User deletion from Wordpress does not remove entry from wp_wc_customer_lookup

[RikshaDriver]

When removing a user from Wordpress via the users section, it seems that Woocommerce Admin does not remove entries under wp_wc_customer_lookup

[RikshaDriver]

Further to this, manual removal of entries from wp_wc_customer_lookup still doesn't appear to remove the Customer list under WC Admin.

[tammullen]

Hi @RikshaDriver Thank you for reporting the issue. I can reproduce it using your steps in 3.92 and 4.0 RC

A user deleted from the Users section is not removed from the WooCommerce Admin Customers section. They are however removed from the WooCommerce / Reports / Customer / Customer List

WooCommerce Admin is being developed in another repository: https://github.com/woocommerce/woocommerce-admin ​ I am going to move your bug report there so that the right team could take a look further and advise if this is a bug.

[timmyc]

I feel like this is working as designed, but want to pull in @LevinMedia to double check that. If I recall correctly we opted to retain the customer lookup table entry to reflect the sales activity even if the WordPress user account was deleted.

We do support deletion of data from the customers table when the GDRP tooling is used to perform a deletion of user data though.

[joshuatf]

If I recall correctly we opted to retain the customer lookup table entry to reflect the sales activity even if the WordPress user account was deleted.

This is correct since we keep user data tied to any orders that were made with guest accounts.

However, it's possible that a user account is created and an order is not created alongside them. We'll need to decide if we want to keep orphaned user data that's not tied to orders; my gut feeling is that we should not but /cc @LevinMedia for feedback on this.

At a minimum, we should remove the customer_id from the customer lookup table since these users no longer exist.

[timmyc]

I chatted with @LevinMedia about this, and I think what you said at the end @joshuatf is exactly what we need to test to see what happens, and change if needed. The case of a user that does place an order, then the wp-user row is deleted, making sure the customer lookup table clears out the customer_id properly.

[shoelaced]

It does make sense for the admin Customer list to be a separate entity from its corresponding User profiles, for the sake of backing up the sales record, but it should at least be possible to completely delete the record everywhere. Ideally, I should think there would be an option where admins/shop managers could select whether to sync the Customer list with the User profiles (and therefore delete the Customer record if the profile is deleted), anonymize the Customer data if the profile is deleted, or fully retain the Customer data if the record is deleted (though it should still be deleted or anonymized in GDPR requests). In any case, shop managers should be able to manage the Customer list to correct inaccuracies.

In my particular use case, I've run many test orders through PayPal Sandbox in an effort to debug an issue on the frontend, and now I have a whole list of fake customers in the Customers list that I'm going to have to go digging through the database to get rid of.

[rrennick]

Noting from https://github.com/woocommerce/woocommerce/issues/26054 that the Customer report includes a link to the non-existent WP user profile.

[ChrisColotti]

as @shoelaced stated I am trying to create a cloned/sanitized copy of my site for some testing and all users, orders, products, images have all been deleted but there is still all these customers showing. There should be a way to remove them or to "reset" the data.

This also brings up a GDPR issue as the email is still shown for every user that had an account or was captured as a guest....so I've removed all traces of that info yet it still appears in this report? and the report is downloadable with that data. That's simply not right for GDPR removal compliance either.

[timmyc]

@ChrisColotti as I mentioned above the customers report data is included as part of the GDPR Erasure request process. So if that tool is used to process a customer's request to delete all data, the data in the customers table will be scrubbed. Here is a blog post with details on how to use that tool.

[mouligreenlaw]

Also in this ticket 2874449-zen 2877554-zen

[ChrisColotti]

Thanks saw that after but deleting/scrubbing 500+ records that’s not an option as it’s 1:1. We need a better tool to remove these from the lookup DB en mass.

[timmyc]

@ChrisColotti - in your flow for creating your scrubbed site, what methods are you using to purge/clean both the order and customer data ( thinking more on the registered side of customers here )? Just trying to see what would work for your specific use case.

[madeincosmos]

One more user reporting this in 2891641-zen

Lots of test data populating their Customer reports with no option to remove them.

[anant1811]

Another report in 2896189-zen

[pako69]

Hi I'm facing the same problem: I made a lot of test before going live and now I have ghost WC users, there is no SQL stuff to remove them? Thanks

EDIT: I have found a way to delete them: In PHPMyAdmin I searched those ghosts customers by e-mail dans delete anything related to them, after deleting delete ALL my transients with https://wordpress.org/plugins/transients-manager/ and they are gone ;-)

[anant1811]

Another report 20738202-hc

[killianconsulting]

Similar situation where I need to be able to delete the Customers. I created a development site, so there are test customers. I used All-In-One Migration to move the dev site to the production site and now I have these customers that I can't delete eventhough the users have been deleted. I realize that not allowing it to be removed is about integrate of the data but now my data is compromised by the test data. I deleted the records from wc_customers_lookup and it is still showing in the site. How can I remove it?

[rrennick]

@killianconsulting You can go to Analytics -> Settings -> Historical Import. From there you can delete the imported data, wait for that to complete then re-run the import.

[zdenys]

Another case here 20990324-hc

[dsmithweb]

And in 21493529-hc. Clicking the customer's name generates a 500 error.

[ravingsoftware]

I have the same issue. I deleted test users and all of the associated orders, but still see the test customer accounts in WooCommerce.

[timmyc]

@pmcpinto / @jameskoster Thoughts on this one? Seems like the original assumption of retaining customer data in the reporting system is not aligning well with expectations of a number of users. Perhaps we could slate an update to this logic in the next sprint to delete customer data in the reporting tables upon user delete too.

[ravingsoftware]

That would be awesome, thanks for considering it @timmyc @pmcpinto @jameskoster

[pmcpinto]

@pmcpinto / @jameskoster Thoughts on this one? Seems like the original assumption of retaining customer data in the reporting system is not aligning well with expectations of a number of users. Perhaps we could slate an update to this logic in the next sprint to delete customer data in the reporting tables upon user delete too.

I think it makes sense to move forward with that change. Ideally, we should provide the option of retaining the sales activity data or at least make it clear that removing customers can impact that data as well.

[shoelaced]

Providing the option to sync the customers with the users would be helpful, keeping in mind the available option to allow Guest checkout. I should think the ideal default would be to sync the customer data with the user profiles, automatically if a new user profile is created with the same email address as a past Guest customer, and also give the option to Admins/Store Managers of what should happen when a user is deleted -- i.e. whether customer data should be retained, anonymized, or deleted when the user is deleted. Additionally, adding checkboxes with a bulk delete option to the Customers list for manual control in the case of test orders, etc., for example if the above setting is changed after orders have been made. Some possible way of syncing a past Guest customer with a new user profile that has a different email address would also be a nice-to-have, for example if a customer creates an account with a different email and wonders where there past order is. Perhaps simply allowing manual update of the email addresses in the Customers list would accomplish this, since past orders can already be manually connected to a certain customer.

This would be my personal ideal scenario, though obviously there may be other use cases.

[nickmadestories]

Is there a current manual method to clean up the customer data? Running different user/customer imports resulted in a 300 customer store increasing up to a 2,300 customer store erroneously.

[sanderkie]

Looking also for a solution to clean this up. Cannot find any SQL query or manual action to correct this. All users already have been deleted but it still shows sensitive data including e-mail address and zip code.

Update: I simply delete all data from the table wp_wc_customer_lookup.

[dirkner]

I had the same problem. I first deleted the orders and then emptied the trash. Then I deleted the corresponding users from the database table "wp_wc_customer_lookup". However, they were still displayed to me. If you delete orders but do not empty the recycle bin and then delete the users in the database table "wp_wc_customer_lookup", they will no longer be displayed. So create a new order and carry out the steps as described and all deleted users will no longer be shown closely.

[ktyfuller604]

Another report here: 22088427-hc

[danieldanilov]

Another report here: 22139840-hc

[hacchism]

Another report: 22060251-hc

[garymurray]

AFAIK, the way this was handled originally was to allow for the deletion of any customer. The details were stored at the order level - allowing you to keep the details about the customer address/contact details, but the order would revert to being a “guest” order.

So it seems the best option here is to maintain the pre-existing workflow here and allow for the deletion of users and ensure that the entry is also removed from the customer list, while retaining the details at the order level.

To confirm: will that address the issues raised here?

[shoelaced]

@garymurray Not quite the way I'd been thinking of it - the issue is that currently, customers are not removed from the Customers list under any circumstances and with no way to manually delete them, when the expected behavior would be that they'd be automatically removed when there are no other references to them (i.e. A user account or an order).

The customer details should still be stored at the order level, and if a user account is deleted then yes, any associated orders should retain the customer info and revert to 'guest' orders, but as long as either a user account or an order exists, the customer should still remain in the Customers list. But if the user account, all associated orders, and all guest orders with the same billing email are all deleted, then the entry should be deleted from the Customers list as well.

From a store management perspective, the Users list contains all users, the Orders list contains all orders and customer info, and the Customers list should aggregate both. In other words, the Customers list should consist of all users with the "Customer" role AND all customer data from all orders, merged by email address where possible. The Customers list, therefore, shouldn't even have its own table in the DB except perhaps for caching purposes - it should only aggregate data from the Users and Orders.

Also noting that the reverse should be true as well - i.e., If a guest order exists and a user account is later created using the same email as the order's billing email, then the order should be automatically associated with the user account. The use case for this would be when past orders are migrated from a different system and past customers may need/want to create a new account on the new site in order to see their past orders. I've just done a project like this and at the moment we have to wait for customers to create a new account and then email about why they can't see their past orders, and then we go manually associate the past orders with their new user account.

Hope this helps clarify it.

[simonclay]

Following as I need to create a clone of a store for a different country, but with no order or customer data.

[MKJJJ]

Wow, this is a bummer! I really have to scan the database for manually deleting customers? Seriously? Please fix that. Give us a delete feature in the customers table.

[smitherines]

This sucks.. please fix

[MKJJJ]

And please keep in mind that Woocommerce customers and WordPress customers are not the same. If you let guests place orders, they will never appear in the WP users list but only in the WOO customers list. I simply don't understand why we can't just delete customers in the WOO customers list. While this list can be a useful feature, it should be better implemented as a plugin. The same is true for the new WOO dashboard. It is NOT a good idea to make these powerful but memory intensive applications part of the core.

[BigBox2020]

it has been months, why is this issue still not resolved?

just allow us to delete all customers data

many of us do want an option to delete for security reasons or due to testing.

[pickmeok]

Come on WooCommerce, fix that Privacy Policy Concern issue! You should already know that in Europe GDPR is applied. I am one step away from switching to Magento and Prestashop. Come on! Come on!

[pickmeok]

The best solution for this issue would be the personal data from table WooCommerce > Customer to get deleted when WP’s Delete Personal Data feature is carried out and not an independent/manual deletion. Please take this into account!

[BigBox2020]

FYI, the solution for me was to completely delete WooCommerce Admin.

what do u mean?

[BigBox2020]

The best solution for this issue would be the personal data from table WooCommerce > Customer to get deleted when WP’s Delete Personal Data feature is carried out and not an independent/manual deletion. Please take this into account!

yep. agree. what is the point of the tool if it does not delete any data

[pickmeok]

FYI, the solution for me was to completely delete WooCommerce Admin.

FYI, the solution for me was to completely delete WooCommerce Admin.

what do u mean?

I have not installed WooCommerce Admin plugin, only WooCommerce plugin, and that table is still present with all personal data visible from deleted accounts' data and anonymized orders' data (after WP's delete personal data feature and account deletion are carried out).

[MKJJJ]

The plugin is now part of the WOO core. So, not a solution, I guess.

[timmyc]

Hello all - we are looking at possibly hooking into the delete user action to remove data from the customers lookup table in our next sprint cycle.

Until then I want to re-iterate what Ron posted above that there is currently a button in the UI which allows for you to delete all Analytics data, including the Customers Report.

You can go to Analytics -> Settings -> Historical Import. From there you can delete the imported data

It is mentioned in the support document here too

Please Note that this deletes all analytics data. You can re-import data again if you please, but I feel this is a work-around for people who reported in this thread of wanting to clear out all test data on a site before handing over to a client, or when cloning a site or something like that.

@BigBox2020 as for the GDPR side of things - as I mentioned before - the customer's report in WooCommerce fully supports the tooling built into WordPress core around User Data Deletion Requests. So if a GDPR request to delete personal data is processed through the core WP flows, customer data is deleted from WooCommerce reports. Here is a link to the original PR that added this support for personal data erasure

[pickmeok]

@rrennick and @timmyc hello,

Will the latest version of Woocommerce include support to delete personal data from Woocommerce Reports when WP's delete personal data request is processed?

I can see that both files CustomersScheduler.php and SchedulerTraits.php are already inside Woocommerce directory.

Do I have to replace them with this and this respectively in order for personal data in WooCommerce Reports to get deleted when WP's delete personal data requests are processed?

Thank you

[BigBox2020]

Hello all - we are looking at possibly hooking into the delete user action to remove data from the customers lookup table in our next sprint cycle.

Until then I want to re-iterate what Ron posted above that there is currently a button in the UI which allows for you to delete all Analytics data, including the Customers Report.

You can go to Analytics -> Settings -> Historical Import. From there you can delete the imported data

It is mentioned in the support document here too

Please Note that this deletes all analytics data. You can re-import data again if you please, but I feel this is a work-around for people who reported in this thread of wanting to clear out all test data on a site before handing over to a client, or when cloning a site or something like that.

@BigBox2020 as for the GDPR side of things - as I mentioned before - the customer's report in WooCommerce fully supports the tooling built into WordPress core around User Data Deletion Requests. So if a GDPR request to delete personal data is processed through the core WP flows, customer data is deleted from WooCommerce reports. Here is a link to the original PR that added this support for personal data erasure

i would like to point out, I use guest orders instead, so there is no user to delete from the users list

this issue exists from guest orders as well, Please clarify this will be fixed aswell

[timmyc]

@pickmeok the feature already supports personal data erasure, but if you are seeing behavior otherwise, please do open up a new bug report on the repository here for us to investigate further.

@BigBox2020

i would like to point out, I use guest orders instead, so there is no user to delete from the users list. this issue exists from guest orders as well, Please clarify this will be fixed aswell

So the original intent of this issue is the case of a user ( registered Woo user ) being deleted from the Users system in wp-admin should result in removal of the entry in the customer analytics table.

What is your expectation for guest users? The one flow I could think of is when deleting the original order that a guest user is attached to, that should then delete the entry in the customer analytics table? Also really interested to hear if this is something you are encountering when building sites, or just a preference on a production site.

[pickmeok]

@pickmeok the feature already supports personal data erasure, but if you are seeing behavior otherwise, please do open up a new bug report on the repository here for us to investigate further.

@timmyc could you please clarify: Processed WP's Delete Personal Data automatically delete WooCoomerce's Customer Analytics Table now on WooCommerce 4.3.1 ? We Don't have to replace the pr / code provided by @rrennick ?

Regarding Personal Data, please let me clarify how they are stored using WooCommerce:

1) Registered Users having ordered products: His Acount and his Orders contain his Personal Data. 2) Guests/Visitors having ordered products: His Orders only contain his Personal Data.

Regarding Personal Data, please let me clarify when they are Deleted:

1) Registered Users having ordered products: a) When an Account is deleted, Personal Data from Account are deleted but not from his Orders. b) When WP's Delete Personal Data Request is processed, Personal Data in Account are deleted and in Orders are anonymized (ok for gdpr). However, Acount remains active with the email address he registered < Email is deleted with Account deletion.

2) Guests/Visitors without account having ordered products: Orders contain personal data. WP's Delete Personal Data Request can be processed though to delete Guest's Personal Data.

In my opinion Woocommerce Analytics should function in this manner:

1) When an account is deleted (personal data in Orders are not deleted), WooCommerce Analytics should follow the retention periods from : Woocommerce > Settings > Accounts & Privacy Tab > Personal data retention.

2) When a Delete Personal Data request from a registered user or a Guest is processed, WooCommerce Analytics should delete all personal data of all Orders of these Customers.

3) For Guests, having personal data only in Orders they have made, WooCommerce Analytics should follow the retention periods from : Woocommerce > Settings > Accounts & Privacy Tab > Personal data retention.

[BigBox2020]

@pickmeok the feature already supports personal data erasure, but if you are seeing behavior otherwise, please do open up a new bug report on the repository here for us to investigate further.

@BigBox2020

i would like to point out, I use guest orders instead, so there is no user to delete from the users list. this issue exists from guest orders as well, Please clarify this will be fixed aswell

So the original intent of this issue is the case of a user ( registered Woo user ) being deleted from the Users system in wp-admin should result in removal of the entry in the customer analytics table.

What is your expectation for guest users? The one flow I could think of is when deleting the original order that a guest user is attached to, that should then delete the entry in the customer analytics table?

yes, that would make perfect sense. orders that have been deleted should be removed from the system completely (customer analytics table)