plugin-icon

ForgeLayer Crypto Payments for WooCommerce

Von forgelayer01·
Accept Bitcoin, Ethereum, BNB Smart Chain, and Tron cryptocurrency payments directly in WooCommerce via ForgeLayer.
bitcoin
cryptocurrency
ethereum
Bewertungen
Füge deine Bewertung hinzu
Version
1.1.2
Zuletzt aktualisiert
Jun 22, 2026

ForgeLayer Crypto Payments connects your WooCommerce store to the ForgeLayer non-custodial crypto payment infrastructure. Customers can pay with Bitcoin, Ethereum (ERC-20), BNB Smart Chain (BEP-20), and Tron (TRC-20) tokens. Payments are sent to wallet addresses generated by your ForgeLayer account — ForgeLayer does not custody or control merchant funds.

Key Features

  • Multiple networks — Bitcoin, Ethereum, BSC, and Tron supported out of the box.
  • 50+ tokens — USDT, USDC, DAI, LINK, UNI, AAVE, CAKE, and dozens more with automatic price conversion via CoinGecko.
  • Instant webhook confirmation — HMAC-SHA256 signed webhooks trigger order fulfillment in real time, no polling required.
  • Background price caching — WP-Cron keeps cryptocurrency prices fresh so checkout never calls an external API on page load.
  • WooCommerce Blocks compatible — fully supports the block-based Cart and Checkout pages alongside the classic shortcode checkout.
  • HPOS compatible — officially declared compatible with WooCommerce High-Performance Order Storage.
  • Address reuse — optionally reuse inactive addresses to conserve your plan’s address quota.
  • Late payment grace period — configurable window to auto-reopen cancelled orders when payment arrives after the deadline.
  • Plan usage dashboard — real-time usage bars for addresses, webhooks, and API requests right on the settings page. Email alerts at 80%, 90%, and 100%.
  • Security hardened — HMAC signature verification, nonce CSRF protection, rate limiting on AJAX endpoints, progressive IP lockout, replay-attack prevention, input whitelisting, and comprehensive HTTP security headers on the payment page.
  • Non-custodial — ForgeLayer never holds your funds. Crypto goes straight to your wallet.

Supported Networks and Tokens

Network Native Coin Example Tokens

Bitcoin BTC —

Ethereum ETH USDT, USDC, DAI, LINK, UNI, AAVE, WBTC

BNB Smart Chain BNB USDT, USDC, BUSD, CAKE, XVS, WBNB

Tron TRX USDT, USDC, BTT, WIN, JST, SUN

Custom CoinGecko IDs can be added in settings for any token not in the built-in directory.

How It Works

  1. A customer selects a network and token at checkout.
  2. ForgeLayer generates a unique deposit address for the order.
  3. The customer sends the exact crypto amount to the displayed address (with QR code).
  4. ForgeLayer fires a signed webhook when the deposit is confirmed on-chain.
  5. The WooCommerce order status moves to Processing automatically.

Security

This plugin implements defense-in-depth security:

  • All webhook payloads are verified with HMAC-SHA256 signatures before any processing.
  • Transaction hashes are deduplicated to prevent replay attacks.
  • Webhook payload timestamps are validated within a ±5-minute window.
  • Admin AJAX endpoints are rate-limited (max 10 requests/minute per user).
  • The payment poll endpoint uses IP-based progressive lockout (3 strikes = 60s, 10 strikes = 1h).
  • The payment page sends X-Content-Type-Options, X-XSS-Protection, Referrer-Policy, and a tight Content-Security-Policy header.
  • All input is validated against strict whitelists before use.
  • No sensitive data (API key, webhook secret, address IDs) is ever output in HTML source.

External services

This plugin connects to the following external services:

ForgeLayer API (api.forgelayer.io)

Used for all core payment functions: generating blockchain deposit addresses, registering webhooks, and verifying payment confirmations. The store’s ForgeLayer API key and order-related data (amount, currency, chain, token) are sent when a customer initiates checkout. This service is required for the plugin to function.

CoinGecko (api.coingecko.com)

Used to fetch current cryptocurrency prices for fiat-to-crypto conversion. Only coin IDs and the store’s fiat currency are sent — no customer or order data is transmitted. Prices are cached server-side by WP-Cron; CoinGecko is not called during individual customer checkouts under normal operation.

QRServer (api.qrserver.com) — optional

Used to generate QR code images on the payment page. Disabled by default. Merchants can enable it under WooCommerce > Settings > Payments > ForgeLayer > Show QR Codes. When enabled, the blockchain wallet address (not customer personal data) is sent to api.qrserver.com to render a QR image.

Kostenlosmit kostenpflichtigen Tarifen
Jetzt starten
Mit deiner Installation stimmst du den Geschäftsbedingungen von WordPress.com sowie den Bedingungen für Drittanbieter-Plugins zu.
Getestet bis
WordPress 7.0
Dieses Plugin steht für deine -Website zum Download zur Verfügung.
Herunterladen