Skip to content
Engineering

How we leak-test every WooCommerce plugin (and why it matters)

If a plugin promises to hide your WooCommerce prices, there’s a simple test it has to pass: can an anonymous visitor still find the price anywhere? Not just on the product page — but through the API, the structured data, the social preview tags, the feeds, and every other surface WordPress quietly exposes.

Most “hide price” and “catalog mode” plugins pass the obvious test and fail the real one. At Eren Labs we build the opposite way: we try to break our own plugins first. We call it leak-testing, and it’s the standard every plugin in our catalog has to meet before it ships.

What a “price leak” actually looks like

A price leak is any place a value you asked to hide is still readable by someone who isn’t logged in. WooCommerce and WordPress render the same product data in a surprising number of formats, and hiding it on one doesn’t hide it on the others.

  • The Store API — the block cart/checkout reads prices from /wp-json/wc/store/v1/products. There’s no supported filter to hide them, so a naive plugin leaves the number exposed as clean JSON.
  • Structured data (JSON-LD) — WooCommerce and SEO plugins inject a Product schema with an offers.price. That’s machine-readable and often overlooked.
  • GraphQL — if WPGraphQL is active, price, regularPrice and salePrice come straight from a different code path.
  • Open Graph & Twitter meta, RSS/Atom feeds, oEmbed, and AJAX variation responses each carry their own copy of the price.

A plugin that hides the price on the product page but leaks it through the Store API isn’t hiding anything. It’s giving store owners a false sense of security.

How we test — adversarially, before release

Instead of trusting that hiding worked, we run an adversarial harness that sweeps every public surface as an anonymous visitor and searches for the exact values we promised to remove. A release only ships when that sweep returns zero leaks.

  1. Enumerate every surface. Product page HTML, Store API, REST v2/v3, GraphQL, JSON-LD, OG/Twitter tags, feeds, oEmbed, and wc-ajax variation endpoints.
  2. Search for the real values. Not “did the page change” — but “is the number 1,299 present anywhere in any response.”
  3. Fight back with the ecosystem. We install Rank Math, Yoast, AIOSEO and SEOPress one at a time — each re-injects price schema — and confirm we detect and neutralize all four.
  4. Test across themes and builders. Storefront, Astra, GeneratePress, Kadence, Flatsome and more, plus Elementor — because a theme can re-render a price its own way.
  5. Guard against regressions. A WP-CLI self-test runs in CI on every WooCommerce update, and fails the build the moment a single value leaks again.

Why this matters for your store

If you run a B2B, wholesale, or made-to-order shop, hiding prices behind a quote request is a business requirement, not a nice-to-have. A leak isn’t cosmetic — it can undercut your pricing strategy, expose margins to competitors, or break a contractual “prices on request” arrangement.

Leak-testing is also why we can support modern WooCommerce with confidence: High-Performance Order Storage (HPOS), the block/Store API checkout, and the latest releases are primary test targets, not afterthoughts.

The bar for every Eren Labs plugin

Leak-testing started with our flagship, QuoteGuard — Request-a-Quote, Hide-Price and Catalog Mode in one plugin — but it’s the bar we hold every plugin to. When we fix a leak once in our shared core, every plugin in the catalog inherits the fix.

QuoteGuard is in final hardening and launching soon. If reliable, leak-tested price control is something your store needs, join the waitlist for early access — and we’ll tell you the moment it’s live.

Building a WooCommerce store?

Get every Eren Labs plugin release first — join the waitlist.

Join the waitlist