{"id":276707,"date":"2026-01-25T12:16:58","date_gmt":"2026-01-25T12:16:58","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/carticy-checkout-shield-for-woocommerce\/"},"modified":"2026-03-08T12:38:30","modified_gmt":"2026-03-08T12:38:30","slug":"carticy-checkout-shield-for-woocommerce","status":"publish","type":"plugin","link":"https:\/\/syr.wordpress.org\/plugins\/carticy-checkout-shield-for-woocommerce\/","author":23432479,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.1.0","stable_tag":"1.1.0","tested":"6.9.4","requires":"6.0","requires_php":"8.0","requires_plugins":null,"header_name":"Checkout Shield for WooCommerce \u2013 Stop Fake Orders, Spam Bots & Card Testing","header_author":"Carticy","header_description":"Protects WooCommerce stores from card testing and fake order attacks using stateless bot detection.","assets_banners_color":"f4f2fa","last_updated":"2026-03-08 12:38:30","external_support_url":"","external_repository_url":"","donate_link":"https:\/\/alikhallad.com\/donations\/donation-form\/","header_plugin_uri":"https:\/\/carticy.com\/checkout-shield","header_author_uri":"https:\/\/carticy.com","rating":5,"author_block_rating":0,"active_installs":100,"downloads":398,"num_ratings":1,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.0":{"tag":"1.0.0","author":"carticy","date":"2026-01-25 12:16:35"},"1.1.0":{"tag":"1.1.0","author":"carticy","date":"2026-03-08 12:38:30"}},"upgrade_notice":[],"ratings":{"1":0,"2":0,"3":0,"4":0,"5":1},"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3446515,"resolution":"128x128","location":"assets","locale":""},"icon.svg":{"filename":"icon.svg","revision":3446515,"resolution":false,"location":"assets","locale":false}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3446515,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3446515,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0","1.1.0"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3446515,"resolution":"1","location":"assets","locale":""},"screenshot-2.jpg":{"filename":"screenshot-2.jpg","revision":3446515,"resolution":"2","location":"assets","locale":""},"screenshot-3.jpg":{"filename":"screenshot-3.jpg","revision":3446515,"resolution":"3","location":"assets","locale":""}},"screenshots":{"1":"Settings page - Configure protection mode and options","2":"Dashboard widget - Monitor blocked and passed requests","3":"Orders column - View shield status for each order"},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[166108,3148,12891,600,286],"plugin_category":[45,54],"plugin_contributors":[141250,253398],"plugin_business_model":[],"class_list":["post-276707","plugin","type-plugin","status-publish","hentry","plugin_tags-bot-protection","plugin_tags-checkout","plugin_tags-fraud","plugin_tags-security","plugin_tags-woocommerce","plugin_category-ecommerce","plugin_category-security-and-spam-protection","plugin_contributors-alikhallad","plugin_contributors-carticy","plugin_committers-carticy"],"banners":{"banner":"https:\/\/ps.w.org\/carticy-checkout-shield-for-woocommerce\/assets\/banner-772x250.png?rev=3446515","banner_2x":"https:\/\/ps.w.org\/carticy-checkout-shield-for-woocommerce\/assets\/banner-1544x500.png?rev=3446515","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":"https:\/\/ps.w.org\/carticy-checkout-shield-for-woocommerce\/assets\/icon.svg?rev=3446515","icon":"https:\/\/ps.w.org\/carticy-checkout-shield-for-woocommerce\/assets\/icon.svg?rev=3446515","icon_2x":false,"generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/carticy-checkout-shield-for-woocommerce\/assets\/screenshot-1.png?rev=3446515","caption":"Settings page - Configure protection mode and options"},{"src":"https:\/\/ps.w.org\/carticy-checkout-shield-for-woocommerce\/assets\/screenshot-2.jpg?rev=3446515","caption":"Dashboard widget - Monitor blocked and passed requests"},{"src":"https:\/\/ps.w.org\/carticy-checkout-shield-for-woocommerce\/assets\/screenshot-3.jpg?rev=3446515","caption":"Orders column - View shield status for each order"}],"raw_content":"<!--section=description-->\n<p><strong>Checkout Shield<\/strong> stops fake checkout orders and card testing attacks \u2014 the kind that bypass your CAPTCHA.<\/p>\n\n<p>Card testing bots don't fill out your checkout form. They hit your store's checkout API directly, completely skipping any reCAPTCHA or hCaptcha you've set up. That's why CAPTCHA alone doesn't stop them.<\/p>\n\n<p>This plugin verifies that every checkout request comes from a real browser session. Bots that can't prove they loaded your checkout page get blocked before WooCommerce processes the order.<\/p>\n\n<h4>Why Store Owners Choose This Plugin<\/h4>\n\n<ul>\n<li><strong>Catches what CAPTCHA misses<\/strong> \u2014 blocks bots hitting your checkout API directly<\/li>\n<li><strong>Works with any caching<\/strong> \u2014 LiteSpeed, Cloudflare, WP Rocket, W3TC \u2014 no conflicts<\/li>\n<li><strong>Zero configuration<\/strong> \u2014 activate and you're protected<\/li>\n<li><strong>No external services<\/strong> \u2014 everything runs on your server, no subscriptions<\/li>\n<li><strong>No performance impact<\/strong> \u2014 validation adds microseconds, not seconds<\/li>\n<\/ul>\n\n<h4>Features (Free)<\/h4>\n\n<ul>\n<li><strong>Automatic bot blocking<\/strong> \u2014 works the moment you activate, no setup needed<\/li>\n<li><strong>4 protection levels<\/strong> \u2014 Learning, Permissive, Balanced, and Strict \u2014 choose how aggressive you want to be<\/li>\n<li><strong>Dashboard overview<\/strong> \u2014 see blocked vs verified orders at a glance with a 7-day chart<\/li>\n<li><strong>Order status tracking<\/strong> \u2014 know which orders were flagged, passed, or blocked<\/li>\n<li><strong>IP whitelist<\/strong> \u2014 let trusted addresses through, supports CIDR notation<\/li>\n<li><strong>API key authentication<\/strong> \u2014 for headless and custom checkout setups<\/li>\n<li><strong>Works with all checkout types<\/strong> \u2014 classic, block-based, and all payment gateways<\/li>\n<li><strong>HPOS compatible<\/strong> \u2014 works with High-Performance Order Storage<\/li>\n<li><strong>WooCommerce logging<\/strong> \u2014 full integration with WooCommerce Status logs<\/li>\n<\/ul>\n\n<h4>Pro Features<\/h4>\n\n<p>Take control with advanced tools:<\/p>\n\n<ul>\n<li><strong>Smart logging<\/strong> \u2014 choose what gets logged: nothing, blocked attempts only, or everything with full details<\/li>\n<li><strong>Recent blocks feed<\/strong> \u2014 see the last 50 blocked attempts right on your dashboard, with email, payment method, and block reason<\/li>\n<li><strong>Automatic CDN\/proxy detection<\/strong> \u2014 correctly identifies visitor IPs behind Cloudflare, Sucuri, or Akamai without manual configuration<\/li>\n<li><strong>Stronger permissive mode<\/strong> \u2014 adds referrer verification on top of session checks for tighter bot detection<\/li>\n<li><strong>Checkout details in logs<\/strong> \u2014 see exactly which email and payment method bots tried to use<\/li>\n<li><strong>Customer blocklist<\/strong> \u2014 block repeat offenders by email, name, address, phone, IP, or postal code<\/li>\n<li><strong>Order block metabox<\/strong> \u2014 add customers to the blocklist directly from any order screen<\/li>\n<\/ul>\n\n<p><a href=\"https:\/\/carticy.com\/plugins\/checkout-shield-for-woocommerce\/\">Learn more about Pro features<\/a><\/p>\n\n<!--section=installation-->\n<ol>\n<li>Upload the plugin files to <code>\/wp-content\/plugins\/carticy-checkout-shield-for-woocommerce\/<\/code><\/li>\n<li>Activate the plugin through the 'Plugins' menu in WordPress<\/li>\n<li>That's it. Protection is active immediately.<\/li>\n<\/ol>\n\n<p>Optional: Go to WooCommerce \u2192 Settings \u2192 Advanced \u2192 Checkout Shield to adjust settings.<\/p>\n\n<h4>Requirements<\/h4>\n\n<ul>\n<li>WordPress 6.0+<\/li>\n<li>WooCommerce 8.0+<\/li>\n<li>PHP 8.0+<\/li>\n<\/ul>\n\n<!--section=faq-->\n<dl>\n<dt id=\"does%20this%20slow%20down%20checkout%3F\"><h3>Does this slow down checkout?<\/h3><\/dt>\n<dd><p>No. Validation happens locally in microseconds. No external API calls, no waiting on third-party services.<\/p><\/dd>\n<dt id=\"will%20this%20block%20real%20customers%3F\"><h3>Will this block real customers?<\/h3><\/dt>\n<dd><p>Very unlikely. The default Balanced mode is tuned to avoid blocking legitimate orders. If you want to be cautious, start with Learning mode \u2014 it logs what would be blocked without actually blocking anyone.<\/p><\/dd>\n<dt id=\"does%20it%20work%20with%20block%20checkout%3F\"><h3>Does it work with Block Checkout?<\/h3><\/dt>\n<dd><p>Yes. Works with both classic checkout and the newer block-based checkout.<\/p><\/dd>\n<dt id=\"what%20about%20paypal%2C%20stripe%2C%20and%20other%20payment%20gateways%3F\"><h3>What about PayPal, Stripe, and other payment gateways?<\/h3><\/dt>\n<dd><p>All major gateways work normally. Payment confirmations from gateways aren't affected by checkout validation.<\/p><\/dd>\n<dt id=\"i%20run%20a%20headless%20store.%20will%20this%20break%20my%20setup%3F\"><h3>I run a headless store. Will this break my setup?<\/h3><\/dt>\n<dd><p>Not if you configure it. Add your frontend's server IP to the whitelist, or use API key authentication. Both options let legitimate automated requests through.<\/p><\/dd>\n<dt id=\"do%20i%20still%20need%20captcha%3F\"><h3>Do I still need CAPTCHA?<\/h3><\/dt>\n<dd><p>Up to you. This plugin catches bots that CAPTCHA misses (the ones hitting your API directly). You can use both together, or drop CAPTCHA entirely to reduce checkout friction.<\/p><\/dd>\n<dt id=\"how%20do%20i%20know%20it%27s%20working%3F\"><h3>How do I know it's working?<\/h3><\/dt>\n<dd><p>Check the dashboard widget for a quick overview, or go to WooCommerce \u2192 Status \u2192 Logs and filter by \"carticy-checkout-shield\" for detailed logs.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.1.0<\/h4>\n\n<ul>\n<li>Default mode changed to Balanced (was Learning)<\/li>\n<li>Added smart logging with 3 levels: off, blocks only, and detailed (Pro)<\/li>\n<li>Added recent blocks feed on the dashboard showing last 50 blocked attempts (Pro)<\/li>\n<li>Added automatic CDN\/proxy detection for Cloudflare, Sucuri, and Akamai (Pro)<\/li>\n<li>Added enhanced permissive mode with referrer verification (Pro)<\/li>\n<li>Added checkout details (email, payment method) in log entries (Pro)<\/li>\n<li>Added upgrade prompts for Pro features<\/li>\n<li>Improved plugin title and description for better discoverability<\/li>\n<li>Removed \"Carticy\" from user-facing plugin name<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release<\/li>\n<li>Bot detection for checkout protection<\/li>\n<li>Four protection modes (learning, permissive, balanced, strict)<\/li>\n<li>IP whitelist with CIDR support<\/li>\n<li>API key authentication for headless checkout<\/li>\n<li>Proxy\/CDN support<\/li>\n<li>WooCommerce logging integration<\/li>\n<li>Dashboard statistics widget<\/li>\n<li>Orders list shield status column<\/li>\n<li>HPOS compatibility<\/li>\n<li>Block checkout compatibility<\/li>\n<\/ul>","raw_excerpt":"Stops fake checkout orders, card testing attacks, and spam bots that bypass CAPTCHA. Works instantly with all checkout types.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/syr.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/276707","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/syr.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/syr.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/syr.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=276707"}],"author":[{"embeddable":true,"href":"https:\/\/syr.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/carticy"}],"wp:attachment":[{"href":"https:\/\/syr.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=276707"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/syr.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=276707"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/syr.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=276707"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/syr.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=276707"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/syr.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=276707"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/syr.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=276707"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}