WordPress.org
Get WordPress
WordPress.org

Plugin Directory

AvoPay Bitcoin for WooCommerce

AvoPay Bitcoin for WooCommerce

By avopaydev
Download

Description

AvoPay lets your WooCommerce store accept Bitcoin Lightning payments with zero chargebacks, no KYC, and no code changes required. Payments settle directly to your self-custodial AQUA wallet — no middleman, no custodian.

Features

  • Zero node setup — no Bitcoin or Lightning node required
  • Non-custodial — funds go directly to your AQUA wallet
  • Two payment options — Lightning invoice or direct Liquid Bitcoin (L-BTC) payment
  • Automatic sats conversion — any WooCommerce currency supported
  • No chargebacks — Bitcoin payments are irreversible by design
  • Built-in retry flow — up to 3 automatic retries per order
  • Full audit log — every payment event stored per order

How it works

  1. Customer selects Bitcoin Lightning at checkout
  2. AvoPay creates a non-custodial Boltz reverse swap routing the payment to your Liquid address
  3. Funds arrive in your AQUA wallet automatically — no manual steps required

Requirements

  • WooCommerce 8.0+
  • An AvoPay account — register at avopay.dev
  • AQUA wallet by JAN3 (free, iOS and Android — aqua.net)

Data and privacy

Order payment data (swap IDs, invoice hashes, claim keys) is stored in WooCommerce order meta and is preserved when the plugin is uninstalled, as it constitutes a financial audit trail. Plugin configuration data (API key, wallet fingerprint, logs table) is deleted automatically on uninstall. An optional “Delete AvoPay data on uninstall” setting is available in WooCommerce > Settings > Payments > AvoPay if you prefer full cleanup.

External services

This plugin connects to the following third-party services. By activating this plugin you acknowledge that data will be transmitted to these services as described below.

AvoPay API

The AvoPay API (api.avopay.dev) is the payment processing backbone. It handles fiat-to-sats conversion, Bitcoin address derivation, ephemeral keypair generation, and HTLC claim broadcasting.

What data is sent: the merchant’s API key (used as an identifier), the WooCommerce order ID, the order amount, and the store currency. No customer personal data (name, email, address) is ever transmitted to this service.
When it is sent: on every payment at checkout.

Privacy Policy · Terms of Service

Boltz Exchange

Boltz Exchange (api.boltz.exchange) is a non-custodial atomic swap provider. AvoPay uses it to create Lightning-to-Liquid Bitcoin reverse swaps so payments are routed to the merchant’s self-custodial AQUA wallet.

What data is sent: swap amount in satoshis, an ephemeral claim public key, a refund public key, and a generated swap ID. No customer personal data is transmitted.
When it is sent: at payment creation (swap setup) and during settlement (status polling and cooperative claim).

Privacy Policy · Terms of Service

Blockstream Esplora

Blockstream’s public Esplora API (blockstream.info/liquid) is used to detect incoming Liquid Bitcoin (L-BTC) transactions when a customer pays via the L-BTC Direct payment tab.

What data is sent: the merchant’s Liquid wallet address, to query whether an incoming transaction has been received. No customer personal data is transmitted.
When it is sent: periodically while the customer has the L-BTC Direct tab open at checkout.

Privacy Policy · Terms of Service

CoinGecko

CoinGecko (api.coingecko.com) provides live BTC exchange rates used to calculate the satoshi amount for each order.

What data is sent: the store currency code only (e.g. “EUR” or “USD”). No personal data is transmitted.
When it is sent: at payment creation.

Privacy Policy · Terms of Service

CoinCap

CoinCap (api.coincap.io) is used as a fallback BTC rate source if CoinGecko is unavailable.

What data is sent: no parameters; no personal data is transmitted.
When it is sent: only if CoinGecko is unreachable at payment creation.

Privacy Policy · Terms of Service

Credits

This plugin includes qrcodejs, a JavaScript QR code generator.
Original QR code algorithm by Kazuhiko Arase.
JavaScript port: https://github.com/davidshimjs/qrcodejs
Licensed under the MIT License.

Screenshots

  • WooCommerce checkout — Bitcoin Lightning appears as a payment option alongside standard methods
  • Order confirmation — Lightning invoice QR code displayed immediately after checkout
  • Payment page — scannable Lightning QR with countdown timer and L-BTC fallback tab
  • Setup step 1 — paste your AvoPay API key to connect your account
  • Setup step 2 — scan the QR code with your AQUA wallet to link your Bitcoin address
  • Setup step 3 — send a test payment to verify the full payment flow end-to-end
  • AvoPay dashboard — manage your account, subscription, and payment links at avopay.dev

Installation

  1. In your WordPress admin, go to Plugins > Add New Plugin
  2. Search for “AvoPay Bitcoin for WooCommerce”
  3. Click Install Now, then Activate
  4. Go to WooCommerce > Settings > Payments > AvoPay and enable the payment method
  5. Navigate to WooCommerce > AvoPay to complete the 3-step setup:
    • Create a free account at avopay.dev and copy your API key
    • Paste your API key into the plugin to connect your account
    • Scan the QR code with your AQUA wallet to link your Bitcoin address
    • Send a test payment to verify everything works end-to-end

FAQ

Do I need to run a Bitcoin node?

No. AvoPay uses Boltz Exchange for non-custodial Lightning to Liquid swaps. No node required.

Where do funds go?

Directly to your AQUA wallet. AvoPay never holds your funds.

What wallet do I need?

The AQUA wallet by JAN3 — free on iOS and Android at aqua.net.

Are there chargebacks?

No. Bitcoin payments are irreversible by design.

What happens to my data if I uninstall the plugin?

Plugin configuration (API key, logs, wallet connection) is deleted automatically. WooCommerce order payment data is preserved by default as a financial audit record. You can enable full deletion under WooCommerce > Settings > Payments > AvoPay before uninstalling.

Reviews

There are no reviews for this plugin.

Contributors & Developers

“AvoPay Bitcoin for WooCommerce” is open source software. The following people have contributed to this plugin.

Contributors

Translate “AvoPay Bitcoin for WooCommerce” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

1.0.13

  • Fix: PHP fatal error on cron backstop caused by stale interface declarations (broken since v1.0.1)
  • Fix: retry payment button now calls the API correctly instead of a removed local method (broken since v1.0.1)
  • Fix: “Tested up to” updated to WordPress 7.0 — restores search visibility on WP.org
  • Code: Plugin Check 0 errors, 0 warnings

1.0.12

  • Fix: payment card now renders above order details and billing address on WooCommerce Blocks checkout
  • UX: checkout QR card redesigned — white background for scanner compatibility, reduced size, dark theme
  • UX: payment prompt text added above Lightning invoice (“Please complete the Lightning payment below to finalise your order.”)
  • UX: Lightning QR reduced from 380px to 220px — still fully scannable, page no longer requires scrolling to see order details
  • UX: payment method icon updated to Bitcoin logo; description updated to “Pay from any Bitcoin Lightning wallet”
  • UX: admin dashboard header updated with AvoPay logo and Bitcoin menu icon
  • Marketplace: installation instructions updated for WordPress.org — no manual ZIP download required

1.0.11

  • Compliance: move “External services” to a standalone top-level readme section with full data-sent descriptions and Privacy + Terms links for all five services
  • Security: payment status polling endpoints now require a per-order poll token (generated at checkout, verified server-side) — prevents unauthenticated enumeration of order status

1.0.10

  • Feature: merchant-absorbs-fees across all payment channels

1.0.5

  • Copy: step 3 title, description, and button text updated for clarity

1.0.4

  • Fix: admin dashboard now passes correct licensed property to JS (fixes step 2 auto-QR load and step 3 test payment display)

1.0.3

  • Compliance: remove custom update checker (WP.org guideline — updates served from WP.org)
  • Compliance: rename plugin slug to avopay-bitcoin-for-woocommerce (WooCommerce trademark policy)
  • Code: replace date(), parse_url(), strip_tags() with WP equivalents gmdate(), wp_parse_url(), wp_strip_all_tags()
  • Code: add wp_unslash() before all sanitize_text_field() calls on superglobals
  • Code: add ordered placeholders (%1$s) and translators comments in all translatable strings
  • Code: remove development error_log() call

1.0.2

  • Fix: site domain now registered with AvoPay on API key activation so client dashboard shows correct domain

1.0.1

  • Compliance: payment creation logic moved server-side; plugin is now a thin API connector (no local trial counter or gateway disable)
  • Compliance: inline script and style tags replaced with wp_add_inline_script / wp_add_inline_style
  • Security: input sanitization added for CONTENT_TYPE, POST keys, and JSON payload version field
  • Docs: external service Terms and Privacy links added for CoinGecko, CoinCap, and Blockstream Esplora

1.0.0

  • WordPress.org release
  • Added: optional “Delete AvoPay data on uninstall” setting (default: off, preserves order financial records)
  • Improved: full uninstall cleanup of plugin options, logs table, and cron jobs
  • Improved: activation table creation uses dbDelta for safe upgrades

0.5.19

  • Fix: test payment stops at transaction.mempool with live wait counter
  • UX: step 2 connected + date merged into single pill
  • UX: step 3 success state split into green banner and neutral info box

0.5.18

  • Security: rate limiting on all API routes
  • Security: JWT token_version revocation — stale tokens rejected immediately
  • Security: CORS locked down to avopay.dev domains
  • Security: OTP log suppression in Nginx access logs
  • Security: startup env validation — API exits on missing required vars

0.5.17

  • Fix: claim fee bumping on retry (RBF — 500 to 750 to 1000 sats/vbyte)

0.5.16

  • Feature: invoice.settled status marks order paid instantly
  • Improvement: decoupled claim trigger from webhook handler
  • Improvement: adaptive JS polling (1s x 15 then 3s)
  • Improvement: API secondary poll via open-CORS swap status endpoint
  • Fix: double payment email on fast settlements

0.5.15

  • Feature: relay architecture — API-side callback delivery with retry queue
  • Feature: swap_registry table tracks full lifecycle per swap

0.5.14

  • Feature: server-side callback delivery via AvoPay API

0.5.13

  • Fix: WP cron backstop age guard skips orders younger than 2 minutes

0.5.12

  • Feature: slow payment watchdog — 30 min delay email and 120 min manual review flag

0.5.11

  • Feature: Hetzner cron backstop every 5 min for stuck pending orders

0.5.10

  • Feature: L-BTC direct payment tab — customer can pay from any Liquid wallet

0.5.9

  • Fix: test payment 500 error — removed stale descriptor method calls
  • Fix: step 2 QR and step 3 test payment now show error feedback on AJAX failure

0.5.8

  • Fix: claim broadcaster now works on any hosting environment
  • Fix: empty PHP files replaced to prevent security scanner false positives

0.5.7

  • Feature: server-side SLIP-0077 address derivation via AvoPay API
  • Change: vendor directory removed — zero PHP dependencies

0.5.6

  • Feature: L-BTC direct payment support
  • Feature: retry flow (max 3 attempts)

0.5.5

  • Feature: PM2 graceful shutdown
  • Feature: claim retry queue with backoff

0.5.4

  • Initial public release

Meta

Ratings

No reviews have been submitted yet.

Your review

See all reviews

Contributors

Support

Got something to say? Need help?

View support forum