WC Antifraud — Support

Help and FAQs for WC Antifraud — multi-layer fraud protection for WooCommerce. Browse the FAQ below or use the contact form to reach our team.

Frequently Asked Questions

Installation

How do I install WC Antifraud?

Make sure WooCommerce is installed and active.
Download the plugin ZIP from your ProWoos account, or from the GitHub releases page.
In your WordPress admin, go to Plugins → Add New → Upload Plugin and upload the ZIP.
Activate the plugin, then go to WooCommerce → Settings → Antifraud to configure.

What are the requirements?

WordPress 5.8 or higher, WooCommerce 5.0 or higher, and PHP 7.4 or higher.

Detection Rules

What does WC Antifraud actually check?

The plugin runs five detection rules on every order:

Unknown origin — flags orders placed outside the standard checkout flow (suspicious referrer or no referrer at all).
Suspicious amount — flags orders above a configurable threshold.
Free email provider — flags orders that use disposable / free-tier email domains.
IP repeat orders — tracks how many orders an IP has placed in a configurable window.
Proxy / VPN — identifies orders placed through known anonymizing services.

Each rule is independently toggleable on the Detection Rules tab.

What happens to a flagged order?

By default, flagged orders are moved to the custom status Fraud – Auto Cancelled, and the configured admin email receives an alert with the order details and the rules that triggered. You can change this behavior — including running detection in “log only” mode — from the Notifications tab.

Blacklists

How do the blacklists work?

The Blacklists tab has three lists: email, IP, and phone.

Email — exact addresses or wildcard patterns (e.g. *@example.com).
IP — single addresses or CIDR ranges (e.g. 192.168.1.0/24).
Phone — exact numbers or wildcard patterns.

Blacklisted customers are blocked at checkout time with a configurable message — they cannot place the order at all.

Can I customize the message blacklisted customers see?

Yes — use the wcaf_checkout_block_message filter:

add_filter('wcaf_checkout_block_message', function($message, $reason) {
    return __('Sorry, your order cannot be processed. Please contact us.', 'my-textdomain');
}, 10, 2);

REST API Hardening

What does REST API hardening do?

It blocks unauthenticated order creation through the WC REST API and the Store API. Legitimate authenticated requests (admin, customer-key) still work. This stops fraud bots that scrape your site looking for unprotected order endpoints.

Logging & Reports

Where can I see flagged orders?

The Activity Log tab lists every detection event — date, order ID, customer, rules triggered, and action taken. The Reports tab summarizes fraud counts by rule and shows the top offending IPs and email domains.

Extending

Can I add my own detection logic?

Yes — hook into the wcaf_suspicious_order_detected action. It fires whenever any built-in rule flags an order. You can use it to send the order to an external risk-scoring service, write to a log, or chain in your own rules.

add_action('wcaf_suspicious_order_detected', function($order_id, $reasons) {
    // your code here
}, 10, 2);

Updates

How do I update the plugin?

WC Antifraud uses a self-hosted updater — updates appear in Dashboard → Updates alongside other plugins. You can also download the latest ZIP from the GitHub releases page or your ProWoos account and upload it manually.

Contact Support

Can’t find what you’re looking for? Send us a message and we’ll get back to you within 1–2 business days.

Bug Reports & Feature Requests

For bug reports and feature requests, please use the GitHub issue tracker. Please use the provided templates so we can investigate efficiently.