Description
ddverifactu is a WooCommerce invoice management plugin designed to generate PDF invoices for orders and make them available to customers in a secure way.
The plugin creates invoice records, assigns invoice numbers by series and year, generates PDF documents, and adds a dedicated “My invoices” section inside the WooCommerce customer account area.
For better protection of invoice files, generated PDFs are stored in the WordPress uploads directory using an encrypted file format. Customers do not access the physical PDF file directly. Instead, invoices are delivered through a controlled download endpoint that validates the logged-in user, the related WooCommerce order, and the invoice permissions before serving the decrypted PDF.
Main features:
- Generate invoice records for WooCommerce orders.
- Assign invoice numbers by series and year.
- Generate PDF invoices from WooCommerce order data.
- Store invoice files inside
wp-content/uploads/facturas. - Encrypt stored PDF files to reduce the risk of direct file exposure.
- Add a “My invoices” section to the WooCommerce customer account.
- Allow customers to download only invoices linked to their own orders.
- Allow store managers and administrators to download invoices from the order admin area.
- Add a custom WooCommerce order status for generated invoices.
- Create protected upload directories with basic access-control files where supported by the server.
Security and privacy
Invoices may contain personal, billing, tax, and order information. For this reason, ddverifactu does not expose direct public links to invoice PDF files.
Generated invoices are stored as encrypted files and are only decrypted when an authorized user requests a valid download. The download process checks authentication, invoice token, order ownership, and WooCommerce management capabilities before serving the file.
Depending on the server configuration, additional web server rules may be recommended to block direct access to the invoice storage directory. This is especially relevant on Nginx-based environments, where .htaccess files are not processed.
Requirements
- WordPress.
- WooCommerce.
- PHP with OpenSSL support.
- A server environment that allows writing to the WordPress uploads directory.
- Permalinks enabled for the customer account endpoint.
Important note
This plugin generates and stores invoice files. Site owners are responsible for verifying that invoice format, numbering, tax information, legal texts, and fiscal requirements comply with the regulations applicable to their business.
Installation
- Upload the plugin files to the
/wp-content/plugins/ddverifactudirectory, or install the plugin through the WordPress plugins screen. - Activate the plugin through the “Plugins” screen in WordPress.
- Make sure WooCommerce is installed and active.
- Go to the VeriFactu settings page in the WordPress admin area.
- Configure the available plugin options.
- Select the WooCommerce order statuses that should trigger invoice generation.
- Save your permalink settings from WordPress > Settings > Permalinks if the “My invoices” endpoint does not appear.
FAQ
-
Does this plugin require WooCommerce?
-
Yes. ddverifactu is built for WooCommerce orders and requires WooCommerce to be installed and active.
-
Where are invoice files stored?
-
Invoice files are stored inside the WordPress uploads directory, under
wp-content/uploads/facturas. -
Are invoice PDFs publicly accessible?
-
No direct public PDF links are used by the plugin. Invoices are stored in encrypted form and are served through a controlled download endpoint after validating the user and the related WooCommerce order.
-
Can customers download invoices from their account?
-
Yes. The plugin adds a “My invoices” section to the WooCommerce customer account area. Customers can only access invoices linked to their own orders.
-
Can administrators download invoices?
-
Yes. Users with the appropriate WooCommerce management permissions can download invoices from the order administration area.
-
What happens if someone accesses the encrypted file directly?
-
The stored file is not a readable PDF. It contains encrypted content and can only be converted back into a PDF by the plugin after the download request has been authorized.
-
Does the plugin block the invoice directory with .htaccess?
-
The plugin can create basic
.htaccessandindex.phpfiles inside its storage directories. This can help on Apache servers where.htaccessis enabled. On Nginx servers, direct access restrictions must be configured at the server level. -
Does this plugin send invoice data to external services?
-
No external service connection is required for the PDF storage and download functionality described by this plugin. If future versions add third-party integrations, they should be clearly documented here.
-
What happens if the encryption key is lost?
-
Encrypted invoices require the same encryption key to be decrypted. If a fixed encryption key is configured and then lost, previously encrypted invoices may no longer be recoverable. Site owners should keep a secure backup of their encryption key when using a fixed key.
Reviews
There are no reviews for this plugin.
Contributors & Developers
“ddverifactu” is open source software. The following people have contributed to this plugin.
Contributors
“ddverifactu” has been translated into 1 locale. Thank you to the translators for their contributions.
Translate “ddverifactu” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
1.1.0
- Added encrypted storage for generated invoice PDF files.
- Added secure invoice download endpoint.
- Replaced direct public PDF URLs with controlled download URLs.
- Added support for migrating plain PDF invoices to encrypted files during authorized download.
- Improved invoice file handling inside the WordPress uploads directory.
1.0.0
- Initial release.
- Added WooCommerce invoice record generation.
- Added PDF invoice generation.
- Added invoice numbering by series and year.
- Added invoice block inside WooCommerce order admin.
- Added “My invoices” section in the customer account area.
- Added basic invoice storage directory protection.