In a typical WooCommerce setup, if you disable Guest Checkout via the settings, all customers are required to either log into an existing account or register a new one during checkout. This ensures every order is tied to a user account – great for store management, but not always ideal for user experience.
The problem? Returning customers who aren’t logged in will be forced to remember their credentials or manually reset their password, just to place another order. And if they skip login and try to check out with their email, they’ll get the dreaded “An account is already registered with your email address” error – and the order won’t go through.
Thankfully, there’s a way to bypass all that. With a simple PHP snippet, you can allow users to check out as guests if their billing email matches an existing customer. WooCommerce will assign the order to their account – no login required!
PHP Snippet: Let Existing Customer Check Out as Guest & Assign Order To Customer
Please note: clearly, guest checkouts must be disabled in your store, otherwise this snippet makes no sense:
This snippet checks if the billing email entered at checkout matches an existing WooCommerce customer. If it does, it quietly tells WordPress to treat the customer as “logged in” for just that request — without actually logging them in or setting a cookie.
This prevents WooCommerce from trying to create a new account (which would normally fail with a “email already exists” error), and allows the checkout to continue smoothly.
The order is then automatically assigned to the existing customer account. No login forms, no password resets – just a smoother experience for returning customers!
/**
* @snippet Allow Guest Checkout For Existing WooCommerce Customers
* @tutorial https://businessbloomer.com/woocommerce-customization
* @author Rodolfo Melogli, Business Bloomer
* @compatible WooCommerce 9
* @community https://businessbloomer.com/club/
*/
add_action( 'woocommerce_checkout_process', 'bbloomer_faux_login_for_existing_email' );
function bbloomer_faux_login_for_existing_email() {
if ( is_user_logged_in() ) return;
if ( empty( $_POST['billing_email'] ) ) return;
$email = sanitize_email( $_POST['billing_email'] );
if ( email_exists( $email ) ) {
$user = get_user_by( 'email', $email );
if ( $user ) {
wp_set_current_user( $user->ID );
}
}
}
This snippet hooks into the WooCommerce checkout process using the woocommerce_checkout_process action.
It first checks if the user is already logged in – if so, it does nothing. Then it grabs the billing email from the checkout form and sanitizes it. If that email matches an existing WordPress user, it uses wp_set_current_user() to temporarily set the user context for the current request.
This tricks WooCommerce into thinking the customer is logged in just for the duration of the checkout, so the order gets assigned to the right account without showing errors or requiring a password. The customer stays logged out after purchase.
I think there is a serious security risk with this code, please correct me if I am wrong.
If a guest checkouts with the site admin email address (no need to enter a password), then that guest will automatically be logged into WP with the Admin account, and can access the WP Dashboard.
Thank you Cameron, but in the notes I wrote “The customer stays logged out after purchase” so there is no security problem here
My mistake, thanks for clarifying.
No prob at all
We have set woocommerce to allow guest checkouts, but if there is an existing account for a user with the email entered, it still prompts the user to login, though underneath, there is a note that login is not required. However, login IS required. Maybe we are missing an important cue about how WC deals with ‘guest checkouts’ when a user exists with the checkout email. However Chatgpt says:
“Yep, that behavior is a known point of confusion in WooCommerce. Here’s what’s happening and how to clean it up:
⚙️ What WooCommerce is doing:
When guest checkout is enabled, WooCommerce still tries to prevent duplicate user accounts being created with emails already in the system. So:
If a customer enters an email already tied to an existing account, WooCommerce prompts them to log in, even if guest checkout is allowed.
It says “Login is not required”, but also blocks them from checking out as a guest with that email.
This is not a bug—it’s WooCommerce’s way of protecting existing user accounts from being accidentally overwritten or hijacked.”:
Our experience matches Chatgpt’s answer. However, the snippet that you provide DOES SOLVE THE PROBLEM that the existing user can checkout without logging in.
Any thoughts about this?
Hello Spafford, thanks for your comment! This snippet only works when guest checkouts are disabled in your store. So, I have no thoughts about this, except that I’m sure something can be done for your custom case, it’s just that it’s out of scope 🙂
But isn’t that a security risk. The chance for it to happen is nearly zero, but assume there is a typo is the mail submitted during the new_order, and previously such a user existed, then the new order will link to that user. By default Woo sends an email, causing confusion for the first customer.
So the user naturally assumes, either their account was hacked, or its a scammer trying to run a con.
Of course – it’s up to you to make it more secure if this is a risk for your store. In my case, it’s mostly free products or very expensive ones, so people will either create a new account (free products) or be 100% sure they’re using the correct billing email.
Many store owners send an email with a “magic link” in order to verify that the email is legit, for example, so that could be a good compromise.
I think using this snippet can potentially harm my business. As this will let any anonymous person to place orders against any of the existing customers by entering their email. And this led to increase in fake orders.
For example: Let say John is an existing customer on example.shop, if I (a suspicious or bad person), place an order by using John’s email, and when the delivery arrives at the address, John will be oblivious of the situation(yes customers get order confirmation mail when an order is placed, but many people sometimes miss emails).
Ultimately the vendor will have to bear the delivery/return charges, which is a loss for them.
So, think before using this feature.
Of course, this strictly depends on the kind of WooCommerce site you run. In my case, there is no problem because I use rate limiting and also have a custom feature in place to prevent duplicate orders and limit failed ones, so it’s never a problem for me.