{"id":336721,"date":"2026-07-16T20:50:45","date_gmt":"2026-07-16T20:50:45","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/fraud-checkout-blocker\/"},"modified":"2026-07-16T21:05:44","modified_gmt":"2026-07-16T21:05:44","slug":"kous-cash-on-delivery-filter","status":"publish","type":"plugin","link":"https:\/\/wordpress.org\/plugins\/kous-cash-on-delivery-filter\/","author":17920701,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.1.5","stable_tag":"1.1.5","tested":"7.0.1","requires":"6.4","requires_php":"7.4","requires_plugins":null,"header_name":"Kous Cash on Delivery Filter","header_author":"Harris Kouskouris","header_description":"Restricts Cash on Delivery for blocked WooCommerce customers by email, phone, or device fingerprint. IP addresses are stored for reference but never block on their own.","assets_banners_color":"aab7d0","last_updated":"2026-07-16 21:05:44","external_support_url":"","external_repository_url":"","donate_link":"https:\/\/www.paypal.com\/donate\/?hosted_button_id=VLPU3JJJKEVES","header_plugin_uri":"","header_author_uri":"https:\/\/www.motokouskouris.gr","rating":0,"author_block_rating":0,"active_installs":0,"downloads":35,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.1.5":{"tag":"1.1.5","author":"kouskouris","date":"2026-07-16 21:05:44"}},"upgrade_notice":[],"ratings":[],"assets_icons":{"icon-128x128.jpg":{"filename":"icon-128x128.jpg","revision":3610729,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128},"icon-256x256.jpg":{"filename":"icon-256x256.jpg","revision":3610729,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":{"banner-1544x500.jpg":{"filename":"banner-1544x500.jpg","revision":3610729,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.jpg":{"filename":"banner-772x250.jpg","revision":3610729,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.1.5"],"block_files":[],"assets_screenshots":[],"screenshots":[]},"plugin_section":[],"plugin_tags":[1784,31179,31178,132861,286],"plugin_category":[45,54],"plugin_contributors":[271948],"plugin_business_model":[],"class_list":["post-336721","plugin","type-plugin","status-publish","hentry","plugin_tags-blacklist","plugin_tags-cash-on-delivery","plugin_tags-cod","plugin_tags-fraud-prevention","plugin_tags-woocommerce","plugin_category-ecommerce","plugin_category-security-and-spam-protection","plugin_contributors-kouskouris","plugin_committers-kouskouris"],"banners":{"banner":"https:\/\/ps.w.org\/kous-cash-on-delivery-filter\/assets\/banner-772x250.jpg?rev=3610729","banner_2x":"https:\/\/ps.w.org\/kous-cash-on-delivery-filter\/assets\/banner-1544x500.jpg?rev=3610729","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/kous-cash-on-delivery-filter\/assets\/icon-128x128.jpg?rev=3610729","icon_2x":"https:\/\/ps.w.org\/kous-cash-on-delivery-filter\/assets\/icon-256x256.jpg?rev=3610729","generated":false},"screenshots":[],"raw_content":"<!--section=description-->\n<p>Kous Cash on Delivery Filter helps store owners prevent repeat Cash on Delivery problems.<\/p>\n\n<p>Main features:<\/p>\n\n<ul>\n<li>Block Cash on Delivery by exact email address.<\/li>\n<li>Block by normalized international phone number.<\/li>\n<li>Optional wildcard phone rules, such as <code>4477*<\/code>.<\/li>\n<li>Block by privacy-preserving SHA-256 device fingerprint.<\/li>\n<li>Store IP addresses for investigation and correlation without blocking by IP alone.<\/li>\n<li>Hide or restore Cash on Delivery instantly during checkout with AJAX.<\/li>\n<li>Add a customer's email, phone, IP address, and available device fingerprint from the WooCommerce order screen.<\/li>\n<li>Save the device fingerprint to new WooCommerce orders.<\/li>\n<li>Import and export blocklist entries as CSV.<\/li>\n<li>Export, clear, or delete individual attempt-history records.<\/li>\n<li>Search email and phone blocklists.<\/li>\n<li>Compatible with WooCommerce High-Performance Order Storage (HPOS).<\/li>\n<\/ul>\n\n<h4>International phone handling<\/h4>\n\n<p>Phone values are normalized without country-specific assumptions. Formatting characters are removed, and the international <code>00<\/code> access prefix is normalized so that <code>+44...<\/code> and <code>0044...<\/code> match.<\/p>\n\n<p>To prevent accidental partial blocking:<\/p>\n\n<ul>\n<li>Exact phone entries must contain 6 to 15 digits.<\/li>\n<li>Wildcard phone entries must contain 4 to 15 digits.<\/li>\n<li>Phone matching is exact unless an administrator explicitly adds a wildcard.<\/li>\n<li>Substring matching is never used.<\/li>\n<\/ul>\n\n<h4>IP address safety<\/h4>\n\n<p>IP addresses are stored for reference, export, and investigation. An IP address never removes Cash on Delivery by itself. This avoids false positives on mobile networks, carrier-grade NAT, offices, hotels, and shared connections.<\/p>\n\n<h4>Device fingerprints<\/h4>\n\n<p>The plugin creates a browser\/device signal and stores only its SHA-256 hash. New WooCommerce orders save the hash as order metadata when checkout provides it. Blocking an order can then add the saved device hash to the blocklist.<\/p>\n\n<p>A device fingerprint is a probabilistic browser signal, not a guaranteed unique hardware identifier. Browser changes, privacy settings, or different browsers may produce a different hash.<\/p>\n\n<h3>Privacy<\/h3>\n\n<p>Depending on configuration and use, this plugin can store:<\/p>\n\n<ul>\n<li>Customer email addresses.<\/li>\n<li>Customer phone numbers.<\/li>\n<li>IP addresses.<\/li>\n<li>Hashed browser\/device fingerprints.<\/li>\n<li>User-agent strings in attempt history.<\/li>\n<\/ul>\n\n<p>Store owners are responsible for providing appropriate privacy notices, determining a lawful basis, defining retention periods, and responding to data-subject requests under applicable laws.<\/p>\n\n<!--section=installation-->\n<ol>\n<li>Upload the plugin ZIP through <strong>Plugins &gt; Add New &gt; Upload Plugin<\/strong>.<\/li>\n<li>Activate <strong>Kous Cash on Delivery Filter<\/strong>.<\/li>\n<li>Open <strong>WooCommerce &gt; Kous Cash on Delivery Filter<\/strong>.<\/li>\n<li>Add entries manually, import a CSV, or use the button on a WooCommerce order.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"can%20an%20ip%20address%20block%20a%20customer%20by%20itself%3F\"><h3>Can an IP address block a customer by itself?<\/h3><\/dt>\n<dd><p>No. IP addresses are stored only for reference and correlation.<\/p><\/dd>\n<dt id=\"why%20are%20very%20short%20phone%20entries%20rejected%3F\"><h3>Why are very short phone entries rejected?<\/h3><\/dt>\n<dd><p>To prevent partial values entered during typing, such as <code>697<\/code>, from becoming broad blocking rules. Exact international entries require 6-15 digits.<\/p><\/dd>\n<dt id=\"does%20the%20plugin%20support%20international%20numbers%3F\"><h3>Does the plugin support international numbers?<\/h3><\/dt>\n<dd><p>Yes. It does not remove or assume a specific country code. <code>+<\/code> formatting and the <code>00<\/code> international prefix are normalized.<\/p><\/dd>\n<dt id=\"does%20it%20support%20hpos%3F\"><h3>Does it support HPOS?<\/h3><\/dt>\n<dd><p>Yes. Order access and metadata use WooCommerce CRUD APIs, and HPOS compatibility is declared.<\/p><\/dd>\n<dt id=\"are%20device%20details%20stored%20in%20plain%20text%3F\"><h3>Are device details stored in plain text?<\/h3><\/dt>\n<dd><p>No. The browser signal is converted to a SHA-256 hash before storage.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.1.5<\/h4>\n\n<ul>\n<li>Replaced query-string admin notices with secure per-user transients.<\/li>\n<li>Documented WooCommerce checkout nonce verification for static analysis.<\/li>\n<li>Scoped uninstall variables inside a uniquely prefixed function.<\/li>\n<li>No blocking or checkout behavior changes.<\/li>\n<\/ul>\n\n<h4>1.1.4<\/h4>\n\n<ul>\n<li>Removed the unnecessary manual text-domain loader.<\/li>\n<li>Improved checkout input sanitization without changing matching behavior.<\/li>\n<li>Added safe prepared identifier placeholders to custom-table queries.<\/li>\n<li>Prefixed uninstall variables to follow WordPress coding standards.<\/li>\n<\/ul>\n\n<h4>1.1.3<\/h4>\n\n<ul>\n<li>Added checkout nonce validation and completed the security review fixes requested by the WordPress.org Plugin Review Team.<\/li>\n<\/ul>\n\n<h4>1.1.2<\/h4>\n\n<ul>\n<li>Added explicit WooCommerce checkout nonce validation before processing checkout POST data that can write logs or update the device blocklist.<\/li>\n<li>Removed raw checkout POST reads from order creation and payment-gateway filtering; these paths now use normalized WooCommerce session\/customer data.<\/li>\n<li>Removed database migration work from normal admin page rendering.<\/li>\n<\/ul>\n\n<h4>1.1.1<\/h4>\n\n<ul>\n<li>Replaced direct CSV file handles with WordPress filesystem access.<\/li>\n<li>Replaced timezone-sensitive date() calls with gmdate().<\/li>\n<li>Updated CSV export generation without direct fopen()\/fclose() calls.<\/li>\n<\/ul>\n\n<h4>1.1.0<\/h4>\n\n<ul>\n<li>Added international-safe phone normalization and validation.<\/li>\n<li>Prevented storage and matching of clearly incomplete phone values.<\/li>\n<li>Removed substring phone matching.<\/li>\n<li>Changed IP addresses to reference-only data that cannot block by themselves.<\/li>\n<li>Added reliable device fingerprint persistence through WooCommerce checkout sessions and order metadata.<\/li>\n<li>Added device blocking from the WooCommerce order screen when a saved fingerprint is available.<\/li>\n<li>Added individual attempt-history deletion.<\/li>\n<li>Added device-copy controls in attempt history.<\/li>\n<li>Moved admin JavaScript and CSS to properly enqueued asset files.<\/li>\n<li>Declared WooCommerce HPOS compatibility.<\/li>\n<li>Updated documentation and privacy information.<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release.<\/li>\n<\/ul>","raw_excerpt":"Restrict WooCommerce Cash on Delivery using email, international phone numbers, device fingerprints, and reference-only IP data.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/336721","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=336721"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/kouskouris"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=336721"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=336721"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=336721"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=336721"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=336721"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=336721"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}