Carticy Checkout Shield for WooCommerce

Carticy Checkout Shield stops card testing attacks and fake orders that bypass your CAPTCHA.

Card testing bots don’t fill out your checkout form. They send requests directly to WooCommerce’s Store API, completely skipping any reCAPTCHA or hCaptcha you’ve set up. That’s why CAPTCHA alone doesn’t stop them.

This plugin intercepts those API requests and verifies they come from real browser sessions. Automated scripts that can’t prove they’re human get blocked before WooCommerce processes them.

Why This Plugin?

• Catches what CAPTCHA misses – Blocks bots hitting your API directly
• Works with any caching – LiteSpeed, Cloudflare, WP Rocket, W3TC – no conflicts
• Zero configuration – Activate and you’re protected
• No external services – Everything runs locally on your server
• No performance impact – Validation adds microseconds, not seconds

Features

• 4 Protection Modes – Learning, Permissive, Balanced, and Strict
• Activity Log – See blocked attempts with timestamps, reasons, and IPs
• IP Whitelist – Whitelist trusted IPs with CIDR notation support
• API Key Authentication – For headless and custom checkout setups
• Proxy Support – Works behind Cloudflare, load balancers, reverse proxies
• Block Checkout Ready – Supports both classic and block-based checkout
• HPOS Compatible – Works with High-Performance Order Storage
• WooCommerce Logging – Full integration with WooCommerce Status logs