Disgrifiad
Basiru Checkout Fraud Guard protects your WooCommerce checkout from automated bot attacks, carding attempts, and fraudulent order submissions. It uses behavioral analysis, rate limiting, and learned reputation signals to block malicious traffic while allowing legitimate customers through.
Key Features
- Behavioral Detection – Identifies bots through missing browser headers, suspicious order totals, and known bot patterns
- Rate Limiting – Sliding window rate limiting with configurable thresholds
- Identity Rotation Detection – Detects when bots cycle through multiple identities from the same IP
- Name Rotation Detection – Flags IPs submitting orders with many different names
- IP Reputation – Automatic temporary and permanent bans for repeat offenders
- JS Proof Token – Browser verification system that blocks headless bot scripts
- Manual Blocklist – Add IPs and CIDR ranges to block specific sources
- Whitelist – Exempt trusted IPs and email domains from checks
- Learned Reputation – Builds internal database of blocked signals for future detection
- Full Audit Trail – Review recent blocks with customer details and block reasons
- Email Alerts – Configurable notifications when bots are blocked
- WooCommerce Logging – Integrates with WooCommerce log system
Detection Methods
- Known fake email domains (mailinator, guerrillamail, etc.)
- Known bot phone numbers
- Landmark/test addresses (1600 Pennsylvania Ave, etc.)
- Common bot order totals used in carding tests
- Missing HTTP headers (Origin, Accept-Language)
- Rapid checkout attempts
- Identity cycling patterns
Requirements
- WordPress 5.8 or higher
- WooCommerce 6.0 or higher
- PHP 7.4 or higher
Gosod
- Upload the plugin files to
/wp-content/plugins/basiru-checkout-fraud-guard/or install through the WordPress plugins screen - Activate the plugin through the ‘Plugins’ screen in WordPress
- Navigate to WooCommerce > Basiru Checkout Fraud Guard to configure settings
- The plugin begins protecting your checkout immediately with default settings
Cwestiynau Cyffredin
-
Will this block legitimate customers?
-
The plugin uses a scoring system with configurable thresholds. Legitimate customers rarely trigger multiple detection signals. You can adjust the score threshold and individual signal weights in Settings. The whitelist feature allows you to exempt known-good IPs and email domains.
-
What happens when a bot is blocked?
-
Blocked requests receive a generic “Not Found” error to avoid revealing detection methods. The block is logged in the audit trail and optionally to WooCommerce logs and email alerts.
-
Does this work with the WooCommerce Block Checkout?
-
Yes. The plugin protects both the classic WooCommerce AJAX checkout and the new Store API (Block Checkout). The JS Proof token system provides additional protection for Store API requests.
-
Can I import a list of IPs to block?
-
Yes. The Blocklist tab includes a bulk import feature. Enter one IP or CIDR range per line, optionally with a note separated by |.
-
Does this affect site performance?
-
The plugin only runs during checkout submissions. Rate limiting uses efficient database queries with proper indexing, and all detection runs locally inside WordPress and the plugin database tables.
Adolygiadau
There are no reviews for this plugin.
Contributors & Developers
“Basiru Checkout Fraud Guard for WooCommerce” is open source software. The following people have contributed to this plugin.
Cyfranwyr
Translate “Basiru Checkout Fraud Guard for WooCommerce” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Cofnod Newid
4.5.0
- Database storage for all plugin data (migrated from wp_options)
- Improved admin UI with statistics dashboard
- Added bulk import for blocklist entries
4.3.1
- Hardened JS Proof token system with nonce verification
- Added WC session cross-check for token validation
- Hard block via rest_authentication_errors for Store API
4.3.0
- Added JS Proof token system for Store API protection
- Improved identity rotation detection
4.2.0
- Full admin UI for all settings
- Manual blocklist and whitelist management
- Email alert configuration