Woocommerce Weight Based Shipping Without Plugin

Having a shipping fee structure is very common in stores. However, this option is not support by default in WooCommerce. If you want to have weight-based shipping, you may need to use a plugin or you can go without one. However, without a plugin, you need to enter some code in the function.php file of your theme.

Some cautions before continuing

To enable weight based shipping for WooCommerce, the first thing you need to do is to make sure your products to have weight. It is not a requirement, however, if your products don’t have weight, what’s the point of using weight-based shipping method? Some of your products don’t have weight is OK.

There is another caution you need to know that is which shipping zone is applied when calculating the shipping fee. If you have multiple shipping zones and one zone cover the other (for example, Vietnam is in Asia and you have two shipping zones, one for Vietnam and one for Asia), you need to know that the first shipping zone is applied.

Take a look at this screenshot:

Shipping zones order. Drag to top to have higher priority

The one at the top will be applied (Asia), not Vietnam 2. If you want to apply the shipping zone Vietnam 2, you need to hold the hamburger icon (underlined red) and drag it to the top position.

Our weight based shipping setup

In our example, we are going to have three weight based shipping tier:

  • For packages under 10kg, we charge $10
  • For packages under 20kg (but more than 10kg), we charge $20
  • For packages over 20kg, we charge $50

There is no limit on how many tiers you can set. You can have very complex tiers hierarchy. It all depends on you.

Setting up the shipping tiers in WooCommerce shipping settings

We are going to create a shipping zone that and three shipping tiers. You can proceed as follow:

Step 1: Create a new shipping zone by going to WooCommerce->Settings->Shipping zones and click on Add shipping zone. You then enter the name and regions that that you want to use the shipping tiers we are going to create.

Create shipping zone

Step 2: Create three flat rate shipping tiers

Now you can click on Add shipping method and select flat rate:

Add a flat-rate tier

Click on the Add shipping method button. You will see there is an option like this appears. Click on Edit.

Edit a flat rate tier

Step 3: Now, enter the details for the tier. As mentioned, we are going to create three tiers. In the image below, we create the last tier, shipping fee for packages that is more than 20kg. You can enter anything in method title. Note that this title will be displayed to your customer when they checkout:

Enter details for the flat rate tier

After repeating step 2 and 3 two more times, we have something like this:

All available tiers

Enter a code snippet in your theme’s functions.php

Now, let’s go to your theme functions.php file and enter this code:

add_filter( 'woocommerce_package_rates', 'binary_carpenter_weight_based_shipping_tiers', 10, 2 );
function binary_carpenter_weight_based_shipping_tiers( $rates, $package ) {

    if ( WC()->cart->cart_contents_weight <= 10 ) {
    foreach($rates as $key => $value)
      if ($value->cost != 10)
    } elseif ( WC()->cart->cart_contents_weight <= 20 ) {
    foreach($rates as $key => $value)
      if ($value->cost != 20)
    } else {
        foreach($rates as $key => $value)
      if ($value->cost != 50)
  return $rates;

See the result in action

Now, you can add some products with weight to your cart and see the shipping tiers applied. In the example below, my total weight is 270kg and you can see that the highest tier is applied:

Woocommerce Weight Based Shipping Without Plugin 2



As you can see, with a little modification, you can add some interesting shipping tiers to your store. If you find this post useful, please comment and share. Do you think this method can be improved? Please let me know.


Create and verify password in PHP with new hashing functions

Previously, when creating a login system, I usually take users’ password input and md5 it and store in the database. Doing so seemed to be sufficient enough. However, no one can be sure that their system is not vulnerable to attacks. In the worst case when your site gets hacked, your database is stolen, using weak hashing algorithm on users’ passwords may enable hackers to easily decode such fields. Thus, since PHP 5.5, there are new functions available to help you create an verify password hash easily. Let’s learn what are they and how to use them.

Creating a password hash with password_hash

Creating a password hash in PHP > 5.5 is very simple.

$hash = password_hash('easy-password', PASSWORD_DEFAULT, ['cost' => 12]);

and if you echo the hash, you’ll see something similar to this:

echo "hash is: {$hash}";

Create and verify password in PHP with new hashing functions 4

If you run the script again (reload the browser in my case), you’ll get a new hash string (still same password input!):

Create and verify password in PHP with new hashing functions 5

This is quite strange for people who are familiar to md5. In md5, for one input, there is one output. In this case, one input generates multiple outputs. This makes the effort to create a dictionary to map easily-to-guess passwords and their hashes become worthless.

password_hash takes 3 parameters:

  1. The raw password. This is what the users enter along with their email/id to login to your application
  2. The hashing algorithms. There are a few of them you can find out here.
  3. Additional options. Additional options which most of the time consists of the cost option. In the example, I used cost = 12. Higher cost provides higher security but takes more time.

Verify the password with password_verify

To verify the validity of a password hash, we’ll use password_verify. Consider the case of user login, they will provide the raw password (without hashing). Our application will get the hash password in the database and verify if the raw password and the hash match.

If you used md5 before, the code may look like this:

if ( md5($raw_user_input) == $password_hash_in_database )
//ok to login

However, if you hash the password using password_hash, you’ll use password_verify to verify.


if (password_verify($raw_user_input, $password_hash_in_database )
//ok to login

For example, in my case:

$verified = password_verify('easy-password', '$2y$12$06uHkyogkUveLLLVIFhvsOFzpBrYkZ8XIegVdwj0RtE/zI/dzfHnq');

echo "verify is: {$verified}";

The output is:

Create and verify password in PHP with new hashing functions 6

You can see that the hash was successfully verified.

That’s what I learned today. This is a part of 7 days challenges to learn one topic every day. Thanks for reading