How to configure Secure Checkout and Payment Settings

The Secure Checkout and Payment Settings feature helps prevent fraudulent transactions at the final step of the customer journey – checkout and payment. It ensures that suspicious users are either restricted from using Cash on Delivery (COD) or completely blocked from proceeding with new orders after repeated failures.


Block COD for Fraudulent Users

This feature automatically disables the Cash on Delivery (COD) payment method for users flagged as high risk score order on order place session.


Click here to watch a short video demonstration


Checkout Lock on Failed Orders

This feature helps prevent repeated fraudulent attempts by temporarily locking the checkout page for users who trigger too many failed orders in a short timeframe.

When this feature is enabled:

  • You define:
    • Allowed number of failed attempts (e.g., 2   )
    • Timeframe to monitor failed orders (e.g., 30 minutes   )
  • At the time of each failed order, the plugin checks how many failed orders occurred in the past 30 minutes.
  • If the failed order count exceeds the allowed limit, the customer will be blocked from checkout for the next 10 minutes.
  • After 10 minutes, the checkout access is automatically re-enabled.
  • To instantly lift the checkout block, simply disable this feature — checkout will become immediately accessible for affected users.

Click here to watch a short video demonstration


Example Scenario:


If you set:

  • Allowed Failed Attempts = 2
  • Timeframe = 30 minutes

Then, if a user fails to place more than 2 orders within a 30-minute window, they will be blocked from accessing the checkout page for 10 minutes. After that period, checkout will automatically become available again.


API Checkout Protection

The API Checkout Protection feature helps secure your WooCommerce REST/Store API checkout flow by preventing fraudulent orders via REST API endpoints. When enabled, selected REST routes are blocked.


When this feature is enabled:

  • You must enable API Checkout Protection under Secure Checkout and Payment Settings.
  • The plugin evaluates requests only for REST routes beginning with /wc/  .
  • For each matching request, a log entry is created under WooCommerce logs with the tag wcblu-rest-blocked-request-log.
  • If the route is in the blocked list filter, the request is denied with a 403 (Forbidden) response.

The Log file can be found - WooCommerce → Settings → Advanced → Logs.

You can checked disable the rest API based orders using the checkbox. Once it is checked, the rest API endpoint '/wc/v3/orders/' is blocked for other endpoints you can add using filter code.

When to Use API Checkout Protection

Use this feature if:

  • You want to prevent orders created via API outside the standard checkout flow.
  • You notice suspicious or automated order attempts via API.
  • You want REST API activity logged for audit and visibility.

Example Scenario:


If your store is under an API-based bot or carding attack, enable API Checkout Protection from Secure Checkout and Payment Settings.

Check the log file wcblu-rest-blocked-request-log  in

WooCommerce → Settings → Advanced → Logs to see which REST API endpoints are being used.

If an endpoint is not required for your checkout flow, you can safely block it.

Blocking unused endpoints helps stop fraudulent API requests and prevents fake orders.

Example filter code:

add_filter( 'wcblu_rest_blocked_routes', function( $routes ) {
	$routes[] = '/wc/store/checkout'; // update the endpoint as per your need
	return $routes;
} );
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.