Velocity Guard for WooCommerce – Fraud Protection, Stop Fake Orders & Card Testing

Changelog

0.2.1

  • Fix: whitelisted IPs now always pass, even if previously auto-blocklisted — the whitelist is the recovery path for a false positive and now correctly overrides the blocklist.
  • New: “Currently blocked” panel on the settings page lists active blocks with a one-click Unblock, so a wrongly-blocked customer no longer has to wait out the block window.
  • Fix: REST guard now reads the billing email from the classic /wc/v3/orders payload shape (billing.email), so email velocity applies there too, not just on the Store API.
  • Fix: plugin-delete cleanup now removes all plugin transients (previous prefix never matched) and the pattern-feed state option.
  • Maintenance: updated the bundled Freemius SDK to 2.13.2.

0.2.0

  • Pro: the pattern library is now an automatically updated, cryptographically signed rule pack, refreshed as new attack patterns are identified. Updates are verified before use; if an update ever fails, the previously loaded rules stay active and checkout is never interrupted.
  • Pro: added a “Pattern library feed” status panel with a manual update control.
  • Pro: added datacenter / hosting-range matching to the pattern rule engine.
  • Hardened pattern matching against pathological (ReDoS) expressions.

0.1.0

  • Initial public release.
  • Sliding-window velocity rules per IP, email, session, and IP+email combination.
  • Failed-payment auto-blocklist with configurable threshold and duration.
  • REST API guard for /wc/v3/orders, /wc/store/v1/checkout, /wc/store/checkout.
  • HPOS-native data layer; declared compatible via FeaturesUtil::declare_compatibility.
  • Proxy-aware client IP detection for Cloudflare, Akamai, Fastly, X-Forwarded-For, X-Real-IP.
  • IP whitelist with IPv4/IPv6 format validation.
  • Custom event log table with dashboard widget and admin event browser.
  • Pro tier (Freemius-managed): behavioural device fingerprinting, Slack/Discord/email alerts, pattern library rule packs.

Plugin Website
Visit website

Author
junkoe
Version:
0.2.1
Last Updated
June 17, 2026
Active Installs
10
Requires
WordPress 6.4
Tested Up To
WordPress 7.0
Requires PHP
7.4

Share Post

Join our newsletter.

Get insights into what’s happening at ChangelogWP right in your inbox. We don’t believe in spam.