{"id":101,"date":"2025-10-06T16:37:15","date_gmt":"2025-10-06T16:37:15","guid":{"rendered":"https:\/\/wcog.michaelwinchester.com\/wcog\/?p=101"},"modified":"2025-10-10T22:55:52","modified_gmt":"2025-10-10T22:55:52","slug":"checkout-origin-guard-new-name-repository-submission-and-more","status":"publish","type":"post","link":"https:\/\/wcog.michaelwinchester.com\/wcog\/2025\/10\/06\/checkout-origin-guard-new-name-repository-submission-and-more\/","title":{"rendered":"Checkout Origin Guard: new name, repository submission, and more"},"content":{"rendered":"\n<p class=\"has-large-font-size\">I\u2019m excited to share three things today: a new name, an update on the WordPress Plugin Repository submission, and a roundup of recent improvements.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Why the name change: WC Origin Guard \u2192 Checkout Origin Guard<\/h3>\n\n\n\n<p>The plugin started life as <strong>WC Origin Guard<\/strong>; it now ships as <strong>Checkout Origin Guard<\/strong>. The new name says exactly what it does: protect the <strong>checkout<\/strong> with lightweight, behavior-based security and practical fraud controls. The scope is the same; the label is clearer for store owners and aligns better with the repository slug and text domain.<\/p>\n\n\n\n<p><strong>Compatibility:<\/strong> Existing installs migrate automatically. Settings keys are preserved; the admin UI remains familiar. If you previously ran WC Origin Guard, you do not need to reconfigure everything.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">WordPress Plugin Repository: status and compliance<\/h3>\n\n\n\n<p>I\u2019ve submitted <strong>Checkout Origin Guard<\/strong> for inclusion in the official repository and am working through final review. To prepare for listing, I tightened compliance across the board. Once the listing is live, you\u2019ll be able to install and update directly from your dashboard. I\u2019ll share the link on michaelwinchester.com as soon as it\u2019s published.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">What\u2019s new in the latest builds<\/h3>\n\n\n\n<p>The last few cycles focused on reliability, clarity, and the tools you asked for:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Company Shield upgrades:<\/strong>\n<ul class=\"wp-block-list\">\n<li>Name heuristics with small dictionaries to flag nonsense or AI-ish \u201ccompany\u201d strings.<\/li>\n\n\n\n<li>Email and domain checks: disposable domains, unlikely TLDs, and mismatch signals.<\/li>\n\n\n\n<li>Tunable scoring with clear reasons in the log.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>BotBlock engine refinements:<\/strong>\n<ul class=\"wp-block-list\">\n<li>Dwell-time and rate-limit checks with a smarter cooldown.<\/li>\n\n\n\n<li>Rapid sequence detector for botty re-posts on <code>\/?wc-ajax=checkout<\/code>.<\/li>\n\n\n\n<li>Search engine and uptime monitor allowances you can toggle.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Actionable logs:<\/strong>\n<ul class=\"wp-block-list\">\n<li><strong>Block\/Unblock IP<\/strong> links directly on each row; instant effect.<\/li>\n\n\n\n<li>CSV export for audit trails; simple filters for dates, path, and decision.<\/li>\n\n\n\n<li>Clear reason codes: <code>missing_nonce<\/code>, <code>empty_referrer<\/code>, <code>referrer_not_allowed<\/code>, <code>rate_exceeded<\/code>, and more.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Settings that actually stick:<\/strong>\n<ul class=\"wp-block-list\">\n<li>Everything consolidated to a <strong>single page<\/strong>; no more state lost between tabs.<\/li>\n\n\n\n<li>A <strong>Populate Defaults<\/strong> button that now preloads sensible, safe options.<\/li>\n\n\n\n<li>Mode selector: <strong>Monitor<\/strong>, <strong>Soft Block<\/strong>, or <strong>Hard Block<\/strong>; easy to flip while you observe traffic.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Checkout flow protections:<\/strong>\n<ul class=\"wp-block-list\">\n<li>Honeypot timestamp, session and nonce validation, optional hold-instead-of-block behavior.<\/li>\n\n\n\n<li>Optional auto-cancel window for obviously bogus orders; runs via WP-Cron.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Upgrade notes<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Minimums:<\/strong> WordPress 6.0+, WooCommerce current stable, PHP 7.4+ recommended.<\/li>\n\n\n\n<li><strong>Text domain:<\/strong> If you customized translations, switch to <code>checkout-origin-guard<\/code>.<\/li>\n\n\n\n<li><strong>One-page settings:<\/strong> Your previous values are migrated; review defaults once after upgrade.<\/li>\n\n\n\n<li><strong>Logs UI:<\/strong> You\u2019ll see new reason codes; that\u2019s expected with the enhanced detectors.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">What\u2019s next<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A <strong>Review Mode<\/strong> that logs and scores but never blocks; perfect for first-week observation.<\/li>\n\n\n\n<li>Optional <strong>email notifications<\/strong> for spikes or rapid sequences.<\/li>\n\n\n\n<li>More granular <strong>allow\/deny lists<\/strong>: path-level, CIDR helpers, and saved presets.<\/li>\n\n\n\n<li>A lightweight <strong>Pro add-on<\/strong> for deeper reporting and per-product rules; still keeping the core fast.<\/li>\n<\/ul>\n\n\n\n<p>Even with multiple layers of defense, some suspicious traffic can still slip through. Bots evolve constantly \u2014 mimicking human dwell times, spoofing headers, or routing through clean IP space \u2014 and legitimate users sometimes behave unpredictably (VPNs, autofill extensions, or privacy browsers can all look like automation). My goal with Checkout Origin Guard isn\u2019t to promise perfection; it\u2019s to filter out the obvious junk and give store owners visibility into the grey area in between. That\u2019s why the plugin logs every decision, shows the reasoning, and lets you fine-tune the balance between blocking and monitoring instead of relying on a single, rigid rule set.<\/p>\n\n\n\n<p>If you have feedback or sample logs you want me to examine, send them my way; real traffic patterns help me tune the defaults for everyone.<\/p>\n\n\n\n<p>Thanks for following along and for supporting independent plugin development.<\/p>\n\n\n\n<p>\u2014 <strong>Michael Winchester<\/strong><br><strong>POTAR<\/strong> \u2022 <a href=\"https:\/\/michaelwinchester.com\">michaelwinchester.com<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>I\u2019m excited to share three things today: a new name, an update on the WordPress Plugin Repository submission, and a roundup of recent improvements. Why the name change: WC Origin Guard \u2192 Checkout Origin Guard The plugin started life as WC Origin Guard; it now ships as Checkout Origin Guard. The new name says exactly &#8230; <a title=\"Checkout Origin Guard: new name, repository submission, and more\" class=\"read-more\" href=\"https:\/\/wcog.michaelwinchester.com\/wcog\/2025\/10\/06\/checkout-origin-guard-new-name-repository-submission-and-more\/\" aria-label=\"Read more about Checkout Origin Guard: new name, repository submission, and more\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":122,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_eb_attr":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-101","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-checkout-origin-guard"],"_links":{"self":[{"href":"https:\/\/wcog.michaelwinchester.com\/wcog\/wp-json\/wp\/v2\/posts\/101","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wcog.michaelwinchester.com\/wcog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wcog.michaelwinchester.com\/wcog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wcog.michaelwinchester.com\/wcog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wcog.michaelwinchester.com\/wcog\/wp-json\/wp\/v2\/comments?post=101"}],"version-history":[{"count":1,"href":"https:\/\/wcog.michaelwinchester.com\/wcog\/wp-json\/wp\/v2\/posts\/101\/revisions"}],"predecessor-version":[{"id":102,"href":"https:\/\/wcog.michaelwinchester.com\/wcog\/wp-json\/wp\/v2\/posts\/101\/revisions\/102"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wcog.michaelwinchester.com\/wcog\/wp-json\/wp\/v2\/media\/122"}],"wp:attachment":[{"href":"https:\/\/wcog.michaelwinchester.com\/wcog\/wp-json\/wp\/v2\/media?parent=101"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wcog.michaelwinchester.com\/wcog\/wp-json\/wp\/v2\/categories?post=101"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wcog.michaelwinchester.com\/wcog\/wp-json\/wp\/v2\/tags?post=101"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}