前言介紹
- 這款 WordPress 外掛「Checkout Origin Guard」是 2025-10-08 上架。
- 目前尚無安裝啟用數,是個很新的外掛。如有要安裝使用,建議多測試確保功能沒問題!
- 上一次更新是 2026-01-27,距離現在已有 29 天。
- 外掛最低要求 WordPress 6.0 以上版本才可以安裝。
- 外掛要求網站主機運作至少需要 PHP 版本 7.4 以上。
- 尚未有人給過這款外掛評分。
- 還沒有人在論壇上發問,可能目前使用數不多,還沒有什麼大問題。
外掛協作開發者
potar |
外掛標籤
spam | ip blocker | bot protection | fraud prevention | woocommerce checkout security |
內容簡介
總結:Checkout Origin Guard 通過識別並阻止未知來源,保護您的 WooCommerce 商店免受假冒、欺詐或自動結帳嘗試。此外,該外掛運行客戶來源啟發法、IP 聲譽檢查、停留時間和序列分析,以檢測結帳過程中的非人類流量和可疑行為。
**問題與答案:**
1. Checkout Origin Guard 用於保護哪種電子商店?
- 通過識別並阻止未知來源,保護 WooCommerce 商店免受假冒、欺詐或自動結帳嘗試。
2. 插件使用什麼方式來檢測非人類流量和可疑的行為?
- 插件運行客戶來源啟發法、IP 聲譽檢查、停留時間和序列分析來檢測非人類流量和可疑行為。
3. Checkout Origin Guard 可以檢測和阻止哪些內容?
- 可以檢測和阻止自動化機器人、快速的腳本攻擊、可疑的商業名稱、電子郵件域、以及從同一 IP 進行的重複結帳嘗試等。
4. 使用這個外掛的好處是什麼?
- 阻止欺詐行為並節省時間,減少風險,保持您的系統整潔;此外,可以通過與現有防火牆或 CDN 一起運行,不需要外部 API 或訂閱。
5. 誰開發了 Checkout Origin Guard 外掛?
- Michael Winchester 開發了這個外掛。
**Credits:**
- 開發者:Michael Winchester
- 文檔和更新:https://michaelwinchester.com
原文外掛簡介
Checkout Origin Guard protects your WooCommerce store from fake, fraudulent, or automated checkout attempts by identifying and blocking abusive origins before they clutter your order table or your logs.
The plugin runs client-origin heuristics, IP controls, and sequence analysis to detect non-human traffic and suspicious behavior at checkout. It adds Company Shield for business and email sanity checks and an optional AVS “U” signal handler for gateways that report “Address not checked / unavailable”.
All controls live on a single admin screen; you can adjust sensitivity, manage allowlists and blocklists, and review traffic logs in one place.
Three layers of protection
Bot Block (traffic level)
Detects and throttles abusive requests before they become orders:
Analyzes user agents, referrers, and known bot signatures
Watches rapid-fire hits to checkout and wc-ajax endpoints
Supports monitor, soft, and hard blocking modes
Built-in allowlist for search engines, uptime monitors, and core WordPress services
Company Shield (checkout level)
Validates business identity and email quality at checkout:
Flags suspicious or synthetic business names
Detects repeated syllables, odd vowel ratios, and gibberish patterns
Identifies disposable email domains and role-based accounts (admin, info, sales, etc.)
Can run in:
Monitor; log and annotate orders
Soft; create the order and automatically place it on hold or pending
Hard; block checkout with a user-facing error message
Payment AVS signals (post-payment; optional)
For gateways that expose AVS results in order meta, Checkout Origin Guard can treat “AVS: U; unavailable / not checked” as a risk signal:
Does not change how your gateway authorizes or captures payments
Can be configured to:
Ignore the signal
Add an order note only
Add an order note and bump a risk-score meta field
Put the order on hold for manual review
Uses flexible pattern matching; can scan specific gateway meta keys or fall back to scanning all order meta for common “AVS: U” messages such as the PayPal string
Off by default; you opt in and choose the behavior
Key Features
🛡️ Bot Block; Detects and blocks automated bots by analyzing user agents, referrers, and checkout behavior patterns.
⚡ Rapid Sequence Detection; Monitors frequency and timing between checkout attempts to identify scripted attacks and card testing activity.
🧠 Company Shield; Flags suspicious or AI-generated business names, email domains, and mixed-character spam entries at checkout.
🌎 Allowlist Controls; Preserve access for search engines, uptime monitors, and essential WordPress and WooCommerce services.
🔒 Hard / Soft / Monitor Modes; Choose between logging only, soft blocking, or full hard blocking.
🧾 AVS “U” Risk Signals (optional); Treat “Address not checked / unavailable” as a post-payment risk signal; add notes, increase risk score, or hold the order.
🗂️ Log Viewer; See activity including timestamps, IPs, user agents, paths, and detection outcomes.
🧩 One-Page Dashboard; Configure settings, review logs, and manage allow/deny lists from a single screen.
🚫 Manual Block / Unblock; Instantly remove or restore access for specific IPs with one click.
💾 CSV Export; Download checkout-origin activity logs for security review or record keeping.
Why Online Shops Need it
WooCommerce checkouts are frequent targets for:
Card testing and BIN probing
Fake business registrations and spam accounts
Automated scripts hammering your checkout endpoints
Checkout Origin Guard focuses on checkout behavior and identity quality, not just generic firewall rules. It helps you:
Reduce chargeback and fraud risk
Keep your order list clean and reviewable
Shorten the time spent cleaning up junk orders and bogus signups
The plugin works alongside any existing firewall, CDN, or WAF; it does not rely on external APIs or subscriptions. All data stays on your server.
Use Cases
Prevent card testing or order spam
Stop bots using nonsense or AI-generated company names
Detect rapid repeat checkout attempts from the same IP
Block suspicious POST requests that hit checkout endpoints
Add an extra layer of review for orders where the gateway reports “AVS unavailable / not checked”
Maintain cleaner order history and logs for real customers
Credits
Developed by Michael Winchester
For documentation and updates, visit https://michaelwinchester.com
各版本下載點
- 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
- 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「Checkout Origin Guard」來進行安裝。
(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。
1.7 | 1.5.3 | 1.5.4 | 1.7.1 | trunk |
延伸相關外掛(你可能也想知道)
Akismet Anti-spam: Spam Protection 》Akismet會檢查您的評論和聯繫表單提交,將它們與全球垃圾郵件數據庫進行比對,以防止站點發佈惡意內容。您可以在部落格的“評論”管理畫面中檢查評論垃圾郵件的...。
Sucuri Security – Auditing, Malware Scanner and Security Hardening 》Sucuri Inc. 是全球公認的網站安全權威,專門為 WordPress 安全提供專業知識。, Sucuri Security WordPress 擴充套件對所有 WordPress 使用者免費提供。它是...。
WP Mail Logging 》WP Mail Logging 是最受歡迎的 WordPress 或 WooCommerce 郵件記錄外掛程式。啟用後立即運作,無需任何設定。, 為什麼要記錄 WordPress 或 WooCommerce 發送...。
ReCaptcha v2 for Contact Form 7 》Contact Form 7 v5.1 於 2018 年 12 月停止支援 reCaptcha v2,以及 [recaptcha] 標籤。此外掛從 Contact Form 7 5.0.5 重新帶回了這項功能,同時重新加入了 ...。
Spam protection, Honeypot, Anti-Spam by CleanTalk 》Forms spam filter, Plugin extends spam protection for Gravity Forms. It filters spam submissions for each form created with Gravity Forms., MemberP...。
Simple CAPTCHA Alternative with Cloudflare Turnstile 》輕鬆地將 Cloudflare Turnstile 添加到您的 WordPress 網站中的所有表單中,以保護它們免受垃圾郵件的影響!, 一個用戶友好、保護隱私的 reCAPTCHA 替代方案...。
Gravity Forms Zero Spam 》這個 Gravity Forms 的外掛使用不會打擾使用者的防 spam 措施來封鎖垃圾郵件。您不需要進行任何設定或組態,只需要啟用這個外掛!, Gravity Forms 蜜罐欄位沒...。
Email Address Encoder 》這是一個輕量級的外掛,可以保護純文字的電子郵件地址和 mailto 鏈結免受電子郵件抓取機器人獵取,透過將它們編碼成十進位和十六進位實體。對文章、頁面、留...。
Image CAPTCHA for Contact Form 7 and WPForms by HookAndHook (DSGVO/GDPR) 》在你的Contact Form 7表單中添加一個SVG圖像驗證和蜜罐。這個驗證符合GDPR要求,因為圖像是內嵌的SVG格式,所以這個外掛程序不會像Google的ReCAPTCHA那樣通過...。
Simple Google reCAPTCHA 》Simple Google reCAPTCHA將保護您的WordPress!您可以在默認的v2復選框和v3(如隱形reCAPTCHA)之間進行選擇。, 不再有垃圾評論和針對用戶帳戶的暴力攻擊。小...。
Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms 》Antispam 外掛。, 快速連結:升級 | 支援 | 贊助, 遏止垃圾電子郵件、垃圾評論、垃圾註冊、垃圾機器人和惡意網絡騷擾。透過這款維護完善的成熟外掛,執行診斷...。
reCAPTCHA for WooCommerce 》輕鬆將 Google reCAPTCHA 加入到 WooCommerce 結帳和表單中,以幫助防止垃圾郵件。, 支援的表單, 您目前可以在以下表單啟用 reCAPTCHA:, WooCommerce, , 結...。
Maspik – Ultimate Spam Protection 》您的聯繫表格是否一直被垃圾郵件騷擾?, MASPIK可以幫助您阻止Elementor + CF7表單 +WordPress評論和註冊(以及Gravityforms + Wpforms + Woocommerce評論和...。
Throws SPAM Away 》這個外掛的開發旨在打擊海外的評論垃圾郵件,目前以下的篩選器被用來判定垃圾郵件。, ・日語篩選(是否包含日語), 只有留言中包含日語字符才能被發布,沒...。
Cookies for Comments 》這個外掛將會在你的部落格 HTML 的原始碼中新增一個樣式表或圖片。當瀏覽器讀取該樣式表或圖片時,會放置一個 Cookie。如果有使用者在這之後留下評論,該 Coo...。