Bouncer
Multi-provider CAPTCHA, fraud scoring, and geo protection for WooCommerce
Bouncer — reCAPTCHA & Fraud Protection for WooCommerce#
Multi-provider CAPTCHA and fraud protection plugin that protects your WooCommerce checkout, login, registration, and other form types from spam bots and carding attacks.
Why Bouncer?#
Most CAPTCHA plugins were built for WordPress blogs and ported to WooCommerce as an afterthought. They break on Block Checkout, conflict with PayPal Payments, and ignore express payment methods like Apple Pay and Google Pay. This plugin was built for WooCommerce stores from day one.
Five providers, one plugin#
Switch between CAPTCHA providers without installing a different plugin each time:
| Provider | Type | API Keys | Best For |
|---|---|---|---|
| Cloudflare Turnstile | Invisible challenge | Yes (free) | Most stores |
| Google reCAPTCHA v3 | Score-based invisible | Yes (free) | Google ecosystem |
| Google reCAPTCHA v2 | ”I’m not a robot” checkbox | Yes (free) | Visible verification |
| hCaptcha | Challenge-based | Yes (free) | Privacy-focused stores |
| Self-Hosted Honeypot | Multi-layer bot trap | No | GDPR-strict, no external calls |
What makes this different#
| Feature | Us | Most Plugins |
|---|---|---|
| Block Checkout support | ✅ Store API | ❌ Classic only |
| PayPal reCAPTCHA auto-detection | ✅ Built-in | ❌ Conflicts |
| Express payment skip | ✅ Automatic | ❌ Breaks Apple Pay |
| Rate limiting | ✅ Included | ❌ Separate plugin |
| IP whitelist/blocklist | ✅ CIDR + wildcards | ❌ Not available |
| Failsafe when provider is down | ✅ Honeypot fallback | ❌ Blocks everyone |
| Settings export/import | ✅ JSON | ❌ Not available |
| WC Product Vendors support | ✅ | ❌ |
| WC Subscriptions support | ✅ | ❌ |
| WC Memberships support | ✅ | ❌ |
| Fraud scoring | ✅ 9-rule engine | ❌ Not available |
| Geo-blocking | ✅ Country-level | ❌ Not available |
| Disposable email detection | ✅ 780+ domains | ❌ Not available |
| Proxy/VPN detection | ✅ proxycheck.io | ❌ Not available |
| Elementor Pro forms | ✅ | ❌ |
| WC Bookings forms | ✅ | ❌ |
Quick start#
- Install — Upload and activate the plugin
- Choose provider — Go to WooCommerce > Settings > Bouncer and select a provider
- Enter API keys — Get keys from your provider (or pick Honeypot for zero setup)
- Select forms — Check the forms you want to protect
Key features#
For store owners#
- 5 CAPTCHA providers in one plugin with one-click switching
- 19+ form types protected including checkout, login, registration, and comments
- Rate limiting with configurable lockout after failed attempts
- IP whitelist and blocklist with CIDR notation and wildcard support
- Dashboard widget showing blocked attempts, lockout count, and provider status
- Settings export/import for staging-to-production workflows
- Failsafe mode falls back to honeypot when the external provider is unreachable
- Order fraud scoring with 9 rules, auto-hold, and per-order risk breakdown
- Disposable email detection with 780+ known domains
- Geo-blocking and country-based CAPTCHA exclusion
- Proxy/VPN detection via proxycheck.io integration
- [cfwc_captcha] shortcode for protecting custom forms
- Elementor Pro and WooCommerce Bookings form protection
For developers#
- 19 hooks and filters for customization
- Public API to render and verify CAPTCHA on custom forms
- Custom provider registration via the
cfwc_register_providersaction - Template override for widget appearance
- WooCommerce logging integration for debugging
Use cases#
Online stores under bot attack#
Protect checkout from carding attacks, fake orders, and registration spam. Rate limiting catches repeat offenders after the first few failures.
Multi-vendor marketplaces#
Protect vendor registration forms (WooCommerce Product Vendors) alongside customer-facing forms. Most CAPTCHA plugins ignore vendor registration entirely.
GDPR-strict European stores#
Use the self-hosted honeypot provider with zero external API calls. No data leaves your server, no cookie consent banner needed for CAPTCHA.
Stores hit by fraudulent orders#
When CAPTCHA alone isn’t enough, the fraud scoring engine evaluates 9 risk signals per order and auto-holds suspicious ones. You get a per-order risk breakdown so you can review before fulfilling.
Documentation#
| Guide | Description |
|---|---|
| Getting Started | Installation, API keys, first setup |
| CAPTCHA Providers | All 5 providers explained |
| Protected Forms | 19+ form types and how they work |
| Rate Limiting & IP Control | Lockouts, whitelists, blocklists |
| Compatibility | PayPal, Block Checkout, HPOS, express payments |
| Settings | Complete settings reference |
| Developer Guide | Hooks, filters, API, custom providers |
| Fraud Scoring | Fraud rules, risk scoring, auto-hold |
| Geo Protection | Country blocking, CAPTCHA exclusion |
| FAQ | Common questions and troubleshooting |
Requirements#
- WordPress 6.0+
- WooCommerce 8.0+
- PHP 7.4+
Support#
- Documentation: You’re here!
- Themology Support: Bug reports, feature requests, and critical support
License#
Bouncer is released under the GPL v3 or later.
Browse the docs
Jump straight to the page you need.