=== Precise Expressions Checkout Abuse Protection for WooCommerce ===
Contributors: preciseexpressions
Tags: woocommerce, checkout, anti-spam, fraud mitigation, rate limit
Requires at least: 6.2
Tested up to: 7.0
Requires PHP: 7.4
Stable tag: 1.0.1
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Lightweight WooCommerce checkout bot and card-testing mitigation for classic and block checkout with aggregate protection metrics.

== Description ==

Precise Expressions Checkout Abuse Protection for WooCommerce helps mitigate automated checkout abuse and card-testing activity on WooCommerce stores.

This lightweight Lite version provides essential, always-on protection for both classic and block checkout without relying on third-party services.

It is designed to reduce automated pressure on checkout endpoints while remaining simple, privacy-aware, and low-overhead.

### What the Lite Version Protects Against

* Automated checkout submission bursts.
* Repeated failed-payment retry attempts (common in card testing).
* Unrealistically fast checkout submissions (timing signal).
* Hidden field abuse via an invisible honeypot (classic checkout).
* Excessive retries from a single IP.

The Lite version focuses on practical mitigation that store owners can enable quickly, without complex configuration.

### Pro Version

A Pro add-on is available separately for stores that need detailed event logs, alerts, exports, and advanced reporting. The Lite version is fully functional on its own and does not require Pro.

== Features (Lite Version) ==

* Always-on checkout protection for classic and block checkout.
* Checkout submission rate limiting.
* Failed-payment retry throttling.
* Invisible timing-based bot signal.
* Invisible honeypot signal (classic checkout only).
* IP and role allowlist controls.
* Aggregate dashboard metrics (today / last 7 days / top reasons).
* No third-party service dependency.
* Privacy-aware by default (no persistent event logs in Lite).

== Privacy ==

This plugin:

* Does **not** send data to third parties.
* Stores aggregate blocked-attempt counts only (by day and reason) in the Lite version.
* Does not store raw IP addresses in persistent logs.
* Stores user-provided allowlist IPs exactly as entered in settings.

The Pro version stores structured event records for reporting purposes, without storing raw IP addresses or unnecessary personal data.

== FAQ ==

= Will this stop all fraud? =

No. This plugin is a mitigation layer designed to reduce automated abuse and card-testing attempts. It should be used alongside payment gateway risk controls, fraud prevention settings, and appropriate hosting security measures.

= Does it slow down checkout? =

The Lite version is designed to be lightweight and low-overhead. It performs simple checks before payment processing and stores only aggregate counters.

= Is it compatible with WooCommerce block checkout? =

Yes. The Lite version includes Store API checkout protection for rate limiting, timing checks, and failed-payment throttling. The classic checkout honeypot signal applies to classic checkout only.

= Does it require CAPTCHA? =

No. The Lite version does not integrate CAPTCHA or third-party anti-bot services.

= Is the Pro version required? =

No. The Lite version functions independently and provides essential checkout abuse mitigation. The Pro add-on provides additional monitoring, reporting, and response capabilities.

== Screenshots ==

1. Dashboard showing blocks today, last 7 days, and reason breakdown.
2. Settings page with thresholds, allowlist, reset control, and uninstall data policy.

== Installation ==

1. Ensure WooCommerce is installed and active.
2. Upload the plugin files to the `/wp-content/plugins/precise-expressions-checkout-abuse-protection/` directory, or install the plugin through the WordPress Plugins screen.
3. Activate the plugin through the Plugins screen in WordPress.
4. Go to WooCommerce > Bot Protection to review settings and run the self-check.

== Changelog ==

= 1.0.1 =
* Removed mode switching and moved to a single always-on protection profile.
* Added "Reset to Defaults" action in settings.
* Added Store API/block checkout protection hooks.
* Updated timing signal behavior to refresh on each checkout page render.

= 1.0.0 =
* Initial release.
* Classic and block checkout protection with rate limiting and timing checks.
* Classic checkout honeypot signal.
* Failed payment throttling, allowlist, settings, and aggregate dashboard.
* Pro-ready extension points.

== Upgrade Notice ==

= 1.0.1 =
Includes always-on protection profile, settings reset, and block-checkout hardening improvements.
