Checkout Origin Guard

Checkout Origin Guard protects your WooCommerce store from fake, fraudulent, or automated checkout attempts by identifying and blocking unknown origins before they reach your order table. The plugin runs client-origin heuristics, IP reputation checks, and dwell-time and sequence analysis to detect non-human traffic and suspicious behavior at checkout. It maintains a single-page control center for viewing logs, adjusting sensitivity, and unblocking valid users when necessary. Key Features

• 🛡️ Bot Block — Detects and blocks automated bots by analyzing user agents, referrers, and checkout behavior patterns.
• ⚡ Rapid Sequence Detection — Monitors frequency and timing between checkout attempts to identify scripted attacks.
• 🧠 Company Shield — Flags suspicious or AI-generated business names, email domains, and mixed-character spam entries.
• 🌎 Allowlist Controls — Preserve access for search engines, uptime monitors, and known geographic zones.
• 🔒 Hard / Soft / Monitor Modes — Choose between logging only, soft warning blocks, or hard blocking by IP.
• 🗂️ Log Viewer — See all checkout activity including timestamps, IPs, user agents, paths, and detection outcomes.
• 🧩 One-Page Dashboard — Configure settings, review logs, and manage allow/deny lists from a single screen.
• 🚫 Manual Block / Unblock — Instantly remove or restore access for specific IPs.
• 💾 CSV Export — Download complete activity logs for security review or record keeping.

Why It Matters WooCommerce checkouts are frequent targets for card testers, spammers, and fake business registrations. Checkout Origin Guard stops those attempts before orders are created, saving time, chargeback risk, and administrative cleanup. This plugin works alongside any existing firewall or CDN and does not require external APIs or subscriptions. Lightweight and privacy-safe — all data stays on your server. Use Cases

• Prevent card testing or order spam
• Stop bots using random company names or domains
• Detect rapid repeat checkout attempts from the same IP
• Block POST requests without valid referrer or nonce
• Maintain clean order logs for legitimate customers only

1.5.3

• Improved IP hard block stability and unblock handling
• Added real-time log refresh option
• Enhanced Company Shield heuristics for email and business name detection
• Unified all settings on one page with persistent values
• Performance improvements and code cleanup

1.5.2

• Added CSV export for logs
• Added referrer and nonce validation checks
• Expanded allowlist for common search engine bots

1.5.1

• Fixed settings persistence and default value population
• Added Populate Defaults button
• UI refinements and improved table layout

1.5.0

• Merged “Bad User Patterns” module into core
• Added company/email heuristics and rate-limit detection
• New single-page admin interface