WooCommerce Blueprints is a new feature introduced in WooCommerce 9.9 to help you streamline the setup, management, and testing of your store configurations. Whether you’re launching multiple stores, collaborating with a team, or validating a new extension, Blueprints allow you to import and export your store’s settings, plugins, and themes with just a few clicks. With Blueprints, you can:
- Save time by reusing preconfigured store setups.
- Ensure consistency across teams and environments.
- Test new features or configurations safely and efficiently.
What Are Blueprints?
↑ Back to topA Blueprint is a portable configuration file that captures your WooCommerce store’s setup. It can include your WooCommerce settings, active plugins, and theme. This makes it easy to recreate a store environment, share configurations with teammates, or rapidly spin up new stores using your preferred setup.
Blueprints use the WordPress Playground blueprint format, making them portable and compatible with a wide range of WordPress tooling.
Enabling the Blueprints Feature
↑ Back to topTo enable Blueprints in your store:
- Go to WooCommerce > Settings > Advanced > Features.
- Scroll down to the Blueprint option.
- Check the box to Enable Blueprints.
- Click Save changes.
Once enabled, a new Blueprints option will appear under WooCommerce > Settings > Advanced > Blueprints
Exporting a Blueprint
↑ Back to topExporting a blueprint allows you to save your current store configuration into a .json file that can be reused and imported into another WooCommerce site. To export your WooCommerce store Blueprint, follow the steps below:
- Navigate to WooCommerce > Settings > Advanced > Blueprints.
- Scroll down to the Export section.
- Choose what to include in the export.
- After selecting your preferences, click the Export to generate and download the Blueprint file.
WooCommerce Settings
↑ Back to topYou can select which WooCommerce settings to export from the following options:
- General
- Products
- Tax
- Shipping
- Payments
- Accounts & Privacy
- Integrations
- Site Visibility
- Advanced
The Blueprint export process relies on the WooCommerce Settings API, so only settings registered through this API are included. Custom database tables, such as those used for Approved Download Directories or REST API keys created by legacy code, are not included.
Additionally, payment account configurations are not exported or imported, meaning users will need to connect/configure their payment accounts manually after import.
Plugins and Extensions
↑ Back to topSelect which plugins and extensions you want to include in the Blueprint export.
Themes
↑ Back to topSelect which themes you want to include in the Blueprint export.
Currently, we only support plugins and themes available on WordPress.org.
Importing a Blueprint
↑ Back to topImporting a Blueprint file allows you to apply a previously saved store configuration to a new or existing WooCommerce site.
- Go to WooCommerce > Settings > Advanced > Blueprints.
- Scroll down to the Import section.
- Upload a blueprint file.
- Click on the Import button.
Import is restricted to the Coming Soon mode
Blueprint imports are only allowed when the store is in Coming Soon mode to reduce the risk of accidental or unauthorized imports on production sites. This acts as a safeguard to prevent destructive configuration changes on live environments.
If you’re developing locally or need to override this restriction (e.g., for staging/testing purposes), you can allow imports in live mode by defining a constant in your wp-config.php file:
define( 'ALLOW_BLUEPRINT_IMPORT_IN_LIVE_MODE', true );
Benefits
↑ Back to top- You can quickly apply a starter configuration across all new stores, using a shared theme and plugin set.
- Ensure consistency by syncing store settings and plugin configurations across the development or staging environment.
- Test your WooCommerce extensions in different environments and store configurations using a collection of blueprint files.
- Easily replicate your store’s configuration when launching in a new market or testing a new feature/extension.
Security
↑ Back to topTo ensure Blueprints are safe and reliable, we conducted a thorough security audit and implemented several protections across both the feature and its underlying infrastructure:
- Strict schema validation: All Blueprint files are validated against a strict JSON schema before being applied. We’ve tightened the schema to reject unexpected fields and enforce stricter typing where possible.
- Permission checks are performed for every step: Only authorized users can import or export Blueprints. All REST API endpoints and background processes include permission checks to prevent unauthorized access.
- Option restrictions: To mitigate risk, Blueprint imports enforce a blacklist that blocks updates to sensitive or high-risk WordPress options, such as:
- Site URLs (siteurl, home)
- User management and system–related settings
This allows most site configurations to be portable while protecting critical options from being unintentionally or maliciously overwritten.
- Enhanced SQL execution safety: Blueprints support applying SQL changes as part of the import process. To ensure safety, only specific query types are allowed (INSERT, UPDATE, and REPLACE INTO), and each query is carefully validated before execution. Safeguards include:
- Blocks unrecognized or unsafe SQL commands
- Detects SQL injection patterns
- Prevents writes to protected tables
These protections apply when executing imports, reducing the risk of unsafe or unexpected database changes.
- Audit logging: Blueprint import and export operations are logged for traceability. You can view logs under WooCommerce > Status > Logs. Look for logs with the source
wc-blueprint.
⚠️ Security Best Practices: Even with safeguards in place, we recommend reviewing Blueprint files before importing, especially if they come from a third party. Ensure the content looks as expected and avoid applying changes you don’t fully trust.