WooCommerce Plugin

Accept Monero (XMR) payments on your WooCommerce store with the official Rebel Pay plugin. One plugin, zero JavaScript dependencies, fully automatic order management.

Requirements

• WordPress 5.8 or later
• WooCommerce 7.0 or later
• PHP 7.4 or later
• A Rebel Pay instance (self-hosted)
• SSL certificate (HTTPS) on your store — required for webhook security

Installation

Option A: Upload via WordPress Admin

1. Download the rebel-pay-woocommerce-1.0.0.zip plugin file
2. In your WordPress admin, go to Plugins → Add New → Upload Plugin
3. Select the zip file and click Install Now
4. Click Activate

Option B: Manual Upload via FTP/SFTP

1. Download and unzip the plugin
2. Upload the rebel-pay-woocommerce folder to /wp-content/plugins/
3. In WordPress admin, go to Plugins and activate Rebel Pay for WooCommerce

Configuration

Three steps to start accepting Monero payments:

Step 1: Get Your API Key

1. Log in to your Rebel Pay dashboard
2. Go to Settings
3. Copy your API Key

Step 2: Create a Webhook

Webhooks tell WooCommerce when a payment has been confirmed, expired, or underpaid. Without a webhook, your orders won't update automatically.

1. In the Rebel Pay dashboard, go to Settings → Webhooks
2. Click Add Webhook
3. Set the URL to:

   https://yourstore.com/?wc-api=rebel_pay

   Replace yourstore.com with your actual domain.
4. Select these events:
   • charge.confirmed — payment verified on-chain
   • charge.expired — charge timed out
   • charge.detected — payment seen in mempool
5. Save and copy the Webhook Secret — you'll need it in Step 3

Step 3: Configure the Plugin

1. In WordPress, go to WooCommerce → Settings → Payments
2. Find Rebel Pay and click Manage
3. Fill in the settings:

4. Click Save changes

That's it. Your store now accepts Monero. 🎉

How It Works

Customer Experience

1. Customer adds products to cart and goes to checkout
2. Selects "Pay with Monero" — your Rebel Pay logo appears next to the option
3. Clicks Place Order
4. Redirected to the Rebel Pay payment page showing:
   • XMR amount to send
   • QR code (scannable from any Monero wallet)
   • Monero address to copy
   • Countdown timer
5. Customer sends XMR from their wallet
6. Payment detected — within seconds, a "Return to Store" button appears (opens in a new tab)
7. Customer returns to your store while the payment page continues tracking confirmations
8. After 10 confirmations (~20 minutes), order status updates automatically

Order Status Flow

Admin Features

Order Details

Every order paid via Rebel Pay shows additional details in the admin order view:

• Charge ID — the Rebel Pay charge reference (e.g. ch_abc123def456)
• XMR Amount — exact Monero amount paid
• Payment Address — the unique subaddress used for this payment

Order Notes

The plugin adds timestamped notes to each order:

• "Awaiting Monero payment via Rebel Pay." — on order creation
• "Rebel Pay payment confirmed. Charge: ch_..." — on confirmation
• "Rebel Pay charge expired. Charge: ch_..." — if charge timed out
• "Rebel Pay charge underpaid..." — if partial payment received

Security

• Webhook signatures — every webhook is signed with HMAC-SHA256. The plugin rejects requests with missing or invalid signatures.
• No API keys in URLs — payment page URLs use charge IDs, never API keys.
• Charge ID verification — the plugin verifies the charge ID in the webhook matches the one stored on the order, preventing cross-order attacks.
• Data pruning — Rebel Pay automatically strips sensitive transaction data after 14 days and fully deletes records after 30 days.
• Minimal data storage — only charge ID, XMR amount, and address are stored in WordPress. No wallet keys, no transaction hashes, no customer financial data.

Troubleshooting

"Place Order" fails or shows an error

• Check that the API URL is correct and reachable from your server
• Check that the API Key is valid (no extra spaces)
• Check your server can make outbound HTTPS requests (some hosts block them)
• Look at WooCommerce → Status → Logs for error details

Order stays "On Hold" after payment

• Webhook URL — verify it's exactly https://yourstore.com/?wc-api=rebel_pay
• Webhook secret — must match between Rebel Pay and WooCommerce settings
• HTTPS required — webhooks won't work over plain HTTP
• Firewall — your server must accept incoming POST requests to the webhook URL
• Check the order notes for any webhook-related messages

"Invalid signature" error

• The webhook secret in WooCommerce doesn't match the one in Rebel Pay
• Re-copy the exact secret from your Rebel Pay webhook settings — no extra whitespace

Customer paid but charge shows expired

Rebel Pay tracks late payments. If a customer pays after the charge expires, a charge.late_confirmed webhook will still update the order. The order note will indicate it was a late payment.

Logo not showing at checkout

• Verify the assets/logo.png file exists in the plugin directory
• Check for caching plugins that might be serving a stale checkout page
• Clear your browser cache and any page caching plugins

Uninstalling

Deactivating the plugin disables Monero payments at checkout. Deleting the plugin removes all gateway settings from the database.

Order data is preserved. Charge IDs, XMR amounts, and payment addresses stored on orders are intentionally kept for your accounting records, even after the plugin is deleted.

Version History

1.0.0 — February 15, 2026

• Initial release
• WooCommerce payment gateway integration
• Automatic charge creation and redirect to payment page
• HMAC-SHA256 webhook signature verification
• Automatic order status updates
• Admin order details panel
• HPOS compatibility
• Branded gateway icon
• Test mode support

Next Steps

• Webhooks Reference — full event reference and signature verification
• API Reference — all available endpoints
• Integrations — connect to Make.com, n8n, and more
• FAQ — common questions answered