[WordPress] 外掛分享: ForgeLayer Crypto Payments for WooCommerce

首頁外掛目錄 › ForgeLayer Crypto Payments for WooCommerce
WordPress 外掛 ForgeLayer Crypto Payments for WooCommerce 的封面圖片
全新外掛
安裝啟用
尚無評分
25 天前
最後更新
問題解決
WordPress 5.8+ PHP 7.4+ v1.1.2 上架:2026-06-21

外掛標籤

開發者團隊

⬇ 下載最新版 (v1.1.2) 或搜尋安裝

① 下載 ZIP → 後台「外掛 › 安裝外掛 › 上傳外掛」
② 後台搜尋「ForgeLayer Crypto Payments for WooCommerce」→ 直接安裝(推薦)
📦 歷史版本下載

原文外掛簡介

ForgeLayer Crypto Payments connects your WooCommerce store to the ForgeLayer non-custodial crypto payment infrastructure. Customers can pay with Bitcoin, Ethereum (ERC-20), BNB Smart Chain (BEP-20), and Tron (TRC-20) tokens. Payments are sent to wallet addresses generated by your ForgeLayer account — ForgeLayer does not custody or control merchant funds.
Key Features

Multiple networks — Bitcoin, Ethereum, BSC, and Tron supported out of the box.
50+ tokens — USDT, USDC, DAI, LINK, UNI, AAVE, CAKE, and dozens more with automatic price conversion via CoinGecko.
Instant webhook confirmation — HMAC-SHA256 signed webhooks trigger order fulfillment in real time, no polling required.
Background price caching — WP-Cron keeps cryptocurrency prices fresh so checkout never calls an external API on page load.
WooCommerce Blocks compatible — fully supports the block-based Cart and Checkout pages alongside the classic shortcode checkout.
HPOS compatible — officially declared compatible with WooCommerce High-Performance Order Storage.
Address reuse — optionally reuse inactive addresses to conserve your plan’s address quota.
Late payment grace period — configurable window to auto-reopen cancelled orders when payment arrives after the deadline.
Plan usage dashboard — real-time usage bars for addresses, webhooks, and API requests right on the settings page. Email alerts at 80%, 90%, and 100%.
Security hardened — HMAC signature verification, nonce CSRF protection, rate limiting on AJAX endpoints, progressive IP lockout, replay-attack prevention, input whitelisting, and comprehensive HTTP security headers on the payment page.
Non-custodial — ForgeLayer never holds your funds. Crypto goes straight to your wallet.

Supported Networks and Tokens
Network
Native Coin
Example Tokens
Bitcoin
BTC

Ethereum
ETH
USDT, USDC, DAI, LINK, UNI, AAVE, WBTC
BNB Smart Chain
BNB
USDT, USDC, BUSD, CAKE, XVS, WBNB
Tron
TRX
USDT, USDC, BTT, WIN, JST, SUN
Custom CoinGecko IDs can be added in settings for any token not in the built-in directory.
How It Works

A customer selects a network and token at checkout.
ForgeLayer generates a unique deposit address for the order.
The customer sends the exact crypto amount to the displayed address (with QR code).
ForgeLayer fires a signed webhook when the deposit is confirmed on-chain.
The WooCommerce order status moves to Processing automatically.

Security
This plugin implements defense-in-depth security:

All webhook payloads are verified with HMAC-SHA256 signatures before any processing.
Transaction hashes are deduplicated to prevent replay attacks.
Webhook payload timestamps are validated within a ±5-minute window.
Admin AJAX endpoints are rate-limited (max 10 requests/minute per user).
The payment poll endpoint uses IP-based progressive lockout (3 strikes = 60s, 10 strikes = 1h).
The payment page sends X-Content-Type-Options, X-XSS-Protection, Referrer-Policy, and a tight Content-Security-Policy header.
All input is validated against strict whitelists before use.
No sensitive data (API key, webhook secret, address IDs) is ever output in HTML source.

External services
This plugin connects to the following external services:
ForgeLayer API (api.forgelayer.io)
Used for all core payment functions: generating blockchain deposit addresses, registering webhooks, and verifying payment confirmations. The store’s ForgeLayer API key and order-related data (amount, currency, chain, token) are sent when a customer initiates checkout. This service is required for the plugin to function.

ForgeLayer Terms of Service
ForgeLayer Privacy Policy

CoinGecko (api.coingecko.com)
Used to fetch current cryptocurrency prices for fiat-to-crypto conversion. Only coin IDs and the store’s fiat currency are sent — no customer or order data is transmitted. Prices are cached server-side by WP-Cron; CoinGecko is not called during individual customer checkouts under normal operation.

CoinGecko Terms of Service
CoinGecko Privacy Policy

QRServer (api.qrserver.com) — optional
Used to generate QR code images on the payment page. Disabled by default. Merchants can enable it under WooCommerce > Settings > Payments > ForgeLayer > Show QR Codes. When enabled, the blockchain wallet address (not customer personal data) is sent to api.qrserver.com to render a QR image.

QRServer Terms of Service
QRServer Privacy Policy

延伸相關外掛

文章
Filter
Apply Filters
Mastodon