Linux 软件免费装
Banner图

Predax Fraud Guard for WooCommerce

开发者 ipsentry
更新时间 2026年7月14日 02:53
PHP版本: 7.4 及以上
WordPress版本: 7.0
版权: GPLv2 or later
版权网址: 版权信息

标签

woocommerce fraud prevention checkout security ip detection vpn detection

下载

1.7.0 1.7.1

详情介绍:

Stop fraudulent WooCommerce orders before they're placed. Card testers, stolen-card fraudsters, and serial chargeback abusers almost always hide behind VPNs, proxies, Tor, or datacenter IPs. Predax Fraud Guard screens the customer's IP the moment they check out, scores its fraud risk from 0 to 100, and lets your store tag, hold, or block the order — before payment is taken and before a chargeback can happen. You stay in control of every decision: start in tag-only mode to see which orders would have been flagged, then turn on blocking for the risk levels you choose. Screening works with both the classic and block (Store API) checkout. Fully opt-in: on a fresh install the plugin does nothing — no outbound requests are made until you enter a Predax API key and pick a protection mode. The default mode once configured is tag-only (no blocking), so you can review flagged orders in your dashboard before turning on anything that rejects a customer. How It Works
  1. You install and activate the plugin. Nothing happens — the plugin stays dormant until you finish setup.
  2. You enter a Predax API key (free account available at predax.io).
  3. You pick a protection mode in Fraud Guard → Settings (or in the 3-step setup wizard). Choices: Tag + note, Block high risk, or Block critical only.
  4. On each WooCommerce checkout after that point, the plugin sends the customer's IP address to the Predax API, receives back a risk score and signal flags (is_vpn / is_proxy / is_tor / is_datacenter), and tags / holds / blocks the order according to your configuration. Results are cached for up to 5 minutes per IP.
You can revoke the API key or switch the mode back to "Tag only" at any time. Risk Tagging Orders that reach the tag threshold (default: risk score 40) are tagged based on band: Features Defaults All protection toggles default to off on a fresh install. The only thing the plugin writes to options on activation is a database version marker for the events-log table. You will need to explicitly enable any rule you want to apply. Free Tier Sign up at predax.io for a free API key. The free plan includes 5,000 IP checks per month with full VPN/proxy/Tor/datacenter detection and risk scoring — no credit card required. More Power With Paid Plans The free tier covers a small store comfortably (checkouts are only checked when they happen, and results are cached). Busier stores use up the included checks faster — paid plans raise the monthly limit from 5,000 up to 25,000–25,000,000 IP checks, with higher request rates and bulk lookups. The Fraud Guard settings page shows your live usage each month, so you can see exactly when it's time to upgrade — same plugin, same settings, just a bigger allowance on your existing API key.

安装:

From your WordPress dashboard (recommended)
  1. Make sure WooCommerce is installed and activated.
  2. Go to Plugins → Add New Plugin in your WordPress admin.
  3. Search for "Predax Fraud Guard".
  4. Click Install Now, then Activate.
  5. The Setup Wizard launches on first activation. Either click Connect with Predax for OAuth one-click connection, or enter your API key manually.
  6. Pick a protection preset (Recommended / Strict / Monitor Only). This is the step where you opt in — IP lookups begin after this point.
  7. Fine-tune individual rules at Fraud Guard → Settings any time.
Manual installation
  1. Download the plugin ZIP from this page and upload it via Plugins → Add New Plugin → Upload Plugin (or extract the predax-fraud-guard-for-woocommerce folder to /wp-content/plugins/).
  2. Activate the plugin through the Plugins menu and follow the Setup Wizard.

屏幕截图:

  • The Fraud Rules settings tab: API key, risk thresholds, and per-signal VPN / proxy / Tor / datacenter rules.
  • Order detail: the Predax risk score, flags, and country appear as an order note and order tags.
  • Orders list: the Predax column shows each order's risk score and top threat flag.
  • Advanced rules: order velocity, billing-country mismatch, disposable-email, and timezone checks.
  • Geo blocking: allow, flag, or block checkout by country, region, or IP / CIDR list.

升级注意事项:

1.7.1 Adds a live API usage meter, a quota-exhausted notice, and an API circuit-breaker so a slow API can never hang checkouts (timeout lowered 8s to 3.5s). Events Log emails are now stored masked. Screening decisions are unchanged. Safe to upgrade. 1.7.0 IPSentry is now Predax — first WordPress.org release. Your settings, API key, and order data are preserved. Checkout screening is unchanged and still fully opt-in (no outbound requests until you add a key and enable a mode). 1.6.2 WP.org compliance pass: removes self-updater, extracts inline script/style tags, tightens sanitisation, and makes the community-feedback telemetry opt-in (off by default). Core checkout screening is unchanged. Upgrade is safe. 1.6.1 OAuth connect popup now auto-closes reliably after authorization. Per-user OAuth transients prevent conflicts on multi-admin sites. Safe to upgrade — no behaviour changes. 1.6.0 Adds a 3-step setup wizard with One-Click Connect (OAuth) shown on first activation. Existing installs unaffected — the wizard only triggers on fresh activation with no API key. Re-run anytime from Developer → Run Setup Wizard. 1.5.0 Adds Events Log page and risk column on the orders list. Safe to upgrade — no behaviour changes, new DB table created automatically on first load. 1.4.3 Adds a dedicated admin menu page (Predax → Fraud Guard). Safe to upgrade — all existing settings are preserved. 1.4.2 Adds settings import/export and a configurable support email address for block messages. Safe to upgrade — no behaviour changes on upgrade. 1.4.0 Adds order hold, velocity rules, country mismatch detection, disposable email blocking, and chargeback feedback. All new features default to off.

常见问题:

How is this different from other WooCommerce anti-fraud plugins?

Most anti-fraud plugins score orders using rules about the order itself — mismatched names, order size, email patterns. Predax Fraud Guard adds the signal those rules can't see: live IP intelligence. It knows whether the customer is connecting through a VPN, proxy, Tor, or a datacenter server right now, backed by a continuously-updated commercial threat database — the same signal used to catch card testing and stolen-card fraud before payment is taken. It works well alongside rule-based fraud plugins and payment-processor screening such as Stripe Radar, and alongside security plugins like Wordfence (which protect your site, not your checkout).

Does the plugin phone home before I finish setup?

No. Before you enter an API key and save a protection mode, the plugin makes zero outbound requests to predax.io. Nothing happens silently on activation.

Will it block legitimate customers?

Only if you enable a blocking mode. Until you complete setup, the mode is Tag only (no blocking — orders just get tags and notes). In the setup wizard, the pre-selected Recommended preset enables blocking of high-risk checkouts (risk score 50+); choose Monitor Only instead if you don't want any blocking yet — each preset card lists exactly what it switches on.

What is the risk score?

A score from 0 to 100 representing how likely an IP is to be associated with fraud, anonymisation, or abuse. 0 = clean residential IP, 100 = known Tor exit or commercial VPN. The score combines VPN/proxy/Tor detection, datacenter identification, historical abuse signals, and geographic heuristics.

Does it work with Cloudflare?

Yes — enable Fraud Guard → Settings → Advanced → "Behind a proxy / CDN" (or the same toggle on the WooCommerce → Predax tab). With it on, the plugin reads the real customer IP from the CF-Connecting-IP / X-Forwarded-For headers instead of the Cloudflare edge IP. It is off by default: when your store connects directly to visitors, trusting those headers would let a customer spoof their IP to bypass fraud checks, so you only turn it on when a proxy/CDN really is in front of your site.

How do I test it without affecting real customers?

Fraud Guard → Settings → Developer tab → enter a Test IP Override. Every checkout is then evaluated as if it came from that IP. A red admin banner reminds you test mode is active. Clear the override before going live. Use 185.220.101.1 (risk 85, Tor-adjacent) to exercise blocking paths, or 1.1.1.1 to verify pass-through.

What order metadata is stored?

On each tagged order the plugin stores:

  • _ipsentry_risk_score — numeric risk score (0–100)
  • _ipsentry_ip — detected customer IP
  • _ipsentry_country_code — detected IP country code
  • _ipsentry_flags — comma-separated threat flag list

Does it work alongside the Predax Security plugin?

Yes. The plugins are independent but complementary — Security protects logins and registrations, Fraud Guard protects WooCommerce checkout. Both can share the same API key.

更新日志:

1.7.1 1.7.0 1.6.2 1.6.1 1.6.0 1.5.0 1.4.3 1.4.2 1.4.1 1.4.0 1.3.0 1.2.0 1.1.0 1.0.0