Logout

GrowRich Documentation

To the Quickstart Guide.

Overview

RichWP GrowRich is a modern WordPress e-commerce plugin that redefines digital commerce through its stateless, privacy-first architecture. Unlike traditional e-commerce solutions that store customer data and rely on cookies and sessions, the GrowRich plugin utilizes a tight Stripe integration and operates in an entirely stateless manner—using secure tokens for authentication and access control while maintaining full GDPR compliance.

GrowRich turns any WordPress site into a powerful e-commerce setup where you can sell any kind of product including digital downloads, premium content, and subscriptions through Stripe integration, all without storing any customer information in your WordPress database. This approach eliminates privacy concerns, simplifies compliance, and provides lightning-fast performance.

Architecture & Key Innovations

  1. Stateless Authentication System
    • PASETO Tokens: Uses PASETO (Platform-Agnostic Security Tokens) for secure, self-contained authentication tokens.
    • No Server-Side Storage: Tokens contain all necessary user data and access rights, eliminating session storage.
    • Multi-Source Token Retrieval: Tokens can be passed via URL parameters (?at=), HTTP headers (Authorization: Bearer), or POST data.
    • Token Manager: Centralized TokenManager class handles token lifecycle across multiple storage locations (globals, constants, headers, URLs).
  2. GDPR Compliance Design
    • Zero Customer Data in WordPress DB: All customer information resides in Stripe.
    • No Cookies or Sessions: Stateless approach prevents tracking.
    • Magic Links Only to Existing Customers: Prevents unauthorized data collection by only sending authentication links to verified Stripe customers.
    • On-Demand Access Calculation: User permissions calculated in real-time from Stripe API calls.
  3. Modular Service Architecture
    • Specialized Services:
      • StripeKeyService: Encrypted key management.
      • StripeCheckoutService: Checkout session handling.
      • StripeCustomerService: Customer operations.
      • StripePriceService: Price/product management.
      • StripeWebhookService: Webhook processing.
      • TokenManager: Stateless token handling.
      • AccessControlService: Permission validation.
      • MagicLinkService: Authentication flow.
    • Repository Pattern: Clean data access layer with DownloadRepository, ContentRestrictionRepository, ProductConfigRepository.
    • Orchestrator Pattern: RichWP_GrowRich_Stripe coordinates all Stripe operations.
  4. Advanced Security Measures
    • Proof-of-Work (PoW): Client-side computational challenge to prevent spam.
    • HMAC Verification: Magic link integrity protection.
    • Rate Limiting: Prevents brute-force attacks on magic link requests.
    • Webhook Signature Verification: Ensures Stripe webhook authenticity.
    • Token Expiration & Invalidation: Rolling sequence invalidation for magic links.
    • Input Sanitization: Comprehensive validation throughout.
  5. Content Protection System
    • Multiple Paywall Types:
      • Hard paywall (complete content block).
      • Teaser paywall (content truncation).
      • Blur paywall (CSS blur effect).
      • Redirect paywall (automatic redirection).
    • Flexible Restriction Rules: Category, tag, page, and custom content restrictions.
    • Admin Bypass: Content creators always have access for editing.
  6. REST API Design
    • Public Endpoints: Prices listing, checkout creation.
    • Authenticated Endpoints: Downloads, subscriptions, premium content access.
    • Stateless Auth: Bearer token authentication for protected routes.
    • Pagination Support: Efficient data retrieval for large datasets.
  7. Gutenberg Block Ecosystem
    • Rich Block Library: Sign-in forms, pricing tables, download lists, subscription management.
    • Server-Side Rendering: Optimized performance with SSR blocks.
    • Modern JavaScript: ES6+ with async/await, optimistic UI updates.
    • Accessibility: ARIA attributes, keyboard navigation, screen reader support.
  8. Database Schema (Minimal & Config-Focused)
    • downloads Table: Links Stripe prices to downloadable files.
    • content_restrictions Table: Maps content to access requirements.
    • product_configs Table: Unified product configuration storage.
    • No Customer Tables: All user data externalized to Stripe.
  9. Error Handling & Resilience
    • Try-Catch Blocks: Comprehensive exception handling around Stripe API calls.
    • Graceful Degradation: Fallbacks for failed operations.
    • Logging: Structured error logging for debugging.
    • User-Friendly Messages: Contextual error display with auto-recovery.
  10. Performance Optimizations
    • Settings Caching: 5-minute cache for plugin configuration.
    • Lazy Loading: Components loaded only when needed.
    • Efficient Queries: Optimized database queries with proper indexing.
    • CDN-Ready Assets: Properly versioned and cacheable static files.

Technical Strengths

Developer Experience: Well-documented code with consistent patterns.

Scalability: Stateless design allows horizontal scaling without session affinity.

Security: Multi-layered security with PASETO, HMAC, PoW, and rate limiting.

Compliance: GDPR-compliant by design with no local data storage.

Maintainability: Clean separation of concerns with service-oriented architecture.

User Experience: Modern UI with optimistic updates and accessibility features.