Bot Protector for PayPal for WooCommerce

Bot Protector for PayPal for WooCommerce helps store owners automatically block bot attacks, checkout spam, card-testing, and PayPal checkout abuse that generates repeated failed orders.

This plugin monitors suspicious traffic hitting:

• PayPal checkout requests
• wc-ajax=checkout
• WooCommerce Store API endpoints
• Automated card-testing sequences

It then blocks them based on:

• Adaptive rate limiting
• Automatic IP banning
• User-agent and referer validation
• Optional Cloudflare Turnstile CAPTCHA
• Logging and monitoring

No setup required — activate it and your store is instantly protected.

External services

This plugin connects to Cloudflare Turnstile API to verify CAPTCHA responses when the Turnstile feature is enabled. This service is used to validate that checkout attempts are made by humans rather than bots.

When Turnstile is enabled, the plugin sends the CAPTCHA response token to Cloudflare’s servers for verification. This occurs during checkout validation when a customer submits the checkout form with a Turnstile widget.

This service is provided by Cloudflare: Terms of Service, Privacy Policy

Features

• Lightweight bot firewall for PayPal checkout
• Rate limiting per IP
• Temporary automatic IP bans
• Blocks REST-based checkout attacks
• Blocks PayPal card-testing bots
• Turnstile CAPTCHA support
• Whitelist trusted IP addresses
• Admin log viewer
• No performance impact
• Works with all PayPal gateways for WooCommerce

Donations

Support continued development ❤️ https://www.paypal.com/ncp/payment/EP3HAP53U4MFU