordPress.com members and are recognizable by the “Powered by WordPress.com” message in the footer of the page.

To report these kinds of sites, go to the WordPress.com Abuse Report page. This form only accepts WordPress.com sites and is an easy way to confirm whether or not we are hosting the site.

If the site is self-hosted, WooCommerce.com does not have access to the site in question. These sites typically download our plugin and upload to a third party hosting environment.

Please note: This means that we do not have the capability to remove the malicious content or remove the store from the site.

When receiving reports for self-hosted sites, we may:

  • Cancel or disconnect WooCommerce.com accounts. This means that the stores cannot get support nor (automated) updates for extensions purchased at WooCommerce.com. As these are paid subscriptions, they are subject to WordPress.com Terms of Service.
  • Refuse support. If a store does not comply with our Terms & Conditions, we will not assist in any way. This includes, but is not limited to, questions surrounding accounts, pre-sales, or technical questions. 

If you find such a website, you can open a support request with us and we will evaluate the abusive content and take appropriate action. 

What You Can Do

↑ Back to top

Additional reporting can be done through contacting the site’s hosting company, shipping provider, and payment gateway.

Contact the Hosting/Domain Company

↑ Back to top

Send a report to the hosting company and/or the domain registrar for the site. WooCommerce software needs to be used with a hosting company in order to work. These companies will also have terms and conditions in which the site may not comply with. You may wish to try reporting the content to them directly. 

  • Hosting company: The place that has the site’s data on their servers. To find the hosting provider, go to WhoisHostingthis.com and enter the site address.
  • Domain registrar: The company where the URL (site address) is registered. To find the domain registrar, go to WhoIs.com and enter the site address. Sometimes this also shows an email address for reporting abuse.

It is possible that Automattic may be the host of the site that is being reported. If so, please let us know using the WordPress.com Abuse form.

Contact the Payment or Shipping Provider

↑ Back to top

Most WooCommerce stores use a connection with a payment and/or shipping provider. These providers will have regulations on which products can be sold using their tools, and abusive content will likely not be permitted. 

  • You’re not a developer: In many cases, the checkout page will give information about those. For example, the checkout page might mention Stripe or PayPal as the payment options. Or they might list shipping via USPS or Canada Post.
  • You are a developer: Using dev tools to inspect the checkout page will likely tell you which software is used for the payments and shipping even if it’s not explicitly mentioned on the page.