Completely disable WooCommerce endpoint

Question

I have searched a lot online but haven't found the answer yet. So I'm relying on the experts here.

I want to disable some WooCommerce endpoints. The Internet told me that WooCommerce menu items can be unset via the woocommerce_account_menu_items hook, as shown below:

add_filter ( 'woocommerce_account_menu_items', 'my_remove_my_account_links' );
function my_remove_my_account_links( $menu_links ){
    
    /*** Uncomment the appropriate lines to remove specific
     * endpoints in the WooCommerce My Account screen.*/
    
    //unset( $menu_links['dashboard'] ); // Remove Dashboard
    //unset( $menu_links['edit-address'] ); // Addresses
    //unset( $menu_links['payment-methods'] ); // Remove Payment Methods
    //unset( $menu_links['orders'] ); // Remove Orders
    //unset( $menu_links['downloads'] ); // Disable Downloads
    //unset( $menu_links['edit-account'] ); // Remove Account details tab
    //unset( $menu_links['customer-logout'] ); // Remove Logout link
    
    return $menu_links;
}

But the big problem here is that this just removes the menu link on the front end. I can still access the unset endpoint via the direct URL. So when I type https://example.de/myaccount/[unset-endpoint], I can still access the content.

I found a way to access the redirect via a direct URL. I used the hook woocommerce_before_account_payment_methods located in the payment methods template (/woocommerce/templates/myaccount/payment-methods.php) to redirect back to the dashboard:

function redirect_forbidden_access_account_endpoints(){
   wp_redirect(wc_get_account_endpoint_url('dashboard'));
}
add_action('woocommerce_before_account_payment_methods', 'redirect_forbidden_access_account_endpoints');

This method is very useful, but only works with the payment-methods endpoint. I've tried doing the same with the native downloads endpoint and a custom endpoint with no success.

So my question is: Is there a reliable solution to redirect URL access from a specific disabled WooCommerce endpoint to the dashboard?

Answer 1

You can achieve this in the following two ways:

1. Place null value in background settings
   Go to WooCommerce > Settings > Advanced and in the Account endpoint input box you can delete the value for the specific endpoint and save the empty value.
   
   This way you won't see the endpoint page or menu item on the account page, if you visit that URL you will see the homepage on the URL you visit.

2. Unset query variables
   You can use filter hooks to unset query variables. https://github.com/woocommerce/woocommerce/blob/trunk/plugins/woocommerce/includes/class-wc-query.php#L85
   At line 85 you can find the function with all query variables.
   
   https://github.com/woocommerce/woocommerce/blob/trunk/plugins/woocommerce/includes/class-wc-query.php#L232
   And on line 232 you can find the function that gets the query variables, which also has filters. You can use a filter and unset the required endpoints.
   
   If you use this method, you will also need to unset the item from the navigation menu item, and you will also need to resave the permalink settings.
   
   Then, if you visit the URL of that endpoint, you will see the home page at the URL you visit.

In both cases, you will not see a 404 page.

Answer 2

The answer is: Yes, there is! My hook was written wrong. I now use wp hooks. Is this legal?

function redirect_forbidden_access(){
    $current_endpoint = WC()->query->get_current_endpoint();
    if($current_endpoint == "payment-methods" 
      || $current_endpoint == "add-payment-method"
      || $current_endpoint == "edit-payment-method" 
      || $current_endpoint == "[custom-endpoint]")
    {
        wp_redirect(wc_get_account_endpoint_url('dashboard'));
    }
}
add_action('wp', 'redirect_forbidden_access');

This is the solution.