As a WooCommerce store owner experiencing card testing attacks and fraudulent transactions, I believe basic security measures should be included in core WooCommerce rather than requiring paid extensions.
My store is experiencing repeated fraudulent orders with fake addresses, suspicious emails, and small dollar amounts – classic signs of card testing attacks. When seeking help, I’m consistently directed to paid solutions for what should be fundamental e-commerce security.
Some suggested improvements could include:
1.) reCAPTCHA Integration – Google reCAPTCHA should be a core feature, not a $29 add-on. This is basic bot protection that every e-commerce platform should include.
2.) Basic Fraud Detection – Simple velocity attack prevention (detecting rapid repeat orders from same IP/email) should be standard.
3.) Order Pattern Analysis – Built-in detection of suspicious patterns like multiple small orders with fake addresses.
4.) IP-based Restrictions – Basic ability to block or flag orders from suspicious IP ranges or countries.
5.) Email Domain Validation – Simple checks for throwaway email domains commonly used in fraud.
Open
Last updated: September 20, 2025
0 comments
Log in to comment on this feature request.