Fraud Defender
Overview

Introduction

Protect your WooCommerce store from fraudulent orders, chargebacks, and malicious attacks with Fraud Defender. Our plugin adds a robust security layer to your checkout process, analyzing each order in real-time to calculate a fraud risk score and identifying suspicious activities before they damage your business.

Real-time Scoring

Instant assessment of every order from 0 to 100 risk score.

Advance Blocking

Stop velocity attacks, proxies, and suspicious IPs instantly.

AI Powered

Leverage AI to detect complex fraud patterns (Beta).

Installation

  1. 1

    Upload Plugin

    Upload the `fraud-defender` folder to the `/wp-content/plugins/` directory via FTP or use the WordPress admin uploader.

  2. 2

    Activate

    Activate the plugin through the 'Plugins' menu in WordPress. Requires WooCommerce to be active.

  3. 3

    Configure

    Go to WooCommerce > Settings > Fraud Defender to start configuring your security rules.

General Settings

Control global behavior including risk thresholds, order status, and API controls.

Risk Thresholds

  • Medium Threshold Value: Orders below this score are Low Risk.
  • Medium Threshold High: Orders above this score are High Risk.

Order Status & Blocking

  • Control Order Status: Automatically update order status based on fraud score.
  • Order Cancel Score: Score at which an order is automatically cancelled.
  • Block All Orders: Temporarily pause all orders with a custom message.
  • Block Order Origins: Block suspicious origins (e.g., 'Unknown' or empty).

API Orders

  • Block API Orders: Stop receiving orders via WooCommerce REST API.
  • Throttle API Orders: Limit the number of API orders per hour.

Scoring Rules

Customize weights for each fraud detection rule. Validates customer data against various security checks.

Rule Description
First Time Purchase User is purchasing for the first time.
Address Mismatch Billing and shipping addresses do not match.
Foreign Geo Billing address city/country matches IP location.
Phone Validation Phone number format matches the country format.
Proxy / VPN Customer is using a proxy or VPN service.
Multiple Orders Multiple orders from same IP with different addresses.
International Order Order country differs from store base country.
High Risk Country Order from a configured high-risk country.
High Risk Email Email domain matches high-risk providers (e.g. yopmail).
Average Order Value Order exceeds store's average order value multiplier.
Above Store Limit Order total exceeds a hard limit set by admin.

Blocking & Velocity

Prevent brute-force and card testing attacks by limiting attempts.

Order Velocity

  • Per User: Limit max orders per user within a specific timeframe (e.g. 5 orders in 24 hours).
  • Per IP: Limit max orders per IP address within a specific timeframe.

Payment Attempts

  • Limit Attempts: Set maximum payment attempts per order.
  • Order Action: Automatically change order status if payment limits are exceeded.

Lists Management

Blacklist

Entities blocked immediately:

  • Email Addresses
  • IP Addresses
  • Phone Numbers
  • User Roles
  • Payment Methods

Whitelist

Entities bypassing checks:

  • Trusted User Roles
  • Specific Payment Methods (e.g., COD)
  • Known Safe IPs
  • Safe Emails & Phones

Verification (Phone/Email)

Add an extra layer of trust by verifying customer contact details before purchase.

Email Verification

Forces verification for guest users.

  • Ideal for reducing fake guest orders.

SMS Verification

Verify phone numbers via OTP (One Time Password).

Requires a FraudLabs Pro API Key. Add your key in settings to enable real-time SMS sending.

Captcha Integration

Protect your checkout form from bots and automated attacks.

Google reCAPTCHA v2

Standard protection. Requires Site Key and Secret Key from Google.

Cloudflare Turnstile

Privacy-focused, user-friendly alternative. Requires Site Key and Secret Key from Cloudflare.

UPCOMING

AI Blocker

Powered by advanced language models to identify fraud patterns that rule-based systems might miss.

  • Analyzes full order context
  • Connects to your OpenAI API key
  • Supports various GPT models (GPT 3.5, GPT 4, etc)

FAQ & Support

How is the fraud score calculated?

The score starts at 0. Each enabled rule (e.g., Address Mismatch, High Order Value) adds its configured weight to the score if triggered. The total score determines if the order is Low, Medium, or High risk.

Do I need API keys?

Basic rules work out-of-the-box. However, third-party integrations like Google reCAPTCHA, Cloudflare Turnstile, SMS Verification (FraudLabs Pro), or AI Blocker (OpenAI) require their respective API keys.

Still need help?

Contact our support team for assistance.

hello@monsterdevs.com