Descripción
Checkout Shield stops fake checkout orders and card testing attacks — the kind that bypass your CAPTCHA.
Card testing bots don’t fill out your checkout form. They hit your store’s checkout API directly, completely skipping any reCAPTCHA or hCaptcha you’ve set up. That’s why CAPTCHA alone doesn’t stop them.
This plugin verifies that every checkout request comes from a real browser session. Bots that can’t prove they loaded your checkout page get blocked before WooCommerce processes the order.
Why Store Owners Choose This Plugin
- Catches what CAPTCHA misses — blocks bots hitting your checkout API directly
- Works with any caching — LiteSpeed, Cloudflare, WP Rocket, W3TC — no conflicts
- Zero configuration — activate and you’re protected
- No external services — everything runs on your server, no subscriptions
- No performance impact — validation adds microseconds, not seconds
Features (Free)
- Automatic bot blocking — works the moment you activate, no setup needed
- 4 protection levels — Learning, Permissive, Balanced, and Strict — choose how aggressive you want to be
- Dashboard overview — see blocked vs verified orders at a glance with a 7-day chart
- Order status tracking — know which orders were flagged, passed, or blocked
- IP whitelist — let trusted addresses through, supports CIDR notation
- API key authentication — for headless and custom checkout setups
- Works with all checkout types — classic, block-based, and all payment gateways
- HPOS compatible — works with High-Performance Order Storage
- WooCommerce logging — full integration with WooCommerce Status logs
Pro Features
Take control with advanced tools:
- Smart logging — choose what gets logged: nothing, blocked attempts only, or everything with full details
- Recent blocks feed — see the last 50 blocked attempts right on your dashboard, with email, payment method, and block reason
- Automatic CDN/proxy detection — correctly identifies visitor IPs behind Cloudflare, Sucuri, or Akamai without manual configuration
- Stronger permissive mode — adds referrer verification on top of session checks for tighter bot detection
- Checkout details in logs — see exactly which email and payment method bots tried to use
- Customer blocklist — block repeat offenders by email, name, address, phone, IP, or postal code
- Order block metabox — add customers to the blocklist directly from any order screen
Capturas
Settings page – Configure protection mode and options 
Dashboard widget – Monitor blocked and passed requests 
Orders column – View shield status for each order
Instalación
- Upload the plugin files to
/wp-content/plugins/carticy-checkout-shield-for-woocommerce/ - Activate the plugin through the 'Plugins' menu in WordPress
- That’s it. Protection is active immediately.
Optional: Go to WooCommerce Settings Advanced Checkout Shield to adjust settings.
Requirements
- WordPress 6.0+
- WooCommerce 8.0+
- PHP 8.0+
FAQ
-
Does this slow down checkout?
-
No. Validation happens locally in microseconds. No external API calls, no waiting on third-party services.
-
Will this block real customers?
-
Very unlikely. The default Balanced mode is tuned to avoid blocking legitimate orders. If you want to be cautious, start with Learning mode — it logs what would be blocked without actually blocking anyone.
-
Does it work with Block Checkout?
-
Yes. Works with both classic checkout and the newer block-based checkout.
-
What about PayPal, Stripe, and other payment gateways?
-
All major gateways work normally. Payment confirmations from gateways aren’t affected by checkout validation.
-
I run a headless store. Will this break my setup?
-
Not if you configure it. Add your frontend’s server IP to the whitelist, or use API key authentication. Both options let legitimate automated requests through.
-
Do I still need CAPTCHA?
-
Up to you. This plugin catches bots that CAPTCHA misses (the ones hitting your API directly). You can use both together, or drop CAPTCHA entirely to reduce checkout friction.
-
How do I know it’s working?
-
Check the dashboard widget for a quick overview, or go to WooCommerce Status Logs and filter by "carticy-checkout-shield" for detailed logs.
Reseñas
No hay reseñas para este plugin.
Colaboradores y desarrolladores
"Checkout Shield for WooCommerce – Stop Fake Orders, Spam Bots & Card Testing" es un software de código abierto. Las siguientes personas han colaborado con este plugin.
Colaboradores
Traduce "Checkout Shield for WooCommerce – Stop Fake Orders, Spam Bots & Card Testing" a tu idioma.
¿Interesado en el desarrollo?
Revisa el código , echa un vistazo al repositorio SVN o suscríbete al registro de desarrollo por RSS.
Registro de cambios
1.1.0
- Default mode changed to Balanced (was Learning)
- Added smart logging with 3 levels: off, blocks only, and detailed (Pro)
- Added recent blocks feed on the dashboard showing last 50 blocked attempts (Pro)
- Added automatic CDN/proxy detection for Cloudflare, Sucuri, and Akamai (Pro)
- Added enhanced permissive mode with referrer verification (Pro)
- Added checkout details (email, payment method) in log entries (Pro)
- Added upgrade prompts for Pro features
- Improved plugin title and description for better discoverability
- Removed "Carticy" from user-facing plugin name
1.0.0
- Initial release
- Bot detection for checkout protection
- Four protection modes (learning, permissive, balanced, strict)
- IP whitelist with CIDR support
- API key authentication for headless checkout
- Proxy/CDN support
- WooCommerce logging integration
- Dashboard statistics widget
- Orders list shield status column
- HPOS compatibility
- Block checkout compatibility