{"id":55,"date":"2025-10-03T16:41:07","date_gmt":"2025-10-03T16:41:07","guid":{"rendered":"https:\/\/wcog.michaelwinchester.com\/wcog\/?p=55"},"modified":"2025-10-10T22:55:37","modified_gmt":"2025-10-10T22:55:37","slug":"protecting-your-woocommerce-store-with-wc-origin-guard","status":"publish","type":"post","link":"https:\/\/wcog.michaelwinchester.com\/wcog\/2025\/10\/03\/protecting-your-woocommerce-store-with-wc-origin-guard\/","title":{"rendered":"Getting Stated with Checkout Origin Guard"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Protecting Your WooCommerce Store<\/h2>\n\n\n\n<p>Failed orders, fake transactions, and bot-driven checkouts are more than just an annoyance, they waste your time, skew your analytics, and in some cases cost you money in refunds and fraud fees. <strong>Checkout Origin Guard<\/strong> is a lightweight plugin that adds an extra layer of protection to your WooCommerce checkout without slowing down your site or your real customers.<\/p>\n\n\n\n<p>This guide will show you how to use <strong>Checkout Origin Guard<\/strong> and explain what each setting does.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Getting Started<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Install the plugin in your WordPress admin under <strong>Plugins \u2192 Add New<\/strong>.<\/li>\n\n\n\n<li>Once activated, go to <strong>WooCommerce \u2192 Checkout Origin Guard<\/strong>.<\/li>\n\n\n\n<li>You\u2019ll see all protection modules on one page, prefilled with sensible defaults.<\/li>\n\n\n\n<li>Click <strong>Save All Changes<\/strong> to confirm, and you\u2019re protected immediately.<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Origin Guard Settings<\/h2>\n\n\n\n<p>These options harden the checkout process against automated scripts and \u201cdrive-by\u201d bots.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Activate Origin Guard<\/strong><br>Turns the entire origin validation system on or off.<\/li>\n\n\n\n<li><strong>Minimum Dwell (seconds)<\/strong><br>Forces a short \u201cthink time\u201d before checkout can be submitted. Bots usually rush; real customers take at least a few seconds. Default is 8 seconds.<\/li>\n\n\n\n<li><strong>Rate Limit per IP<\/strong><br>Caps how many checkout attempts a single IP can make within a time window. For example, <code>6 \/ 600<\/code> means 6 attempts every 600 seconds (10 minutes). If exceeded, new checkouts are blocked until the window resets.<\/li>\n\n\n\n<li><strong>Require Same-Host Referrer<\/strong><br>Ensures the checkout form was submitted from your own site. Many bots post directly to <code>\/?wc-ajax=checkout<\/code> without ever visiting your pages.<\/li>\n\n\n\n<li><strong>Require JS Proof<\/strong><br>Adds a hidden JavaScript nonce field to the checkout form. Since most bots don\u2019t execute JS, this weeds them out.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Company Name Guard<\/h2>\n\n\n\n<p>This module catches orders with suspicious or junk data in the <strong>Company<\/strong> field.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Activate Company Name Guard<\/strong><br>Enables validation on the company name field.<\/li>\n\n\n\n<li><strong>Minimum Company Length<\/strong><br>Rejects names that are too short (e.g., \u201cx\u201d or \u201c-\u201d).<\/li>\n\n\n\n<li><strong>Alpha Ratio Threshold (0\u20131)<\/strong><br>Measures how many letters are in the name compared to symbols or numbers. For example, a ratio of <code>0.5<\/code> means at least half of the characters must be letters. This blocks garbage like <code>!!!###@@@<\/code>.<\/li>\n\n\n\n<li><strong>Company Whitelist<\/strong><br>Add trusted company names here (one per line). Any order from a whitelisted company will always pass validation, even if it doesn\u2019t meet the other rules.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Logs<\/h2>\n\n\n\n<p>Every time a checkout is blocked, <strong>Checkout Origin Guard<\/strong> records the details:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Timestamp<\/li>\n\n\n\n<li>Rule that triggered the block<\/li>\n\n\n\n<li>Message (e.g., \u201cFailed dwell check\u201d or \u201cBad referrer\u201d)<\/li>\n\n\n\n<li>Visitor IP<\/li>\n<\/ul>\n\n\n\n<p>You can view the most recent 200 entries right on the settings page. If you want to clear them out, click <strong>Purge Logs<\/strong>.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Best Practices<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Start with the defaults (<code>8s dwell, 6\/600 rate limit, referrer &amp; JS proof enabled<\/code>).<\/li>\n\n\n\n<li>Watch the <strong>Logs<\/strong> for a day or two. If you see a lot of real customers being blocked, adjust dwell time or disable stricter rules.<\/li>\n\n\n\n<li>Use the <strong>Company Name Guard<\/strong> if you see repeated spammy orders with junk company data.<\/li>\n\n\n\n<li>Keep your whitelist current so your trusted customers never hit a false block.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Why Use Checkout Origin Guard?<\/h2>\n\n\n\n<p>Unlike generic anti-spam plugins, Checkout Origin Guard is built specifically for WooCommerce checkout. It\u2019s lightweight, requires no external service, and defends against the real patterns bots use:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Empty or spoofed referrers<\/li>\n\n\n\n<li>Scripted direct checkout posts<\/li>\n\n\n\n<li>High-frequency requests<\/li>\n\n\n\n<li>Garbage field data<\/li>\n<\/ul>\n\n\n\n<p>With it in place, you\u2019ll spend less time dealing with fake orders and more time focusing on real customers.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading alignwide has-text-align-center\" style=\"font-size:40px\">\ud83d\udc49 Ready to protect your store?<\/h1>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"256\" height=\"256\" src=\"https:\/\/wcog.michaelwinchester.com\/wcog\/wp-content\/uploads\/2025\/10\/icon-256x256-1.png\" alt=\"Checkout Origin Guard logo\" class=\"wp-image-85\" srcset=\"https:\/\/wcog.michaelwinchester.com\/wcog\/wp-content\/uploads\/2025\/10\/icon-256x256-1.png 256w, https:\/\/wcog.michaelwinchester.com\/wcog\/wp-content\/uploads\/2025\/10\/icon-256x256-1-150x150.png 150w\" sizes=\"auto, (max-width: 256px) 100vw, 256px\" \/><\/figure>\n<\/div>\n\n\n<div class=\"wp-block-buttons is-content-justification-center is-layout-flex wp-container-core-buttons-is-layout-16018d1d wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/wordpress.org\/plugins\/checkout-origin-guard\/\" target=\"_blank\" rel=\"noreferrer noopener\">DOWNLOAD<\/a><\/div>\n<\/div>\n\n\n\n<p class=\"has-text-align-center\">Activate WC Origin Guard today, save your settings, <br>and let the plugin quietly handle the bots in the background.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Protecting Your WooCommerce Store Failed orders, fake transactions, and bot-driven checkouts are more than just an annoyance, they waste your time, skew your analytics, and in some cases cost you money in refunds and fraud fees. Checkout Origin Guard is a lightweight plugin that adds an extra layer of protection to your WooCommerce checkout without &#8230; <a title=\"Getting Stated with Checkout Origin Guard\" class=\"read-more\" href=\"https:\/\/wcog.michaelwinchester.com\/wcog\/2025\/10\/03\/protecting-your-woocommerce-store-with-wc-origin-guard\/\" aria-label=\"Read more about Getting Stated with Checkout Origin Guard\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":122,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_eb_attr":"","footnotes":""},"categories":[1],"tags":[5,7,6],"class_list":["post-55","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-checkout-origin-guard","tag-bot-block","tag-cc-fraud-block","tag-failed-order-blocker"],"_links":{"self":[{"href":"https:\/\/wcog.michaelwinchester.com\/wcog\/wp-json\/wp\/v2\/posts\/55","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wcog.michaelwinchester.com\/wcog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wcog.michaelwinchester.com\/wcog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wcog.michaelwinchester.com\/wcog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wcog.michaelwinchester.com\/wcog\/wp-json\/wp\/v2\/comments?post=55"}],"version-history":[{"count":4,"href":"https:\/\/wcog.michaelwinchester.com\/wcog\/wp-json\/wp\/v2\/posts\/55\/revisions"}],"predecessor-version":[{"id":117,"href":"https:\/\/wcog.michaelwinchester.com\/wcog\/wp-json\/wp\/v2\/posts\/55\/revisions\/117"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wcog.michaelwinchester.com\/wcog\/wp-json\/wp\/v2\/media\/122"}],"wp:attachment":[{"href":"https:\/\/wcog.michaelwinchester.com\/wcog\/wp-json\/wp\/v2\/media?parent=55"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wcog.michaelwinchester.com\/wcog\/wp-json\/wp\/v2\/categories?post=55"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wcog.michaelwinchester.com\/wcog\/wp-json\/wp\/v2\/tags?post=55"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}