=== Checkout Bot Shield === Contributors: pluximo Donate link: https://pluximo.com/ Tags: checkout, bot, shield, protection Requires at least: 6.8 Tested up to: 6.9 Requires PHP: 7.4 Stable tag: 1.0.0 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html Checkout Bot Shield adds lightweight rate limiting to stop repeated automated orders while keeping real shoppers moving. == Description == **What it does:** Blocks suspicious, rapid-fire checkout attempts so fake orders and carding bots cannot overwhelm your store. Legit customers still get through. **Battle tested:** The Pro edition is trusted by 1,000+ stores; this Lite version is a hands-on demo so you can see how it behaves before upgrading. **Why you might want it:** - Protects revenue and inventory from bot abuse and testing-card attacks. - Reduces server load from repeated checkout calls. - Gives you visibility via WooCommerce log files without adding new dashboards (source name: `cbshield`). == Features == - Limits rapid checkout retries from the same visitor. - Shows a friendly message when the limit is reached. - Works with WooCommerce checkout (Store API). - Adds entries to WooCommerce logs for easy review (`WooCommerce → Status → Logs → cbshield-*.log`). - Runs quietly in the background—no extra setup screens. == Requirements == - WordPress 6.8 or later. - WooCommerce active. - PHP 7.4 or later. == Installation == 1. Upload the plugin to `/wp-content/plugins/checkout-bot-shield` or install via the WordPress plugin uploader. 2. Activate **Checkout Bot Shield** from **Plugins** in wp-admin. 3. No setup required—the default limit is active immediately. == How to verify it works == - Place a few quick checkout attempts from the same browser/session; the first attempts should work. - Another quick attempt right after should be blocked with “Too many checkout attempts. Please try again later.” - Check WooCommerce logs (source `cbshield`) to see recorded attempts and any blocks. == Frequently Asked Questions == = Does this slow down checkout? = No. It only adds a lightweight check when the checkout endpoint is called. = Can I change the limit? = Yes. Developers can adjust it with a filter. Example to allow 5 quick attempts: ` add_filter( 'cbshield_checkout_attempt_limit', function () { return 5; } ); ` = Where are the logs? = WooCommerce → Status → Logs, look for files starting with `cbshield-`. = Does it share data externally? = No. All checks and logs stay on your site. == Changelog == = 1.0.0 - 02.01.2026 = - Initial release: per-session checkout rate limiting with WooCommerce logging.