Linux 软件免费装

在这里免费安装WordPress以及其他软件

Banner图

Checkout Origin Guard

开发者 potar
更新时间 2025年12月9日 10:02
捐献地址: 去捐款
PHP版本: 7.4 及以上
WordPress版本: 6.9
版权: GPLv2 or later
版权网址: 版权信息

标签

spam ip blocker bot protection fraud prevention woocommerce checkout security

下载

1.7 1.5.3 1.5.4 1.6

详情介绍:

Checkout Origin Guard protects your WooCommerce store from fake, fraudulent, or automated checkout attempts by identifying and blocking abusive origins before they clutter your order table or your logs. The plugin runs client-origin heuristics, IP controls, and sequence analysis to detect non-human traffic and suspicious behavior at checkout. It adds Company Shield for business and email sanity checks and an optional AVS “U” signal handler for gateways that report “Address not checked / unavailable”. All controls live on a single admin screen; you can adjust sensitivity, manage allowlists and blocklists, and review traffic logs in one place. Three layers of protection
  1. Bot Block (traffic level)\ Detects and throttles abusive requests before they become orders:
  2. Analyzes user agents, referrers, and known bot signatures
  3. Watches rapid-fire hits to checkout and wc-ajax endpoints
  4. Supports monitor, soft, and hard blocking modes
  5. Built-in allowlist for search engines, uptime monitors, and core WordPress services
  6. Company Shield (checkout level)\ Validates business identity and email quality at checkout:
  7. Flags suspicious or synthetic business names
  8. Detects repeated syllables, odd vowel ratios, and gibberish patterns
  9. Identifies disposable email domains and role-based accounts (admin, info, sales, etc.)
  10. Can run in:
  11. Monitor; log and annotate orders
  12. Soft; create the order and automatically place it on hold or pending
  13. Hard; block checkout with a user-facing error message
  14. Payment AVS signals (post-payment; optional)\ For gateways that expose AVS results in order meta, Checkout Origin Guard can treat “AVS: U; unavailable / not checked” as a risk signal:
  15. Does not change how your gateway authorizes or captures payments
  16. Can be configured to:
  17. Ignore the signal
  18. Add an order note only
  19. Add an order note and bump a risk-score meta field
  20. Put the order on hold for manual review
  21. Uses flexible pattern matching; can scan specific gateway meta keys or fall back to scanning all order meta for common “AVS: U” messages such as the PayPal string
  22. Off by default; you opt in and choose the behavior
Key Features Why It Matters WooCommerce checkouts are frequent targets for: Checkout Origin Guard focuses on checkout behavior and identity quality, not just generic firewall rules. It helps you: The plugin works alongside any existing firewall, CDN, or WAF; it does not rely on external APIs or subscriptions. All data stays on your server. Use Cases

安装:

  1. Upload the plugin folder to /wp-content/plugins/checkout-origin-guard/
  2. Activate the plugin through the Plugins menu in WordPress.
  3. Go to WooCommerce → Checkout Origin Guard in the admin sidebar (or Tools → Checkout Origin Guard if WooCommerce is not present).
  4. Configure your preferred mode:
  5. Monitor; log only, no blocking (recommended starting point)
  6. Soft Block; log and slow or defer traffic
  7. Hard Block; log and deny abusive access entirely
  8. Review logs, then fine-tune detection thresholds and allowlists before enabling Soft or Hard modes in production.
  9. Optional; enable AVS “U” handling under Payment AVS Signals, starting with “Add order note only” before switching to “Hold for review” on higher-risk stores.

屏幕截图:

  • Company Shield filters with business name and email heuristics
  • Bot Block options and traffic allowlists

升级注意事项:

1.6 Recommended update; adds optional AVS “U” risk handling, improves checkout heuristics, and confirms compatibility with WordPress 6.9. 1.5.3 Update required; improves hard block accuracy, fixes IP unblocking, and refines detection logic.

常见问题:

Does this plugin affect SEO bots or uptime monitors?

Only if you disable the built-in allowlist. Common search engines and known uptime agents (such as Googlebot, Bing, and UptimeRobot) are allowed by default. You can customize the allowlist if needed.

Will it block my own IP?

Your logged-in administrator sessions are never blocked by Bot Block. If you manually block your own address, you can unblock it from the plugin dashboard with one click.

Does it replace a firewall or security plugin?

No. Checkout Origin Guard complements existing firewall or security plugins. It focuses specifically on WooCommerce checkout behavior and identity quality, rather than broad HTTP filtering.

Does this change how my gateway processes payments?

No. Checkout Origin Guard does not interfere with your payment gateway’s authorization or capture logic. The optional AVS “U” feature runs after the gateway has responded and only:

  • Adds order notes
  • Adjusts a risk-score meta field
  • Optionally changes the WooCommerce order status to “on-hold” for manual review
Your gateway interaction and funds flow remain unchanged.

What is AVS “U” and why should I care?

AVS (Address Verification Service) compares billing address details against card-issuer records. The code “U” usually means:

  • Address not checked, or
  • Service unavailable, or
  • Acquirer had no response
On its own, AVS U does not prove fraud, but combined with other signals (suspicious company name, disposable email, rapid sequence from one IP) it can be a useful reason to slow down and review the order.

I do not know my gateway meta keys. Can I still use AVS detection?

Yes. The AVS settings include an optional Gateway Meta Keys list. If you know the exact meta keys your gateway uses to store AVS results, you can enter them for more precise scanning. If you leave the field blank, Checkout Origin Guard will scan all order meta values for common AVS U patterns, including PayPal-style messages such as:

AVS: U: Unavailable / Address not checked, or acquirer had no response. Service not available.

Can I export my logs?

Yes. All log data can be exported to CSV from the plugin dashboard for review, forensics, or integration with external tools.

Where is log data stored?

Logs are stored in a dedicated database table inside your existing WordPress database. They contain timestamps, IP addresses, user agents, paths, HTTP methods, and a decision flag. No external services are used; all data remains on your server. You can clear or truncate this table using your preferred database tools if you want to reset history.

更新日志:

1.7 1.6 1.5.3 1.5.2 1.5.1 1.5.0