OrderUnstick

Safety model

Read-only by design

OrderUnstick touches orders that involve money, so safety is the product. v0.1 is a detector: it reads and reports, and changes nothing.

The v0.1 contract

  • No order changes. It never edits an order, never changes status, never changes stock, never sends emails. It only reads.
  • No gateway calls. It never contacts Stripe, PayPal, Mollie, or any external service. It only reads identifiers already stored on the order.
  • No data leaves your store. The scan runs in your own WordPress. There is no telemetry. The scan history stores summary counts only, not customer or payment data.
  • Admin only. The page requires the manage-WooCommerce capability, and running a scan is protected against cross-site requests.
  • Masked identifiers. Payment ids are partially masked in the report and never shown in full.

Conservative language

The report never claims an order was paid. It uses wording such as “possible stuck paid order,” “payment metadata found,” “gateway confirmation required,” “do not fulfill based only on this report,” and “this version does not verify payment with Stripe.”

How risk is rated (a heuristic, not proof)

  • High: a Stripe intent or charge id is present and the order is well past the threshold.
  • Medium: a Stripe id is present, or the payment method is Stripe.
  • Low: only a generic transaction id with an unclear gateway.

A flag means a stuck order carries payment metadata. It does not mean the order is paid.

Which orders it will and will not touch

  • Scanned: only Pending payment and On-hold, older than the threshold.
  • Never touched: Completed, Processing, Refunded, Cancelled, Failed, and draft orders. (In v0.1 nothing is modified regardless; this allowlist carries forward to later versions.)

Rules for planned later versions (not in v0.1)

If live re-query and a recovery workflow are added later, these are hard requirements, not options:

  • Flag-first and manual-confirm by default; any auto-apply ships off and behind explicit confirmation.
  • Before any “looks paid” label: the gateway must return a definitive success for that id, the amount must match the order total, the currency must match, the payment must not be refunded or disputed, and the id must provably belong to the order. Any error or ambiguity means “leave it untouched.”
  • Authorized-but-not-captured is never treated as paid.
  • Idempotency, so an action runs at most once and never double-fulfills.
  • Forward-only transitions that stop at Processing; stock left to WooCommerce’s own guard; recovery emails suppressed by default; an audit log and a one-click undo.

OrderUnstick is a detection aid, not a guarantee, and not accounting or legal advice. Always confirm with your gateway before acting on a flagged order.