IPSentry is now Predax \u2014 first WordPress.org release. Your settings, API key, and order data are preserved. Checkout screening is unchanged and still fully opt-in (no outbound requests until you add a key and enable a mode).<\/p>","1.6.2":"
WP.org compliance pass: removes self-updater, extracts inline script\/style tags, tightens sanitisation, and makes the community-feedback telemetry opt-in (off by default). Core checkout screening is unchanged. Upgrade is safe.<\/p>","1.6.1":"
OAuth connect popup now auto-closes reliably after authorization. Per-user OAuth transients prevent conflicts on multi-admin sites. Safe to upgrade \u2014 no behaviour changes.<\/p>","1.6.0":"
Adds a 3-step setup wizard with One-Click Connect (OAuth) shown on first activation. Existing installs unaffected \u2014 the wizard only triggers on fresh activation with no API key. Re-run anytime from Developer \u2192 Run Setup Wizard.<\/p>","1.5.0":"
Adds Events Log page and risk column on the orders list. Safe to upgrade \u2014 no behaviour changes, new DB table created automatically on first load.<\/p>","1.4.3":"
Adds a dedicated admin menu page (Predax \u2192 Fraud Guard). Safe to upgrade \u2014 all existing settings are preserved.<\/p>","1.4.2":"
Adds settings import\/export and a configurable support email address for block messages. Safe to upgrade \u2014 no behaviour changes on upgrade.<\/p>","1.4.0":"
Adds order hold, velocity rules, country mismatch detection, disposable email blocking, and chargeback feedback. All new features default to off.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3572045,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3572045,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3572045,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3572045,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.7.0"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3572431,"resolution":"1","location":"assets","locale":"","width":1425,"height":1609},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3572431,"resolution":"2","location":"assets","locale":"","width":1425,"height":1471},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3572431,"resolution":"3","location":"assets","locale":"","width":1425,"height":960},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3572431,"resolution":"4","location":"assets","locale":"","width":1425,"height":1936},"screenshot-5.png":{"filename":"screenshot-5.png","revision":3572431,"resolution":"5","location":"assets","locale":"","width":1425,"height":1191}},"screenshots":{"1":"WooCommerce \u2192 Settings \u2192 Predax: API key, risk thresholds, and per-signal VPN \/ proxy \/ Tor \/ datacenter rules.","2":"Order detail: the Predax risk score, flags, and country appear as an order note and order tags.","3":"Orders list: the Predax column shows each order's risk score and top threat flag.","4":"Advanced rules: order velocity, billing-country mismatch, disposable-email, and timezone checks.","5":"Geo blocking: allow, flag, or block checkout by country, region, or IP \/ CIDR list."}},"plugin_section":[],"plugin_tags":[237432,132861,267120,267121,286],"plugin_category":[45],"plugin_contributors":[264383],"plugin_business_model":[],"class_list":["post-323963","plugin","type-plugin","status-publish","hentry","plugin_tags-checkout-security","plugin_tags-fraud-prevention","plugin_tags-ip-detection","plugin_tags-vpn-detection","plugin_tags-woocommerce","plugin_category-ecommerce","plugin_contributors-ipsentry","plugin_committers-ipsentry"],"banners":{"banner":"https:\/\/ps.w.org\/predax-fraud-guard-for-woocommerce\/assets\/banner-772x250.png?rev=3572045","banner_2x":"https:\/\/ps.w.org\/predax-fraud-guard-for-woocommerce\/assets\/banner-1544x500.png?rev=3572045","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/predax-fraud-guard-for-woocommerce\/assets\/icon-128x128.png?rev=3572045","icon_2x":"https:\/\/ps.w.org\/predax-fraud-guard-for-woocommerce\/assets\/icon-256x256.png?rev=3572045","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/predax-fraud-guard-for-woocommerce\/assets\/screenshot-1.png?rev=3572431","caption":"WooCommerce \u2192 Settings \u2192 Predax: API key, risk thresholds, and per-signal VPN \/ proxy \/ Tor \/ datacenter rules."},{"src":"https:\/\/ps.w.org\/predax-fraud-guard-for-woocommerce\/assets\/screenshot-2.png?rev=3572431","caption":"Order detail: the Predax risk score, flags, and country appear as an order note and order tags."},{"src":"https:\/\/ps.w.org\/predax-fraud-guard-for-woocommerce\/assets\/screenshot-3.png?rev=3572431","caption":"Orders list: the Predax column shows each order's risk score and top threat flag."},{"src":"https:\/\/ps.w.org\/predax-fraud-guard-for-woocommerce\/assets\/screenshot-4.png?rev=3572431","caption":"Advanced rules: order velocity, billing-country mismatch, disposable-email, and timezone checks."},{"src":"https:\/\/ps.w.org\/predax-fraud-guard-for-woocommerce\/assets\/screenshot-5.png?rev=3572431","caption":"Geo blocking: allow, flag, or block checkout by country, region, or IP \/ CIDR list."}],"raw_content":"\n
Predax Fraud Guard for WooCommerce<\/strong> is an opt-in checkout-screening tool. After you enter a Predax API key and choose a protection mode, the plugin sends the customer's IP to the Predax API during WooCommerce checkout so your store can decide whether to allow, tag, or block the order.<\/p>\n\n On a fresh install the plugin does nothing \u2014 no outbound requests are made until you<\/strong> complete setup and pick a protection mode. The default mode once configured is tag-only<\/strong> (no blocking), so you can see flagged orders in your dashboard before turning on anything that rejects a customer.<\/p>\n\n You can revoke the API key or switch the mode back to \"Tag only\" at any time.<\/p>\n\n Orders that reach the tag threshold (default: risk score 40) are tagged based on band:<\/p>\n\n All protection toggles default to off<\/strong> on a fresh install. The only thing the plugin writes to options on activation is a database version marker for the events-log table. You will need to explicitly enable any rule you want to apply.<\/p>\n\n Sign up at predax.io<\/a> for a free API key. No credit card required.<\/p>\n\n This plugin connects to external services operated by Predax (https:\/\/predax.io) only when you have explicitly enabled a protection mode. By activating this plugin and entering an API key you agree to the Predax Terms of Service<\/a> and Privacy Policy<\/a>.<\/p>\n\n You are responsible for ensuring your use of customer IP data at checkout complies with applicable privacy laws (including but not limited to GDPR, CCPA) and your own store's privacy policy. This plugin does not assert PCI-DSS, GDPR, or CCPA compliance on your behalf.<\/p>\n\n Used to look up a risk score and classification signals for each checkout IP.<\/p>\n\n The plugin can optionally<\/strong> send an anonymised telemetry signal \u2014 the IP address, its risk score and detection flags, its network (ASN) number and name, its country code, and the checkout outcome (allowed \/ monitored \/ blocked, or refund\/chargeback feedback) \u2014 to the Predax Community Threat Network so all participating stores benefit from a shared feed. The Refund \/ Chargeback Feedback \"Log\" action reports through this same channel, so it requires this opt-in; its \"Blacklist\" action updates your local deny list regardless.<\/p>\n\n This feature is off by default<\/strong>. It is controlled by the Only triggered when an administrator clicks the Connect with Predax<\/strong> button in the setup wizard. Your browser is redirected to predax.io to authorise the connection, which returns an API key to your site.<\/p>\n\n The plugin does not set any advertising, analytics, or tracking cookies.<\/p>\n\n\n No. Before you enter an API key and save a protection mode, the plugin makes zero outbound requests to predax.io. Nothing happens silently on activation.<\/p><\/dd>\n Only if you enable a blocking mode. Until you complete setup, the mode is Tag only<\/strong> (no blocking \u2014 orders just get tags and notes). In the setup wizard, the pre-selected Recommended<\/strong> preset enables blocking of high-risk checkouts (risk score 50+); choose Monitor Only<\/strong> instead if you don't want any blocking yet \u2014 each preset card lists exactly what it switches on.<\/p><\/dd>\n A score from 0 to 100 representing how likely an IP is to be associated with fraud, anonymisation, or abuse. 0 = clean residential IP, 100 = known Tor exit or commercial VPN. The score combines VPN\/proxy\/Tor detection, datacenter identification, historical abuse signals, and geographic heuristics.<\/p><\/dd>\n Yes \u2014 enable Fraud Guard \u2192 Settings \u2192 Advanced \u2192 \"Behind a proxy \/ CDN\"<\/strong> (or the same toggle on the WooCommerce \u2192 Predax tab). With it on, the plugin reads the real customer IP from the Fraud Guard \u2192 Settings \u2192 Developer tab \u2192 enter a Test IP Override. Every checkout is then evaluated as if it came from that IP. A red admin banner reminds you test mode is active. Clear the override before going live.<\/p>\n\n Use On each tagged order the plugin stores:<\/p>\n\n Yes. The plugins are independent but complementary \u2014 Security protects logins and registrations, Fraud Guard protects WooCommerce checkout. Both can share the same API key.<\/p><\/dd>\n\n<\/dl>\n\n\nHow It Works<\/h4>\n\n
\n
Risk Tagging<\/h4>\n\n
\n
Features<\/h4>\n\n
\n
Defaults<\/h4>\n\n
Free Tier<\/h4>\n\n
Third Party Services<\/h3>\n\n
Predax IP Intelligence API<\/h4>\n\n
\n
POST https:\/\/predax.io\/api\/v1\/check\/ip<\/code><\/li>\nPredax Community Threat Network (opt-in, off by default)<\/h4>\n\n
ipsentry_woo_community_enabled<\/code> option, which defaults to 'no'<\/code>, with a checkbox on the Advanced settings tab. The plugin will not send community-feedback telemetry unless you enable it. Customers' personal data (names, emails, billing\/shipping addresses, order contents) is never included in the telemetry payload.<\/p>\n\n\n
POST https:\/\/predax.io\/api\/v1\/telemetry\/event<\/code><\/li>\nOAuth One-Click Connect (optional)<\/h4>\n\n
\n
POST https:\/\/predax.io\/api\/v1\/oauth\/token<\/code><\/li>\nCookies set by this plugin<\/h4>\n\n
\n
ipsentry_tz<\/code><\/strong> \u2014 set on WooCommerce checkout pages (only while an API key is configured) via assets\/js\/ipsentry-woo-tz.js<\/code>. Stores the customer's browser-reported IANA timezone (string, max 64 chars). Used server-side for the optional timezone-mismatch fraud rule. Expires after 24 hours (max-age=86400<\/code>), path=\/<\/code>, SameSite=Lax<\/code>, and marked Secure<\/code> on HTTPS stores. The plugin reads this cookie only at checkout-validation time.<\/li>\n<\/ul>\n\n\n
predax-fraud-guard-for-woocommerce<\/code> folder to \/wp-content\/plugins\/<\/code>.<\/li>\n\n
Does the plugin phone home before I finish setup?<\/h3><\/dt>\n
Will it block legitimate customers?<\/h3><\/dt>\n
What is the risk score?<\/h3><\/dt>\n
Does it work with Cloudflare?<\/h3><\/dt>\n
CF-Connecting-IP<\/code> \/ X-Forwarded-For<\/code> headers instead of the Cloudflare edge IP. It is off by default<\/strong>: when your store connects directly to visitors, trusting those headers would let a customer spoof their IP to bypass fraud checks, so you only turn it on when a proxy\/CDN really is in front of your site.<\/p><\/dd>\nHow do I test it without affecting real customers?<\/h3><\/dt>\n
185.220.101.1<\/code> (risk 85, Tor-adjacent) to exercise blocking paths, or 1.1.1.1<\/code> to verify pass-through.<\/p><\/dd>\nWhat order metadata is stored?<\/h3><\/dt>\n
\n
_ipsentry_risk_score<\/code> \u2014 numeric risk score (0\u2013100)<\/li>\n_ipsentry_ip<\/code> \u2014 detected customer IP<\/li>\n_ipsentry_country_code<\/code> \u2014 detected IP country code<\/li>\n_ipsentry_flags<\/code> \u2014 comma-separated threat flag list<\/li>\n<\/ul><\/dd>\nDoes it work alongside the Predax Security plugin?<\/h3><\/dt>\n
1.7.0<\/h4>\n\n
\n
1.6.2<\/h4>\n\n
\n
ipsentry_woo_community_enabled<\/code> option. Existing installs stop sending telemetry until they flip this on.<\/li>\nblock_proxy<\/code>, block_tor<\/code>, and monitor_vpn<\/code> default to 'no'<\/code> on fresh installs.<\/li>\n<script><\/code> \/ <style><\/code> block to enqueued asset files. OAuth-callback exit page now references an external CSS\/JS pair.<\/li>\nwp_add_privacy_policy_content<\/code>) so admins can pull suggested text from Tools \u2192 Privacy.<\/li>\n$_GET<\/code> \/ $_POST<\/code> \/ $_FILES<\/code> read; imported settings values now validated per option type.<\/li>\nuninstall.php<\/code> drops the events-log table and deletes every ipsentry_woo_*<\/code> option on plugin deletion.<\/li>\nDomain Path: \/languages<\/code> header + minimal .pot translation template.<\/li>\n.distignore<\/code> excluding dev artefacts from the WP.org zip.<\/li>\n1.6.1<\/h4>\n\n
\n
1.6.0<\/h4>\n\n
\n
1.5.0<\/h4>\n\n
\n
_ipsentry_flags<\/code> meta key for quick flag lookup.<\/li>\n<\/ul>\n\n1.4.3<\/h4>\n\n
\n
1.4.2<\/h4>\n\n
\n
1.4.1<\/h4>\n\n
\n
1.4.0<\/h4>\n\n
\n
1.3.0<\/h4>\n\n
\n
1.2.0<\/h4>\n\n
\n
1.1.0<\/h4>\n\n
\n
1.0.0<\/h4>\n\n
\n