MegaSend for WooCommerce

MegaSend for WooCommerce lets you recover abandoned carts and send automated order notifications through WhatsApp. Connect your MegaSend account, configure your WhatsApp message templates, and start engaging your customers on their preferred messaging platform.

Key Features:

• Cart Abandonment Recovery — Automatically detect abandoned carts and send WhatsApp recovery messages with a direct link to restore the cart.
• Follow-up Sequences — Configure multi-step follow-up messages if the initial recovery message does not result in a completed order.
• Order Notifications — Send WhatsApp messages for order created, payment complete, order fulfilled, order cancelled, and order refunded events.
• Template Mapping — Map your approved WhatsApp Business message templates to WooCommerce events with a visual variable mapping interface.
• WhatsApp Preview — See a real-time preview of your WhatsApp message as you configure the template mapping.
• Easy Onboarding — A guided 3-step setup wizard gets you up and running quickly.
• GDPR Consent — Optional consent checkbox on the checkout page before tracking cart data.
• Dashboard Analytics — Track abandoned carts, recovery rates, revenue recovered, and message delivery status.
• Message Log — Full log of all sent messages with status, recipient, template, and error details.

Requirements:

• A MegaSend account with an active WhatsApp Business API instance.
• Approved WhatsApp message templates configured in your MegaSend dashboard.
• WooCommerce 8.0 or later.

External Services

This plugin connects to the MegaSend WhatsApp Business API to send automated WhatsApp messages on behalf of your store.

Service: MegaSend — WhatsApp Business API platform
Service Provider: Weblix Ltd

Data transmitted to MegaSend:

• Your MegaSend API token (for authentication).
• Customer phone numbers (to deliver WhatsApp messages).
• Template name and language (to identify which approved template to send).
• Template variable values (customer name, order number, cart total, etc.) to populate the template.

When data is transmitted:

• When validating your API token during setup.
• When fetching your approved WhatsApp message templates.
• When sending a WhatsApp message for an abandoned cart or order event.

Terms of Service: https://megasend.io/terms
Privacy Policy: https://megasend.io/privacy

1. Upload the megasend-for-woocommerce folder to the /wp-content/plugins/ directory.
2. Activate the plugin through the ‘Plugins’ menu in WordPress.
3. Go to WooCommerce > MegaSend and follow the setup wizard.
4. Enter your MegaSend API token and select your WhatsApp instance.
5. Configure your abandoned cart template and optional order event templates.

Do I need a MegaSend account?

Yes. This plugin requires a MegaSend account with an active WhatsApp Business API instance. You can sign up at megasend.io.

What WhatsApp templates can I use?

You can use any approved WhatsApp Business message template from your MegaSend account. Templates must be approved by Meta before they can be sent.

How does cart tracking work?

The plugin tracks checkout form data (email, phone, name) via JavaScript as customers fill in the checkout form. This works with both the classic WooCommerce checkout and the block-based checkout.

Is the plugin GDPR compliant?

The plugin includes an optional GDPR consent checkbox that can be enabled in the Abandonment Settings. When enabled, cart data is only tracked after the customer explicitly consents.

Can I customize when the abandoned cart message is sent?

Yes. You can configure the abandonment threshold (in minutes) and set up multi-step follow-up sequences with custom delays.

How much does it cost?

The plugin itself is free. You need a MegaSend account with WhatsApp Business API access to send messages. Visit megasend.io for pricing details.

1.0.17

• Fix: Returning-customer detection for audience-targeted follow-ups now works when a customer’s order phone was saved in national format (e.g. 0546162881) while their tracked cart stored the international form (+972546162881). The 1.0.16 matching change compared only the international form, which could mis-classify a genuinely returning customer as new (and skew lifetime-value targeting) in markets where checkout phones are entered nationally. Order phones are now matched against both the international and national forms by exact equality — still with no risk of matching a different customer who merely shares trailing digits.

1.0.16

• Security/Privacy fix: Resolved a cross-customer data exposure where a recovery link could open the checkout pre-filled with a different shopper’s phone number. On stores behind a full-page/edge cache (e.g. Cloudflare “Cache Everything”), the tracking session ID was previously baked into the cached checkout HTML and shared between visitors, causing two shoppers to write to the same tracked-cart row.
• Fix: The tracking session ID is now established per browser on the client side (at the same cookie path/domain the server uses), so a cached page can never make two customers share an identity. Incoming session IDs are format-validated server-side.
• Fix: The checkout page and the cart-recovery flow now emit explicit no-cache directives (DONOTCACHEPAGE + Cache-Control: no-store, private) so per-customer billing data is never stored by a page or edge cache.
• Security: Recovery links now carry a signed 7-day expiry and can no longer be replayed indefinitely. Links already delivered before this update continue to work. Expired links restore your saved items but no longer pre-fill personal details.
• Fix: Tightened recovery matching — order-to-cart and sibling-cart matching now compare the full phone number for equality instead of a trailing-digit “contains” match, so a different customer who merely shares the last digits of a phone number can no longer be matched. Audience targeting stats use the same exact match.
• Improved: The cart-recovery experience no longer dead-ends on a blank checkout. Customers now see a friendly message when a link has expired, when saved items have sold out, when only some items could be restored, and a reassuring confirmation on success — never exposing any personal data.
• Hardening: The recovery handler guards against uninitialised WooCommerce session/cart/customer objects; the unload-time tracking beacon reports the real GDPR consent state; and all admin-screen strings now use the correct text domain so translations load.

1.0.15

• New: Per-step audience targeting for follow-up sequences. Each follow-up can now be sent only to carts matching specific conditions:
• New: Cart total range — set a minimum and/or maximum cart value per step.
• New: Customer type — target only new customers (no prior paid orders) or returning customers (1+ prior paid orders), matched by phone number.
• New: Customer lifetime value range — target VIP customers above a threshold or first-timers below it.
• New: Minimum item count — only send to carts with N or more items.
• Improved: All audience matching is by phone number (E.164) — works equally for guest checkouts and registered customers, fully aligned with the WhatsApp-first model.
• Improved: HPOS-native — phone matching uses the WooCommerce custom orders table directly when HPOS is enabled, classic postmeta when not.
• DB: Schema upgrade adds a conditions column to the follow-up steps table. Existing steps continue to work unchanged (legacy min_cart_value is read transparently).

1.0.14

• Fix: Customers no longer receive abandoned cart messages after successfully placing an order. When a customer retried checkout across multiple sessions, sibling cart rows for the same email/phone were left in active state and could trigger a stale abandonment message minutes after the order completed.
• Fix: Recovery_Tracker now sweeps both active and abandoned sibling carts when an order is paid — active siblings transition to completed, abandoned siblings to recovered.
• Fix: Detector now performs a defense-in-depth check before sending the initial abandonment message: if the customer has placed a paid order since the cart’s last activity, the cart is marked recovered and the message is suppressed.

1.0.13

• Fix: “Order Cancelled” message is now suppressed if the customer already has a successful (paid) order — prevents confusing notifications when a failed order is auto-cancelled after the customer already retried and paid
• UX: Redesigned the Template Mappings event cards for maximum clarity — each card now shows a lifecycle timeline (Checkout → Placed → Paid → Shipped → Done), a color-coded payment status pill, a plain-language example scenario, and a “Best for” recommendation line
• UX: Payment status pills (“Not paid yet” / “Payment confirmed” / “Paid & shipped”) make it visually impossible to confuse Order Placed with Payment Received
• UX: Left accent stripe on each card is colored by payment stage (amber for unpaid, green for paid, blue for shipped) for at-a-glance scanning

1.0.12

• UX: Renamed Template Mapping event labels for clarity: “Order Created” → “Order Placed (Awaiting Payment)” and “Payment Complete” → “Payment Received”
• UX: Added status badges (UNPAID / PAID / SHIPPED) on event cards so admins can see at a glance which payment stage each event fires at
• UX: Inline warning on “Order Placed” when active — explains that message fires BEFORE payment is confirmed, so abandoned payments still receive it
• UX: Page-level intro explains the WooCommerce event lifecycle and recommends “Payment Received” for most stores
• UX: Conflict warning when both “Order Placed” and “Payment Received” are active — prevents accidental double-messaging
• UX: Expanded descriptions on each event card with clearer wording and use-case guidance

1.0.11

• Fix: Duplicate order event messages — dedup now re-fetches the order to bypass stale in-memory meta caches when multiple WooCommerce hooks fire in the same request
• Fix: Atomic dedup using direct DB insert (HPOS + classic compatible) prevents the read-then-write race between woocommerce_payment_complete and woocommerce_order_status_processing
• Added: Second-layer dedup in the Action Scheduler callback queries message_log by order_id + event_type
• Added: order_id column on megasend_message_log with composite index (order_id, event_type) for fast dedup lookups
• DB: Schema upgrade runs automatically on plugin update (dbDelta adds new column and index)

1.0.10

• Fix: Revenue Recovered dashboard card now uses locale-aware currency formatting with thousand separators
• Fix: Cart total values are clamped to a sensible maximum (9,999,999.99) to prevent corrupt WooCommerce session data from poisoning analytics
• Fix: Dashboard SUM queries ignore absurd cart_total values so existing bad rows don’t break the display
• Improved: Stats card value now wraps gracefully on long numbers instead of overflowing

1.0.9

• Fix: Cart recovery links now correctly restore cart items — session is explicitly persisted before redirect
• Fix: Validate product availability during recovery — skip out-of-stock or deleted items gracefully
• Improved: Recovery handler moved from template_redirect to wp_loaded for proper WooCommerce session timing

1.0.8

• Fix: Cart tracking now returns actual DB error when insert fails instead of silent success
• Improved: Better error diagnostics for cart tracking issues

1.0.7

• New: UTM tracking parameters for cart recovery URLs — configure utm_source, utm_medium, utm_campaign, utm_term, and utm_content in the Abandonment Settings.
• New: Dynamic placeholders ({cart_id}, {session_id}) supported in UTM values.
• New: Smart defaults for new installs (megasend/whatsapp/cart_recovery).

1.0.6

• New: Payment abandonment detection — customers who place an order but never complete payment (PayPal redirect, bank transfer, etc.) now receive abandonment messages after the threshold period.
• Fix: Orders with “pending” status no longer prematurely mark tracked carts as completed. Cart status is only finalized when payment is confirmed.
• Fix: Cancelled and failed orders now re-enable the linked cart for abandonment detection.
• New: Order status transition hooks (processing, completed, on-hold, cancelled, failed) for smarter cart lifecycle management.

1.0.5

• Fix: Corrected wc-ajax URL generation for cart tracking on all hosting environments.

1.0.4

• Fix: Cart tracking now uses WooCommerce wc-ajax endpoint instead of admin-ajax.php, resolving silent tracking failures caused by caching plugins (WP Rocket, LiteSpeed Cache, Cloudflare, etc.) serving stale nonces.
• Fix: GDPR consent is now properly enforced on page unload beacon tracking.
• Fix: AJAX retries only fire on actual network failures, not on HTTP error responses.
• New: Debug logging for abandonment detection pipeline when WP_DEBUG_LOG is enabled.

1.0.3

• Fix: Checkout tracking script now loads reliably on all themes, including WoodMart, Flatsome, and Elementor-based checkouts that override WooCommerce templates.

1.0.2

• New: Marketing Consent Settings — optionally restrict abandonment messages to customers who opted into SMS/WhatsApp marketing via the checkout consent checkbox.
• New: GDPR consent status now stored in database for compliance auditing.
• New: Admin warning when Marketing Consent is enabled without GDPR checkbox.

1.0.1

• Fix: Cart recovery now displays phone number in local format instead of E.164 (e.g., “054-616-2881” instead of “+972546162881”).
• Fix: Cart recovery now restores all checkout fields (country, city, address, postcode).
• Fix: Order event dispatcher now correctly skips draft orders created by Block Checkout.
• Fix: Added fallback payment hook for gateways that bypass payment_complete().
• Fix: Optimized event deduplication to avoid redundant database lookups.

1.0.0

• Initial release.
• Cart abandonment detection with configurable threshold.
• Follow-up message sequences.
• Order event notifications (created, paid, fulfilled, cancelled, refunded).
• Template mapping with visual variable mapping and WhatsApp preview.
• 3-step onboarding wizard.
• Dashboard analytics and message log.
• GDPR consent checkbox support.
• WooCommerce HPOS and Block Checkout compatibility.