WordPress.org

Frysk

Krij WordPress
WordPress.org

Plugin Directory

Checkout Origin Guard

Checkout Origin Guard

Troch POTAR
Download

Beskriuwing

Checkout Origin Guard protects your WooCommerce store from fake, fraudulent, or automated checkout attempts by identifying and blocking unknown origins before they reach your order table.

The plugin runs client-origin heuristics, IP reputation checks, and dwell-time and sequence analysis to detect non-human traffic and suspicious behavior at checkout. It maintains a single-page control center for viewing logs, adjusting sensitivity, and unblocking valid users when necessary.

Key Features

  • 🛡️ Bot Block — Detects and blocks automated bots by analyzing user agents, referrers, and checkout behavior patterns.
  • Rapid Sequence Detection — Monitors frequency and timing between checkout attempts to identify scripted attacks.
  • 🧠 Company Shield — Flags suspicious or AI-generated business names, email domains, and mixed-character spam entries.
  • 🌎 Allowlist Controls — Preserve access for search engines, uptime monitors, and known geographic zones.
  • 🔒 Hard / Soft / Monitor Modes — Choose between logging only, soft warning blocks, or hard blocking by IP.
  • 🗂️ Log Viewer — See all checkout activity including timestamps, IPs, user agents, paths, and detection outcomes.
  • 🧩 One-Page Dashboard — Configure settings, review logs, and manage allow/deny lists from a single screen.
  • 🚫 Manual Block / Unblock — Instantly remove or restore access for specific IPs.
  • 💾 CSV Export — Download complete activity logs for security review or record keeping.

Why It Matters

WooCommerce checkouts are frequent targets for card testers, spammers, and fake business registrations. Checkout Origin Guard stops those attempts before orders are created, saving time, chargeback risk, and administrative cleanup.

This plugin works alongside any existing firewall or CDN and does not require external APIs or subscriptions. Lightweight and privacy-safe — all data stays on your server.

Use Cases

  • Prevent card testing or order spam
  • Stop bots using random company names or domains
  • Detect rapid repeat checkout attempts from the same IP
  • Block POST requests without valid referrer or nonce
  • Maintain clean order logs for legitimate customers only

Credits

Developed by Michael Winchester
For documentation and updates, visit https://michaelwinchester.com

Skermôfbyldings

  • Main dashboard with unified settings and live log viewer
  • Company Shield filters with email and name heuristics
  • Bot Block options: monitor, soft, or hard block modes

Ynstallaasje

  1. Upload the plugin folder to /wp-content/plugins/checkout-origin-guard/
  2. Activate the plugin through the Plugins menu in WordPress.
  3. Go to WooCommerce Checkout Guard in the admin sidebar.
  4. Configure your preferred mode:
    • Monitor – log only, no blocking
    • Soft Block – log and warn
    • Hard Block – log and deny access entirely
  5. Review logs and fine-tune detection thresholds or allowlists.

FAQ

Does this plugin affect SEO bots or uptime monitors?

Only if you disable the allowlist. Search engines and known uptime agents (like Googlebot, Bing, or UptimeRobot) are allowed by default.

Will it block my own IP?

You can manually unblock any address in the dashboard. Your admin sessions are never automatically blocked.

Does it replace a firewall or security plugin?

No — Checkout Origin Guard complements existing firewalls by focusing specifically on WooCommerce checkout behavior.

Can I export my logs?

Yes, all log data can be exported to CSV for review or integration with external systems.

Resinsjes

D’r binne gjin resinsjes foar dizze plugin.

Meiwurkers & amp; Untwikkelders

“Checkout Origin Guard” is iepen boarne software. De folgjende minsken hawwe bydroegen oan dizze plugin.

Meiwurkers

Oersette “Checkout Origin Guard” yn jo taal.

Ynteressearre yn ûntwikkeling?

Blêdzje troch de koade , besjoch de SVN-repository , of abonnearje op it ûntwikkelingslogboek troch RSS .

Feroaringslog

1.5.3

  • Improved IP hard block stability and unblock handling
  • Added real-time log refresh option
  • Enhanced Company Shield heuristics for email and business name detection
  • Unified all settings on one page with persistent values
  • Performance improvements and code cleanup

1.5.2

  • Added CSV export for logs
  • Added referrer and nonce validation checks
  • Expanded allowlist for common search engine bots

1.5.1

  • Fixed settings persistence and default value population
  • Added Populate Defaults button
  • UI refinements and improved table layout

1.5.0

  • Merged “Bad User Patterns” module into core
  • Added company/email heuristics and rate-limit detection
  • New single-page admin interface

Meta

Wurdearrings

No reviews have been submitted yet.

Foegje myn resinsje ta

See all reviews

Meiwurkers

Stypje

Hast wat te sizzen? Help nedich hawwe?

Besjoch stipefoarum

Doar

Wolle jo de foarútgong fan dizze plugin stypje?

Donearje oan dizze plugin