If you search for the simple and FREE plugin to blacklist the customer from checking out, you can try out the following plugin. Woo Manage Fraud Orders
Get it Now
Blacklist the customer, How?
First of all, this plugin uses the three details of the customer to stop the customer from placing the order.
- IP address
- Phone
There are two options to put the customer on the black list.
- Manually
- Automatically
In the manual mode as well, there are two options.
- Order edit page
- Direct setting
Via order edit page
- Go to the order edit page
- In the top right section, you will “Order Actions”. Then, you need to choose the “Blacklist Order”.
- Then, click the “Update” button.
- Now, the three customer details (IP address, phone and billing email) will be blacklisted for future checkout.

Via direct setting
- Navigate to “WP Admin >> Woocommerce >> Setting” and click the “Blacklisted customers” tab.
- There you will see three text-area fields;each for three customer details.
- You can enter every new customer details in new line as shown in below image and hit the “Save changes” button.



Automatic Blacklisting
Above All, This plugin will also handle auto blacklisting. When customers repeatedly place the FAILED order, we can configure this plugin to automatically blacklist the customer details after a certain number of failed attempts. You can configure this number in the back-end setting which can be seen in the above image.
Furthermore, You can customize the message to show for the blocked customers as well.
Additional Features
- Bulk Blacklisting
- Remove the customer details from blacklisting
- Whitelisting by payment gateways
- Whitelist customer by username
Bulk Blacklisting
For bulk blacklist customer details of multiple orders, you can select the needed orders. Then choose the “Blacklist Customer” as shown in the below screenshot.

Remove the customer details from blacklisting
Just like we can add the customer details to the black list in the order edit page via “order actions”, we can remove the customer details from the same settings UI as shown below screenshot.

Note: “Remove from Blacklist” option will be available only if one of the customer details (IP address, Email, or Phone) is already on the blacklist.
Finally, just like we can add the new customer details via direct settings as explained above, we can manually remove the customer details as well.
Comments
Can it block a whole spam domain email addresses like all emails from @domain.com ?
Yeah, It is possible.
Please update to the latest version.
Can it block ipv6 ?
Of course. It can block ipv6.
Hi! Is there a way to add custom checkout fields to the blacklist? Thank you!
As of now, it doesn’t have. However, I will definitely put this on the checklist for future releases.
We are using your plugin on one of our websites. We have it set to blacklist individuals after 3 failed attempts. Today, the same person tried to test credit cards. The person had the same IP address, same customer name in WooCommerce but used different email addresses. The person managed to test placing orders ten times before getting blacklisted. When using different email addresses, should the plugin still blacklist after 3 failed attempts?
Also, is there any logging of failed attempts associated with the plugin that we can view?
Thanks,
If trying with the same IP, it should track the failed attempts even if the user changes the email addresses. Since plugin is using browser cookie for failed attempts storage, it can be manually controlled by customer if they know how. I am considering better approach for tracking failed attempts.
And for the logs of failed attempts, i will consider them in the future releases.
Hi Barry,
Please update to the latest version 2.3.0 and check it out.
The version 2.2.0 and later supports the logging of blacklisted order attempts.
Hi there.
Thanks for making this plug-in freely available. Very kind of you.
Does it support blocking of IP ranges? For example, using CIPR format for a range?
An example of that would be this: To block 110.54.192.0 – 110.54.243.255 the following three IP entries, in CIDR format would be necessary:
110.54.192.0/19
110.54.224.0/20
110.54.240.0/22
Is the plug-in able to work with that?
Thanks.
Jonathan
Hi jonathan,
I am sorry to say that this plugin doesn’t supper blocking by IP ranges.
I am not sure what are CIPR and CIDR formats. I need to do the research on those terms first and then I will see if they can be added in future releases.
Thanks
Hello, your plugin is awesome but I need something more. I want the blacklisted email can only complete the order if it chooses to pay by a card or bank transfer. If he chooses cash on delivery, he will not be able to complete the order. Is this easy? Thank you
Hi,
The plugin version 2.3.0 supports whitelisting by customer and payment gateways. Please check it out.
Hi!
Sometimes the same order is duplicated, people press the button 3 times, is there a way to avoid repeating it with this plugin
I am sorry, this feature doesn’t comes under the scope of this plugin.
By the way, woo commerce itself prevents multiple click of place order unless you change the default behavior.
Thank you for this plugin! Yesterday I had two customers that were blocked from ordering and it was their first attempt, with no previous orders/declines. None of their info was on the blacklist either. Their orders were directly after a customer was legitimately blacklisted though. Did they get caught in it because of the previous person? Any idea what happened? Is there any way to whitelist someone to make sure the plugin doesn’t stop them? Thank you much!
Yeah they might be caught because of previous person. The same PC or same IP network.
As of now whitelisting customer is not available but I will definitely consider that in the next release.
The plugin version 2.3.0 supports whitelisting by customer. Please check it out.
Cheers.
Please add the ability to add a physical address to the block list, we were hit with a rash of bogus credit card hits all using the same 2 mailing address
Hi,
The plugin version 2.1.0 and later supports the blacklistin by billing address. Please update to the latest version and let me know if this works for you.
Thanks
Thank you!
Thanks for trying out the plugin.
We are using multisite and when we try to activate de plugin we have the following error.
Woo Manage Fraud Orders depends on WooCommerce to work!
Our Woorcerce is up to date.
Do you have any idea why?
The new update 2.3.0 should fix this issue. Please update the plugin.
Hi, thank you for the plugin! Is it possible to also include to block customer by the zipcode/postalcode?
That would complete this plugin! 🙂
I will definitely consider this.
Thanks for trying out the plugin.
Hi,
The plugin version 2.1.0 and later supports the blacklisting by billing address. Please update to the latest version and let me know if this works for you.
Thanks
Hey I’d like to know if this works with cybersource payment gateway. I installed the plugin set the limit to 5 but it seems a bug tried +1000 failed payment attempts. The plugin didn’t work.
Hi,
I am not sure whether it works for cybersource payment gateway or not. However I would definitely like to have the look.
I said I am not sure because cybersource payment gateway might different hook action on failed order.
Please if possible, share the ZIP file of the cybersource with testing credentials and I will have the look.
Please feel free to contact at pranuk.prwnsi@gmail.com or skype malla.prasidhda@outlook.com
Thanks
Is it possible to blacklist a block of emails with wild cards? We have a using the same 4 letters with different numbers..
As of now only supports by email domain. I will put it in the future releases.
Your Latest Update is blocking all ordes request we are unable to placce order now while the plugin is active
Hi,
I have tested it again and again here in my machine and each time it seems to be working fine.
I would love to debug the issue in your case if you can share the details.
Please feel free to contact me at skype at malla.prasidhda@outlook.com
Thanks
Hi there,
First of all thank you for this amazing plugin, it works wonders!
Just a quick one, if I whitelist a payment method, can I allow blacklisted people to only place an order using card payment, for example?
Thanks
Hi,
Thanks for using the plugin.
And YES, when you whitelist card payment, even blacklisted customers can place the order using card payment.
This is a brilliant plugin! Any chance you could add a feature to only block certain categories? I have customers I want to block from signing up for an in person event, but I want to allow them to purchase virtual products. I see you can restrict by product type but this doesn’t quite work since they’re both simple products.
Hi Dave,
Thanks for using the plugin. I will consider your request in the upcoming release.
Hi, I am looking for a plugin which can be used to notify when a selected list of customers place an order. Like if I want to monitor some specific customers when they place the order.
Hi
thank you for the plugin
please support me with the below error that appear on my site recently and I had to remove your plugin
WordPress version 5.8.2
Current theme: Envo eCommerce (version 1.1.1)
Current plugin: Woo Manage Fraud Orders (version 2.5.1)
PHP version 7.4.14
Error Details
=============
An error of type E_ERROR was caused in line 54 of the file /home/dh_vips/gvape.vip/wp-content/plugins/woo-manage-fraud-orders/includes/admin/class-wmfo-bulk-blacklist.php. Error message: Uncaught TypeError: Argument 1 passed to WMFO_Bulk_Blacklist::handle_bulk_blacklisting() must be of the type string, null given, called in /home/dh_vips/gvape.vip/wp-includes/class-wp-hook.php on line 303 and defined in /home/dh_vips/gvape.vip/wp-content/plugins/woo-manage-fraud-orders/includes/admin/class-wmfo-bulk-blacklist.php:54
Stack trace:
#0 /home/dh_vips/gvape.vip/wp-includes/class-wp-hook.php(303): WMFO_Bulk_Blacklist->handle_bulk_blacklisting(NULL, ‘mark_completed’, Array)
#1 /home/dh_vips/gvape.vip/wp-includes/plugin.php(189): WP_Hook->apply_filters(NULL, Array)
#2 /home/dh_vips/gvape.vip/wp-admin/edit.php(212): apply_filters(‘handle_bulk_act…’, ‘/wp-admin/edit….’, ‘mark_completed’, Array)
#3 {main}
thrown
Hi Vape,
This is fixed in version 2.5.4. Please update the plugin.
Hello,
I had a question regarding the plugin. Your plugin works well for blacklisting the user for fraud orders BUT i noticed that it still allows the user to keep attempting the card or different cards using a bot and so i will see around 1000 attempts and so the network gets brute attacked and all the failed orders are all in the woocommerce dashboard and not to mention all the emails of the failed attempts.
Is there a way that you can have this plugin BLOCK the user after “x ‘ number of failed/declined attempts? This can eliminate “carding attacks” I see nothing online except for reCaptcha which is good at stoping this BUT it has also blocked out many legitimate customers from processing their orders so i only have seen problems with reCaptcha.
I was thinking you can block the user automatically by the email, name or even IP.
Let me know your thoughts on this and would pay for this service.
Thank you
Hi Carm,
Thanks for contacting me.
I have been thinking of this feature for a quite time now. However, I am still not sure how to simulate the bot orders. Do you know any such kind of simulation?
Without knowing how BOT places the orders, It will be like shooting in night.
I am doing research on this part and as soon as I find something to implement, I will definitely.
Thanks again.
I have installed 2.5.4 versions on Woocommerce 5.9. But it have critical error when I try to save the block details. Is 2.5.4 not compatible with Woocommerce 5.9?
Hi Prasidhda,
I have been looking for the exact thing Carm has been looking for. I believe I figured out a good method for this, but hadn’t figured out the best way to stop the repeat transactions. Send me an email please and I’ll show you my thoughts. Maybe this is something that can be added in your plugin for others to use and so I won’t need to figure out how to block someone that has been flagged as suspicious.
Thanks…
John M Powell
Digipark
I love this Plugin, it has really helped stop fraudulent transactions on our website. I have had an issue with removing the customer from blacklist. On the order page under actions.. I click ” remove customer from blacklist ” when I look under woocommerce settings.. under WMFO, their name has been removed from the blacklist but when they try to reorder it is still blocking them and giving the “restricted from ordering message. I have to disable the plugin to get the order to go through. Am I doing something wrong? Thanks… Neil
Hi Neil,
Thanks for using the plugin and reporting the issues.
I think your customer had exceeded the number of allowed fraud attempts and got blocked.
Now, while unblocking the customer from order action, it does remove the customer details from block list but it doesn’t remove the fraud attempts stored in DB. I think this is something I need to address in the next update.
Until I come with the next release, there are two workarounds for you.
1. Whitelist the customer from the WooCommerce setting >> WMFO tab.
2. Remove the fraud attempts log from WMFO >> Fraud attempts log
I hope this helps.
Hi
can I whitelist whole domain? for example @gmail.com?
I need my shop to allow to place order only from a specific emai domain.
cheers
Krzysiek
Hi Krzysiek,
I am afraid it is not possible with current version of the plugin.
But I will definitely consider this on the upcoming updates.
Thanks
Hello Prasidhda,
Thank you for this plugin. I just installed this today, in hopes it will work to stop Carding attacks.
Installed it now, but it will not allow me to make any changes or save the changes. When attempting to adjust whitelist, for internal employees, or blacklist a card tester that hit us 3900 times this morning, I go to save changes, and it just goes to a white screen (page) and does not go any further.
I’m unsure if there’s a permission I need to set for access on our Woocommerce site, but any changes, including just unchecking a box, results in blank screen (page) when I try to save.
I have not been able to test it on a credit card order yet, as it’s paypal only coming in since install.
If a customer does get blacklisted, I would not be able to go back in and remove them from the blacklist, or whitelist them, in case they attempt too many times. So, it’s difficult for me to trust leaving it installed over the weekend in case orders fail.
I can send you more details if needed for Woocommerce version, etc.
My website is pretty up to date, but we are running some malware plugins, etc as well.
Thanks,
Chris
Your Woo Manage Fraud Orders saves me a lot of bother by keeping fraudsters and crazies from placing orders on my site. I would like to express my gratitude. Many developers, in descriptions of their plugins, give an option for making a donation. Why don’t you do that?
Best regards,
Thomas
This plugin had been working great and would happily pay for it! But recently a large number of orders have been auto flagged after 5 attempts but I know they are legitimate orders. What causes an order attempt to be flagged as a fraud attempt? How can I help troubleshoot this? I had to disable the plugin as I’m losing legit business, unfortunately.
Hi David,
Thanks for reaching out to me.
What causes an order attempt to be flagged as a fraud attempt?
Ans: When customer tries to place order with invalid credit card info, or any way which causes woo commerce to mark order as failed status, it will be flagged as fraud attempt.
You can check the fraud attempt logs at WP Admin >> WMFO >> Fraud attempt logs. You can search the record of blocked customers and if you think they are legitimate, you can remove such fraud attempt logs.
How can I help troubleshoot this?
Ans: Please navigate to the WP Admin >> WooCommerce >> WMFO tab and check the value for “Number of allowed Fraud Attempts”. You can increase this if you think current set value is too low.
FYI: You can personally email me at pranuk.prwnsi@gmail.com. I would love to help.
Is there a way to whitelist an IP address? We are having an issue with our IP address being blacklisted when we do a phone order with the phone order plugin. Fails the order we are inputting and blacklists our IP address. I would be glad to provide any more info.
Woo Commerce v. 7.0.0
Word Press v. 6.0.3
Phone Orders for WooCommerce (Pro) (Algol Plus) v. 3.7.2
Hi,
This plugin has white listing features but only for WP users not IP. I will consider this adding in next feature.
Thanks for letting me know.
Hi
we are facing a HTTP ERROR 500 and white page and we can have the setting plugin page under woocommerce / setting
Please help
Does your sites have too many users? The plugin settings will fetch all the users for one of the settings.
I suggest you to increase the php memory limit and try again.
Updated to PHP 7.4 but the plugin then cause a PHP error. “Your PHP installation appears to be missing the MYSWL extension which is required by WordPress”. Running almost latest WP and Woocommerce. Anyone else having similar issues?
/H
I am writing to bring to your attention an issue we are currently experiencing with our COD orders. Specifically, we have blocked some customers from placing orders for COD payment method, but your system is still redirecting them to the OTP page.
Could you please investigate the issue as soon as possible and let us know what can be done to resolve it?
Video link: https://jmp.sh/9iAvf8AH
I see that some customers have failed to enter a correct CVV 3 times and then are blacklisted.
Does the ‘Blacklists Notice Message’ appear only after the set number of failed attempts has been reached, and the potential customer is then already blacklisted? Or does it appear after each failed order attempt?
It would be nice to be able to inform customers of legitimate errors during the ordering process so those could be corrected.
As a follow up to my previous question about blocking incorrect CVVs, I did just purposefully enter a bad CVV code while checking out to see what happened and it immediately empties the cart with no explanation to the customer, which is a rather confusing response.
Is there any way *prior to the maximum attempts* to pass the error message (or some user-friendly version of it) returned from the payment processor back to the user’s screen so they can correct any potential typo? That would be a more reasonable response.