Fix: whitelisted IPs now always pass, even if previously auto-blocklisted — the whitelist is the recovery path for a false positive and now correctly overrides the blocklist.
New: “Currently blocked” panel on the settings page lists active blocks with a one-click Unblock, so a wrongly-blocked customer no longer has to wait out the block window.
Fix: REST guard now reads the billing email from the classic /wc/v3/orders payload shape (billing.email), so email velocity applies there too, not just on the Store API.
Fix: plugin-delete cleanup now removes all plugin transients (previous prefix never matched) and the pattern-feed state option.
Maintenance: updated the bundled Freemius SDK to 2.13.2.
0.2.0
Pro: the pattern library is now an automatically updated, cryptographically signed rule pack, refreshed as new attack patterns are identified. Updates are verified before use; if an update ever fails, the previously loaded rules stay active and checkout is never interrupted.
Pro: added a “Pattern library feed” status panel with a manual update control.
Pro: added datacenter / hosting-range matching to the pattern rule engine.
Hardened pattern matching against pathological (ReDoS) expressions.
0.1.0
Initial public release.
Sliding-window velocity rules per IP, email, session, and IP+email combination.
Failed-payment auto-blocklist with configurable threshold and duration.
REST API guard for /wc/v3/orders, /wc/store/v1/checkout, /wc/store/checkout.
HPOS-native data layer; declared compatible via FeaturesUtil::declare_compatibility.
Proxy-aware client IP detection for Cloudflare, Akamai, Fastly, X-Forwarded-For, X-Real-IP.
IP whitelist with IPv4/IPv6 format validation.
Custom event log table with dashboard widget and admin event browser.
