Title: TrustLens – Trust Scores & Fraud Detection for WooCommerce
Author: webstepper
Published: 13. Februar 2026
Last modified: 11. Mee 2026
---
Search plugins
# TrustLens – Trust Scores & Fraud Detection for WooCommerce
By [webstepper](https://profiles.wordpress.org/webstepper/)
[Download](https://downloads.wordpress.org/plugin/trustlens.1.2.3.zip)
* [Details](https://ltz.wordpress.org/plugins/trustlens/#description)
* [Reviews](https://ltz.wordpress.org/plugins/trustlens/#reviews)
* [Installation](https://ltz.wordpress.org/plugins/trustlens/#installation)
* [Development](https://ltz.wordpress.org/plugins/trustlens/#developers)
[Support](https://wordpress.org/support/plugin/trustlens/)
## Description
**Stop losing money to abuse you can’t see.** Serial returners, coupon exploiters,
fraud rings, and stolen-card bots quietly drain WooCommerce stores — sometimes thousands
per year. The damage usually shows up only after the chargeback ratio climbs or
the margin disappears.
TrustLens is a behavior-based **customer trust scoring and fraud detection plugin
for WooCommerce**. It scores every shopper from **0 to 100** using real store behavior
and sorts them into six risk segments — **VIP, Trusted, Normal, Caution, Risk, Critical**.
Eight detection modules run in the background: returns, orders, coupons, categories,
linked accounts, shipping anomalies, chargebacks, and card-testing attacks at checkout.
You see exactly which signals moved each score, and **you decide what to do** about
it.
**TrustLens never auto-blocks in Free.** You review the customer profile and choose:
block at checkout, allowlist forever, or simply watch the trend. Nothing happens
behind your back. All customer data stays inside your store — no third-party calls—
and linked-account fingerprints are pseudonymized with keyed HMAC-SHA256 hashes.
#### Abuse patterns TrustLens catches
TrustLens turns the WooCommerce data you already have into actionable customer intelligence.
Instead of reading hundreds of orders and refunds line by line, you get one clear
score per customer and a six-segment view of your entire customer base. The dashboard
surfaces the patterns that move the needle:
* **Return abuse and wardrobing** — serial returners, high refund rates buried
across hundreds of orders, customers with 90%+ full-refund ratios
* **Coupon and discount fraud** — repeat first-order coupon use, coupon-then-refund
cycles, throwaway accounts created only to grab a discount
* **Multi-account fraud rings** — different emails sharing the same shipping address,
IP, payment method, phone number, or device fingerprint
* **Chargeback exposure** — disputes per customer, blended store-wide chargeback
ratio, brand-by-brand approach to Visa, Mastercard, Amex, and Discover monitoring
thresholds
* **Card-testing attacks at checkout** — bots probing stolen cards through your
payment gateway, racking up declines, fees, and downstream chargebacks
* **Shipping address fraud** — address hopping, billing/shipping country mismatches,
rapid address-change velocity, reshipping patterns
* **Hidden VIPs** — long-tenured loyal customers you should protect from accidental
friction or false positives
You see who’s worth rewarding, who’s silently costing you, and you take the call.
#### What’s included in the free version
The WordPress.org download is the **complete plugin** — no trial limits, no disabled
scoring, no locked modules. Everything below ships in Free.
**Detection — all 8 modules included**
* **Return Abuse Detection** — analyzes refund rate, refund frequency, refund value,
and full-vs-partial refund ratio to spot serial returners and wardrobing
* **Order Pattern Analysis** — completion rates, cancellation patterns, unusual
order velocity
* **Coupon Abuse Detection** — repeat first-order coupon use, coupon-then-refund
pattern, excessive coupon stacking
* **Category-Aware Risk Scoring** — applies extra risk when customers show high
return rates in specific product categories
* **Linked Accounts Detection** — identifies accounts sharing shipping addresses,
billing addresses, phone numbers, IPs, payment methods, or device user-agent
fingerprints
* **Shipping Address Anomalies** — address hopping, billing/shipping country mismatches,
address-change velocity, configurable velocity window (7–90 days)
* **Chargeback Tracking** — per-customer dispute history with automatic ingestion
from Stripe and WooPayments, manual entry form for other gateways, automatic
card-brand capture for accurate ratio reporting
* **Card-Testing Defense** — real-time decline-velocity monitoring in 60-second
and 10-minute rolling windows, attacker device fingerprints locked out for 90
seconds, VIP customer bypass on by default so repeat buyers are never disrupted,
one-click Panic Freeze button that halts all checkouts for 15 minutes during
an active attack
**Trust scoring engine**
* **0–100 trust score** for every customer, recalculated automatically when behavior
changes
* **Six risk segments** — VIP, Trusted, Normal, Caution, Risk, Critical
* **Every signal visible on the customer profile** so you can see exactly how a
score was calculated
* **Account-age loyalty bonus** up to +15 points for long-standing customers
* **Configurable scoring thresholds** — minimum orders required, return-risk levels,
checkout-blocking settings
**Dashboard and monitoring**
* **Command Center dashboard** — trust score trends, segment distribution, refund
activity, high-risk customer list, revenue-protection KPIs
* **Chargeback Ratio Speedometer** — blended calendar-month ratio with Healthy /
Approaching threshold / Action-needed status against Visa, Mastercard, Amex,
and Discover monitoring programs
* **Module status row** — quick on/off and one stat per detection module at a glance
* **Persistent plugin-wide admin header** with unified navigation, live status
pill, notifications bell, and ⌘K command palette for fast access to any customer
or setting
**Customer management**
* **Trust badges on the WooCommerce orders list** — sortable, filterable by segment,
one click to the full customer profile
* **Detailed customer profile** with score history, event timeline, linked accounts,
signal impact bars, and return-rate trend chart
* **Bulk actions** — block, unblock, allowlist, recalculate, delete in bulk
* **Allowlist protection** — locks a customer’s score at 100 and prevents any negative
signals from affecting them, protecting VIPs from false positives
* **Checkout enforcement** — blocked customers can’t add items to cart or complete
checkout (works on both Classic and WooCommerce Blocks / Store API checkout)
* **Customizable block message**
**Operational**
* **Historical Sync** — build trust profiles from past WooCommerce orders in the
background using small batches that don’t slow the frontend
* **REST API** with 8 endpoints for integrations, customer lookups, score retrieval,
segment filtering, and triggering recalculations
* **WooCommerce HPOS compatibility** — fully compatible with High-Performance Order
Storage
* **GDPR privacy tools** — full WordPress privacy export and erasure integration,
including signals, fingerprints, category stats, and automation logs
* **Order-screen integration** — trust score and segment displayed directly on
every WooCommerce order edit page
* **Core email notifications** — blocked-checkout alerts, activation summary, weekly
protection report
#### What Pro adds
Pro is for stores that want TrustLens to act on what it finds — automation, advanced
alerts, deeper chargeback analytics, and payment-risk workflows.
**Advanced Chargeback Monitor**
A dedicated **TrustLens Chargeback Monitor** page built to keep you clear of card-
network monitoring programs:
* Per-brand ratio breakdown — **Visa VDMP/VFMP, Mastercard ECP, Amex, Discover**—
with threshold progress bars
* **12-month trend chart** showing how each brand has moved over time
* **Trailing-30-day window** alongside the Free calendar-month view
* **Recent disputes activity feed** with case status
* **Top-disputed customers** with one-click access to a **Dispute Evidence Report**—
print-ready professional behavioral risk report (trust score, signals, order
history, return analysis vs store average, linked accounts, full event timeline)
that you can submit alongside processor dispute responses
* **Customizable warn-threshold percent** (50–100%)
* **Auto-Block After N Lost Disputes** — configurable runtime enforcement
**Chargeback Ratio Email Alerts** — daily check that emails you before any brand
crosses its network threshold, deduplicated per brand per calendar month so you’re
never spammed.
**Automation Rules**
Build trigger-based rules that fire when customer risk changes, orders are placed,
refunds are processed, disputes are filed, linked accounts are detected, card-testing
attacks happen, or shipping anomalies are spotted.
* **16+ triggers** including Chargeback Filed, Dispute Recorded, Linked Accounts
Detected, Card Testing Attack, Shipping Anomaly
* **30+ condition fields** including trust score, segment, total order value, total
disputes, customer age, country mismatch, coupon total, payment method, linked
accounts count
* **Actions** — block customer, hold order, send email, fire webhook, allowlist
customer, cancel order, tag customer
* **Async dispatch with automatic retry** (60s / 120s / 240s backoff)
* **HMAC-SHA256 signed webhooks** by default for security
* **Save-time validator** blocks rules that can never fire — unsatisfiable conditions,
schema violations, contradictions — each with a specific inline reason
* **Inline rule inspector** shows SKIP status with the exact reason (“Cooldown
active” / “Condition not met: trust_score > 50”) so you can answer “why didn’t
my rule fire?” in one glance
**Card-Testing Defense Pro**
On top of free Card-Testing Defense, Pro adds attack-scale protection:
* **Auto-escalation** from targeted blocking to global Panic Freeze when an attack
spreads across multiple device fingerprints (default: 3 distinct devices in 10
minutes)
* **Geographic-diversity safeguard** — before escalating, checks whether the decline
burst is naturally distributed across ≥10 countries with no single country >50%,
so legitimate flash-sale or viral traffic isn’t mistaken for an attack
* **Fingerprint and IP CIDR allowlists** for QA, integration partners, and known-
good traffic (IPv4 and IPv6 ranges supported)
* **Advanced fingerprint signal** — 12-font detection via baseline-width comparison,
harder for botnets to spoof consistently across nodes
* **Per-fingerprint threshold overrides** for tighter or looser thresholds on specific
known devices
* **Attack History tab** with 24-hour decline count, decline-code breakdown, top-
10 attacking fingerprints, hourly timeline chart, CSV export of all velocity
events
* **Slack and email alert dispatcher** for `attack_detected`, `auto_escalated`,
and `panic_button_activated` events
**Payment Method Risk Controls** — hide specific payment gateways for high-risk
customers, linked accounts, or velocity spikes. Fine-grained checkout protection
without blocking the whole order.
**Scheduled Reports** — daily, weekly, or monthly email summaries of store risk
activity, customer trends, and protection KPIs.
**10 advanced notification types** — High-Risk Order Alert, Segment Change Alert,
Daily Digest, High-Value Order Alert, Repeat Refunder Alert, Velocity Alert, Score
Recovery Alert, New Customer Risk Alert, Monthly Revenue Protection Report, Chargeback
Filed Alert.
**Advanced Address Analysis** — diversity-trend detection and enhanced country-mismatch
severity for deeper shipping-fraud insight.
**Bottom line:** Free surfaces the risk. Pro acts on it.
#### How trust scoring works
Every customer starts at a neutral **50**. TrustLens detection modules analyze behavior
and apply positive or negative signals:
* **Completed orders** increase trust
* **Refunds** decrease trust based on frequency, value, and full-vs-partial ratio
* **Coupon abuse patterns** apply penalties (repeat first-order coupons, coupon-
then-refund cycles)
* **High return rates in specific categories** add additional risk
* **Linked accounts** with already-risky customers reduce scores via fraud-ring
detection
* **Disputes and chargebacks** apply significant penalties
* **Shipping anomalies** (address hopping, country mismatches, change velocity)
reduce scores
* **Card-testing exposure** — customers tied to device fingerprints involved in
past attacks lose trust
* **Account age** adds a loyalty bonus of up to **+15** for long-standing customers
Scores are always clamped to 0–100. Every signal is visible on the customer profile
so you can see exactly how each score was calculated and trust the decision.
Customers below the configurable minimum order threshold (default: 3 orders) stay
in the Normal segment until enough data exists for confident scoring — so new stores
don’t get noisy false positives in their first weeks.
#### Who TrustLens is for
* **WooCommerce store owners** losing margin to serial returners, refund abuse,
or coupon fraud
* **Operations and CX managers** who need data to back up customer policies with
confidence
* **Fraud prevention teams** looking past payment-gateway signals into behavioral
patterns
* **Merchants worried about Visa, Mastercard, Amex, or Discover** chargeback monitoring
programs (VDMP / VFMP / ECP)
* **Stores with generous return policies** that attract both loyal customers and
abuse
* **Stores using Stripe or WooPayments** — chargeback and card-brand data flow
in automatically with no manual setup
* **Stores using other gateways** (PayPal, Square, offline, custom) — manual chargeback
entry keeps your ratio accurate
#### Privacy and data handling
TrustLens works **entirely inside your WordPress and WooCommerce installation**.
It does not send customer data to the plugin developer or to any default third-party
service. External delivery only happens if you explicitly configure features like
webhooks, Slack alerts, or email notifications.
* Customer identifiers are pseudonymized with **keyed HMAC-SHA256 hashes** so raw
email and identifier values are never exposed or reused across sites
* Linked-account fingerprints (address, phone, IP, payment method, device) use
the same keyed-hash approach
* **WordPress privacy tools** are fully integrated — customers can request data
export or erasure through the standard WordPress workflow, and TrustLens responds
with signals, fingerprints, category stats, and automation logs included
* **GDPR-compatible** by design
* All scoring signals are visible on the customer profile so customer-service teams
can explain any score on request
#### Built for production WooCommerce
TrustLens is engineered for busy stores and growing order volume:
* **Asynchronous background scoring** via Action Scheduler — the same system WooCommerce
uses for its own background jobs
* **WooCommerce HPOS compatibility** — fully compatible with High-Performance Order
Storage and legacy stores alike
* **Transient-cached dashboard queries** (15-minute and 1-hour TTLs) with automatic
invalidation on new events so the dashboard doesn’t re-query order meta on every
page load
* **Batch-based Historical Sync** that processes past orders in small chunks without
blocking the frontend
* **Lightweight checkout enforcement** using a single email-hash lookup
* **Unified Request Gate** that intercepts both Classic and Blocks / Store API
checkout through one rule-registration surface
* **PHP 7.4+ supported**, WordPress 6.4+ tested, WooCommerce-first throughout
If you need **chargeback prevention**, **return-abuse detection**, **fraud-ring
detection**, or **stolen-card attack protection** for WooCommerce, TrustLens gives
you the data and the tools to act — without taking control out of your hands.
### External Services
This plugin may connect to external services as described below.
#### Freemius SDK
This plugin uses the [Freemius](https://freemius.com) SDK for optional usage tracking,
license management, and plugin updates.
**When data is sent:**
* During plugin activation, only if the user explicitly opts in
* When checking for plugin updates
* When activating or deactivating a Pro license
**What data is sent:**
* Site URL, WordPress version, and PHP version
* Plugin version and activation status
* Admin email (only if opted in)
* License key (Pro version only)
**Important:** No data is sent unless you explicitly opt in during plugin activation.
You can skip the opt-in entirely and use the free version without sharing any data.
* Service: [Freemius](https://freemius.com)
* Terms of Service: [https://freemius.com/terms/](https://freemius.com/terms/)
* Privacy Policy: [https://freemius.com/privacy/](https://freemius.com/privacy/)
#### Webhooks (Pro, Optional)
When webhooks are enabled in TrustLens settings (Pro feature), the plugin sends
HTTP POST requests to URLs configured by the administrator.
**When data is sent:**
* When a customer’s trust score is updated (if enabled)
* When a customer is blocked (if enabled)
* When a checkout is blocked (if enabled)
* When a high-risk order is placed (if enabled)
* When testing webhook connectivity
**What data is sent:**
* Customer email hash and, when available, the customer email stored in TrustLens
* Trust score and customer segment
* Event type and timestamp
* Order details for high-risk order events (order ID, total, status)
* Site URL and site name
**Important:** Webhook endpoints are entirely configured by you. No data is sent
to any third-party service unless you explicitly add webhook URLs. The plugin does
not send data to the plugin developer or any default external service.
## Installation
1. Install **TrustLens** directly from the WordPress plugin repository, or upload
the `trustlens` folder to `/wp-content/plugins/`
2. Activate the plugin through the **Plugins** menu — TrustLens checks for WooCommerce
automatically
3. Open **TrustLens Dashboard** to see the Command Center
4. Click **Run Historical Sync** to build trust profiles from your existing WooCommerce
orders — the sync runs in the background in small batches and does not affect site
performance
5. Visit **TrustLens Settings** to adjust scoring thresholds, checkout blocking,
and notification preferences
**What works out of the box:**
* All 8 detection modules are enabled by default
* Card-Testing Defense ships **enabled** with sensible thresholds — no configuration
required to start blocking stolen-card attacks
* VIP Customer Bypass is on, so repeat buyers are never disrupted by velocity rules
* Chargeback tracking is active for Stripe and WooPayments — disputes ingest automatically
* TrustLens **does not auto-block** any customer in Free until you explicitly choose
to
If you use Stripe or WooPayments, no extra setup is required for chargeback and
card-brand capture. Other gateways can be tracked through the manual chargeback
entry form on the order edit page.
## FAQ
### Does TrustLens work with guest checkout?
Yes. Customers are identified by a hash of their email address, so guest and registered
customers are tracked equally. If a guest later registers, their history carries
over.
### Will TrustLens automatically block customers?
By default, no. The free version is manual: it surfaces customer risk data, and
you decide when to block or allowlist someone. Pro can optionally automate specific
actions, including alerts, order holds, verification requirements, and customer
blocking if you configure automation rules or chargeback auto-blocking.
### How does linked accounts detection work?
TrustLens creates fingerprints from shipping addresses, billing addresses, phone
numbers, IP addresses, payment methods, and device user agents. When multiple customer
accounts share fingerprints, they are flagged as linked. This helps detect multi-
account abuse like repeated first-order discounts.
### Can TrustLens help reduce return abuse and refund abuse in WooCommerce?
Yes. TrustLens tracks refund rate, refund value, refund frequency, category-specific
return behavior, and related customer patterns over time. This helps you spot serial
returners and high-risk refund behavior earlier instead of reviewing refunds one
order at a time.
### Can TrustLens help with chargebacks and disputes?
Yes — and the core chargeback tracking is in the **free** version. TrustLens automatically
ingests disputes from Stripe and WooPayments, accepts manual entry for other gateways(
PayPal, Square, offline), keeps per-customer dispute counters, and feeds dispute
history into trust scores. The free dashboard also shows a **Chargeback Ratio Speedometer**
with a Healthy / Approaching / Action-needed status against Visa, Mastercard, Amex,
and Discover thresholds.
Pro adds a dedicated **Advanced Chargeback Monitor** with per-brand breakdown (Visa
VDMP/VFMP, Mastercard ECP, Amex, Discover), 12-month trend, trailing-30-day window,
daily ratio email alerts, a one-click Dispute Evidence Report for processor responses,
and auto-block after N lost disputes.
### How does the Chargeback Ratio Monitor work?
TrustLens captures the card brand on every Stripe and WooPayments paid order and
tracks how many of those orders end up as disputes. Your blended monthly chargeback
ratio is shown on the dashboard speedometer, with status colors keyed to **Visa
VDMP/VFMP, Mastercard ECP, Amex, and Discover** monitoring thresholds — so you can
see if you’re approaching enrollment before it happens. Pro adds per-brand ratios,
the 12-month trend chart, the trailing-30-day window, and daily email alerts.
### What is Card-Testing Defense?
Card-Testing Defense (free) is real-time protection against stolen-card attack bots
that probe your checkout with thousands of declined payment attempts. TrustLens
watches per-device decline rates in 60-second and 10-minute rolling windows. When
a device crosses the threshold it’s locked out of checkout for 90 seconds, blocking
the attack before it reaches your payment gateway and runs up gateway fees, fraud
fees, and downstream chargebacks.
**VIP Customer Bypass** is enabled by default, so customers with at least one successful
past order are never blocked by velocity. A one-click **Panic Freeze** button halts
all checkouts for 15 minutes during an active attack your thresholds haven’t caught.
Pro adds auto-escalation, a geographic-diversity safeguard so flash-sale traffic
isn’t mistaken for an attack, fingerprint and IP CIDR allowlists, attack analytics
with CSV export, and Slack alerts.
### Can I automate actions based on customer risk?
Yes, with Pro. Automation Rules let you build trigger-based rules that fire when
customer risk changes, orders are placed, refunds are processed, disputes are filed,
linked accounts are detected, card-testing attacks happen, or shipping anomalies
are spotted. Each rule supports 30+ condition fields and actions like block customer,
hold order, send email, fire webhook, allowlist customer, cancel order, or tag customer.
Pro automation also includes a save-time validator that blocks rules that can never
fire, an inline inspector that shows exactly why each rule fired or didn’t, and
async HMAC-SHA256-signed webhooks with automatic retry.
### What happens when I block a customer?
Blocked customers see a customizable message when they try to add items to their
cart or proceed to checkout. The block applies to both logged-in users and guest
checkouts matching the blocked email. All blocked checkout attempts are logged.
### Can I undo a block?
Yes. You can unblock a customer at any time from their profile page or the customer
list. You can also add customers to the allowlist, which locks their score at 100
and prevents any negative signals from affecting them.
### What happens right after I install TrustLens?
New WooCommerce orders are analyzed automatically after activation. If you already
have historical orders, you can run Historical Sync from the dashboard to build
trust profiles from your existing store data without slowing down the frontend.
### Does this slow down my store?
No. Score calculations run asynchronously via Action Scheduler (the same system
WooCommerce uses). Checkout blocking uses a lightweight email-hash lookup. The historical
sync processes orders in small batches in the background.
### Does TrustLens send customer data to an external service?
No. TrustLens works inside your WordPress and WooCommerce installation. It does
not send customer data to the plugin developer or to any default third-party service.
External delivery only happens if you explicitly configure features like webhooks
or email notifications.
### Is TrustLens compatible with WooCommerce HPOS?
Yes. TrustLens declares full compatibility with High-Performance Order Storage and
works with both legacy and HPOS-enabled stores.
### Does TrustLens store personal data?
TrustLens stores customer email addresses and behavioral data (order counts, refund
counts, trust scores) in custom database tables. Matching identifiers used for linked-
account detection are pseudonymized using keyed HMAC-SHA256 hashes, preventing the
raw values from being exposed or reused across sites. The plugin integrates with
WordPress privacy tools — customers can request data export or erasure through the
standard WordPress privacy workflow.
### Can I access TrustLens data from external systems?
Yes. TrustLens includes a REST API with 8 endpoints for looking up customers, retrieving
scores, filtering by segment, and triggering recalculations. API access requires
either the `manage_woocommerce` capability or a valid API key configured in settings.
### Can I get alerts and reports by email?
Yes. The free version includes core email notifications such as blocked checkout
alerts, a welcome summary, and a weekly summary. Pro adds advanced alerts, daily
digests, monthly revenue protection reports, and scheduled email reports.
### What is the minimum data needed for accurate scoring?
By default, customers need at least 3 orders before they move out of the Normal
segment. You can adjust this threshold in Settings > General. Customers below the
threshold still accumulate signals — they just aren’t classified until enough data
exists.
### Does the free version include all detection modules?
Yes. All **8 detection modules** ship in the free version — returns, orders, coupons,
categories, linked accounts, shipping address anomalies, chargebacks, and card-testing
defense. There are no trial limits, no disabled scoring, and no locked modules.
Pro adds automation rules, webhooks, scheduled reports, payment-method risk controls,
the advanced per-brand Chargeback Monitor with daily alerts, Card-Testing Defense
Pro (auto-escalation + analytics + Slack alerts), and 10 advanced notification types.
### What happens if I rotate my WordPress secret keys?
**Important:** TrustLens uses your WordPress `auth` secret key (via `wp_salt('auth')`)
as the HMAC keying material for hashing customer emails and linked-account fingerprints.
This is a deliberate security choice — it makes stored hashes non-reversible and
non-portable across sites.
The trade-off is that **regenerating your WordPress secret keys** (whether through
a security plugin’s “regenerate keys” tool or by editing `wp-config.php` directly)
will permanently invalidate every customer hash and fingerprint already stored in
your TrustLens tables. After rotation, the plugin won’t be able to match a returning
customer to their existing trust profile, and linked-account detection will reset.
If you ever need to rotate WordPress secret keys, plan to **run Historical Sync
afterward** so TrustLens rebuilds the customer table from your existing WooCommerce
order data using the new keying material. Allowlisted/blocked status set manually
on individual customer rows is the exception that won’t auto-recover — re-apply
those after the sync.
## Reviews
### [Powerful but Needs Wider Adoption](https://wordpress.org/support/topic/powerful-but-needs-wider-adoption/)
[mvbn78677](https://profiles.wordpress.org/mvbn78677/) 10. Mäerz 2026
TrustLens offers strong features such as return abuse detection, coupon misuse detection,
and order pattern analysis.
### [Great Visibility Into Customer Behavior](https://wordpress.org/support/topic/great-visibility-into-customer-behavior/)
[mvmmk78890](https://profiles.wordpress.org/mvmmk78890/) 10. Mäerz 2026
TrustLens gives store owners something WooCommerce usually lacks: behavior-based
customer intelligence. Instead of guessing who might abuse refunds or coupons, the
plugin analyzes patterns like refunds, cancellations, and account connections.
### [Excellent Fraud Protection for WooCommerce](https://wordpress.org/support/topic/excellent-fraud-protection-for-woocommerce/)
[aquilaproperty7867](https://profiles.wordpress.org/aquilaproperty7867/) 16. Februar
2026
Simple, effective, and professional solution for review protection.
[ Read all 3 reviews ](https://wordpress.org/support/plugin/trustlens/reviews/)
## Contributors & Developers
“TrustLens – Trust Scores & Fraud Detection for WooCommerce” is open source software.
The following people have contributed to this plugin.
Contributors
* [ webstepper ](https://profiles.wordpress.org/webstepper/)
* [ Freemius ](https://profiles.wordpress.org/freemius/)
[Translate “TrustLens – Trust Scores & Fraud Detection for WooCommerce” into your language.](https://translate.wordpress.org/projects/wp-plugins/trustlens)
### Interested in development?
[Browse the code](https://plugins.trac.wordpress.org/browser/trustlens/), check
out the [SVN repository](https://plugins.svn.wordpress.org/trustlens/), or subscribe
to the [development log](https://plugins.trac.wordpress.org/log/trustlens/) by [RSS](https://plugins.trac.wordpress.org/log/trustlens/?limit=100&mode=stop_on_copy&format=rss).
## Changelog
#### 1.2.3
**Security and reliability hardening.** Closes several issues surfaced during a
pre-release audit.
**Fixed**
* **Card-Testing Defense — VIP bypass too permissive.** Previously, any customer
with at least one completed order was permanently exempt from card-testing velocity
blocks — meaning a fraud actor who completed a single order gained immunity from
then on. The threshold now matches the plugin-wide `trustlens_min_orders` setting(
default 3 orders) AND customers in `risk` or `critical` segments no longer bypass
card-testing defense regardless of order count.
* **Chargeback meta not HPOS-compatible.** Manual chargeback writes used `update_post_meta()`/`
get_post_meta()` directly, which silently target the wrong table on stores with
WooCommerce High-Performance Order Storage enabled. Switched to `WC_Order::update_meta_data()`/`
WC_Order::get_meta()` so the chargeback indicator and Record Manual Chargeback
form work correctly on HPOS stores.
* **IP spoofing via forwarding headers.** `HTTP_X_FORWARDED_FOR` (request gate)
and `HTTP_CLIENT_IP` + `HTTP_X_FORWARDED_FOR` (payment-method controls) were
trusted unconditionally, letting an attacker send `X-Forwarded-For: 1.2.3.4`
to rotate their apparent IP and defeat per-IP velocity rules. Both code paths
now default to `REMOTE_ADDR`. Sites legitimately behind a trusted reverse proxy(
Cloudflare, load balancer, Sucuri) can opt in to X-Forwarded-For via the new `
trustlens/trust_proxy_headers` filter — the last entry in the header is used (
the IP the closest trusted hop observed).
* **Webhook signing secret exposed in DOM.** The “Test” button on the Pro Webhooks
settings page rendered the signing secret as a `data-secret` HTML attribute,
making it readable by any browser extension or XSS payload running in the admin
panel. The secret is no longer rendered to the page; the AJAX handler now looks
up the endpoint server-side from the stored config.
* **Webhook async dispatch could pile up duplicates.** Automation rule webhooks
used `as_enqueue_async_action()` without dedup, so a rapid burst of identical
triggers (e.g. `score_updated` firing several times during a batch refund) queued
multiple deliveries for the same rule+customer. Now dedup’d via `wstl_ensure_single_action`;
retries from inside the dispatch handler still carry a distinct retry counter
and bypass dedup so failed deliveries still get their 60s / 120s / 240s attempts.
* **Score-update queue race.** `wstl_queue_score_update()` used a read-then-write
pattern that could double-schedule the score recalculation under concurrent events
for the same customer. Replaced with `wstl_ensure_single_action`, which uses
unschedule-then-schedule semantics and is race-free.
* **Chargeback record double-increment under concurrency.** The manual chargeback
AJAX path ran two separate UPDATE statements (one for `total_disputes`, one for
the outcome counter). Two concurrent calls for the same customer could leave `
disputes_lost` exceeding `total_disputes`. Now done as a single atomic UPDATE
when the outcome is known at record time.
* **Shipping anomaly re-entrancy.** The `trustlens/shipping_anomaly` action fired(
and `address_anomaly_detected` was logged) from inside `get_signal()`, which
runs on every score recalculation. That could spawn re-entrant Action Scheduler
jobs through automation rules. Both events now fire once from `handle_order_completed`,
so each detection produces exactly one event per order completion.
* **Guest-order automation actions silently dropped.** Customer-level actions (
send email, block customer, tag, etc.) on order-bound rules silently returned
when the order was a guest checkout. Now a `'skipped'` row is written to the
rule log with the reason “Guest order: no customer email hash” — the inspector
can finally answer “why didn’t my rule fire?”.
* **Lockdown targets transient race.** Card-Testing Defense stored every targeted
device fingerprint in one shared transient map; concurrent attacks from different
devices could clobber each other on write. Switched to one transient per fingerprint
so concurrent target writes never conflict. Admin listing and “any-target-active”
check use indexed `wp_options LIKE` queries.
* **Automation `is_first_order` matched 0-order customers.** Condition now requires`
total_orders === 1` (exact), so rules don’t fire against brand-new customer records
that exist before any order has been counted.
* **Chargeback signal ignored min-orders threshold.** A one-time buyer who filed
a legitimate dispute could trigger the -30 chargeback penalty before any other
signals existed. The chargeback module now honors `trustlens_min_orders` like
the returns, coupons, and shipping modules.
* **Dispute Report didn’t validate the hash format.** `$_GET['hash']` is now checked
against `wstl_is_email_hash()` before being passed to the lookup, matching the
rest of the codebase.
* **Webhook log table escaping.** Endpoint URL inside `` was escaped with`
esc_url()` (an attribute-context function) instead of `esc_html()`. Switched
to the correct function for text content.
* **Automation retention cron not cleared on deactivation.** The `trustlens/automation/
retention_cleanup` event survived `Deactivate`, leaving an orphan WP-Cron entry.
Now cleared alongside the other scheduled events.
* **Duplicate score-save logic.** `process_score_calculation()` and `TrustLens_Score_Calculator::
recalculate_score()` each contained their own copy of the save-and-fire(`score_updated`/`
segment_changed`) flow. The Action Scheduler callback now delegates to the calculator
method so the two paths can’t drift.
* **Redundant order re-fetches.** `class-module-orders` and `class-module-shipping-
anomalies` registered `woocommerce_order_status_completed` with 1 arg and immediately
called `wc_get_order()` on the order ID. Hooks now register with 2 args and use
the `WC_Order` instance WooCommerce passes — with a defensive fallback for third-
party callers firing the hook with one argument.
* **Card-testing defense bypass via client fingerprint rotation.** Bots that rotated
their JavaScript-side fingerprint per request avoided the per-fingerprint velocity
threshold (each rotated hash had count 1, never tripping the limit). Declines
are now also recorded under the server-fallback fingerprint (IP + User-Agent
+ Accept-Language) — which stays stable across client-hash rotation — so the
velocity detector accumulates and targets even rotating attackers. Lockdown checks
test both hashes on every request, so an attacker who got the server hash targeted
on attempt 3 stays blocked even if they rotate the client hash on attempt 4.
* **Panic Freeze duration ceiling.** The duration the panic-freeze AJAX accepted
from the admin form was clamped to 3600s (1 hour). An admin mis-entering the
value could accidentally block checkout for an hour. The server-side ceiling
is now 30 minutes by default, filterable via `trustlens/card_testing/panic_max_duration`
for sites that genuinely need longer.
* **Cron reconciliation on every page load.** `ensure_notification_schedules()`
was hooked to `init` and ran on every frontend request, writing to `wp_options`
on stores with notifications disabled. The reconciliation now self-throttles
to once per hour, with explicit invalidation on notification-setting changes
so toggles still take effect immediately.
* **Automation `customer_age_days` / `days_since_last_order` timezone drift.**
Conditions mixed local-time (`current_time('timestamp')`) with UTC-stored MySQL
timestamps, producing up to ±14 hours of drift on non-UTC sites — enough to push
a daily-granularity condition off by a full day. Both sides now anchor to UTC.
* **Webhook endpoints option marked `autoload=no`.** The endpoint config (which
contains plaintext HMAC signing secrets) was autoloaded on every request. It’s
now loaded only when a webhook actually needs to fire.
* **Card-Testing Defense not actually enabled by default.** The readme advertised“
ships enabled with sensible thresholds” but the activation flow never set the`
trustlens_module_card_testing_enabled` option, so the module sat dormant until
merchants found the toggle in Settings. New installs now enable card-testing
defense and the VIP customer bypass automatically, matching the documented promise.
Existing sites keep whatever value they already have — no surprise behavior changes.
* **Welcome email never sent on default-off installs.** The 24-hour-post-activation
welcome summary was gated behind the master `trustlens_enable_notifications`
switch, which ships disabled. The handler silently returned and the carefully-
built welcome email was dropped on every fresh install. The welcome email is
now gated only by its own `trustlens_notify_welcome_summary` opt-out (which already
defaults to on), so the onboarding email actually fires.
* **Plugin row “Dashboard” / “Settings” shortcuts.** The Plugins screen now surfaces
direct links to the TrustLens dashboard and Settings page in the plugin row,
matching standard WordPress plugin UX.
* **Dashboard onboarding card now signals active protection.** When a fresh install
lands on the empty dashboard, a small pill next to the onboarding steps confirms
that the detection modules are already scoring incoming orders, so merchants
know protection is live and not deferred until they finish setup.
**Changed (potentially breaking for existing webhook receivers)**
* **Webhook signature scheme v2.** Outgoing webhook signatures now cover `timestamp
+ '.' + body` instead of `body` alone, and a new `X-TrustLens-Timestamp` header
carries the Unix epoch. This lets receivers reject replayed deliveries by checking
the timestamp falls within a short window (recommended: ±5 minutes). Verification
on the receiver side: compute `'sha256=' + hmac_sha256(timestamp + '.' + body,
secret)` and constant-time-compare against `X-TrustLens-Signature`. If you have
an existing webhook receiver, update its verification code before upgrading.
**Internal**
* Centralized client-IP retrieval in `wstl_get_client_ip()` so future fraud modules
don’t have to re-solve the spoofable-header problem.
* Centralized webhook signature computation in `TrustLens_Webhooks::compute_signature()`
so the three send sites (settings test, classic webhooks, automation webhooks)
can’t drift apart.
* Defensive: replaced `ActionScheduler_Store::STATUS_PENDING` constant reference
with the literal `'pending'` in `wstl_queue_score_update()` so the function survives
unusual AS bootstrap orderings.
#### 1.2.2
**Automation Rules — reliability rewrite + major capability expansion.** Plus Card-
Testing Defense admin UX consolidation.
**Automation**
* **Added triggers:** Chargeback Filed · Dispute Recorded · Linked Accounts Detected·
Card Testing Attack · Shipping Anomaly.
* **Added condition fields:** Total Order Value · Total Disputes · Linked Accounts·
Coupon Then Refund · Cancelled Orders · Customer Type · Is Blocked · Customer
Age · Days Since Last Order · Payment Method · Shipping Country · Billing Country·
Country Mismatch · Coupon Total.
* **Added actions:** Allowlist Customer · Cancel Order.
* **Added:** Save-time validator blocks rules that can never fire — unsatisfiable
conditions, schema-bound violations, trigger-state contradictions, invalid operators
for the field type, incomplete actions — each with a specific inline reason.
* **Added:** Inspector shows `SKIP` status on evaluations that didn’t execute,
with the reason (“Cooldown active” / “Condition not met: trust_score > 50”).
Directly answers “why didn’t my rule fire?”.
* **Changed:** Webhooks now dispatch async with automatic retry (60s/120s/240s
backoff) and are HMAC-SHA256 signed by default.
* **Changed:** Rule editor no longer full-page-reloads on save or delete; errors
appear inline inside the modal.
* **Fixed:** Concurrent rule saves were last-write-wins — now serialized via advisory
lock.
* **Fixed:** A failed action locked the rule out for an hour via cooldown — now
clears on error so the next event retries.
* **Fixed:** Rules with an unknown condition field silently matched everything (
catastrophic for `block_customer` rules). Now rejected.
* **Fixed:** Timezone drift between log timestamps and inspector counters when
MySQL server TZ ≠ site TZ.
* **Fixed:** Operators `<`, `<=`, `<>` couldn’t save at all.
* **Fixed:** “Send Email” action ignored the recipient field; now honors it as
a per-rule override (falls back to site notification email when blank).
* **Fixed:** “Refund Processed” trigger silently dropped order context — order-
only actions/conditions never fired on refunds.
**Admin UX — Card-Testing Defense + Dashboard**
* **Changed:** Card-Testing Defense page consolidated from four tabs into a single
live view — panic controls, live state, and targeted fingerprints visible without
clicking.
* **Added:** Dashboard alert band for active Panic Freeze, targeted lockdowns,
and card-network programs over chargeback threshold.
* **Added:** Module-status pill row on the dashboard (on/off + one stat for each
subsystem).
* **Added:** Persistent plugin-wide admin header with unified nav, live status
pill, notifications bell, and ⌘K command palette.
* **Fixed:** Unchecking “Enable Card-Testing Defense” or “VIP bypass” didn’t save(
Settings API checkbox quirk).
* **Fixed:** Slack webhook delivery failures are now logged instead of swallowed.
* **Fixed:** Uninstall clears card-testing options and cron hooks; deactivation
unschedules card-testing crons.
* **Fixed:** Card-testing attacks with an identifiable customer email now fire `
trustlens/checkout_blocked` (once per newly-targeted fingerprint) so Notifications/
Automation / Webhooks can react.
Safe additive upgrade — new composite index added idempotently, no data migration.
#### 1.5.0
**Card-Testing Defense — Pro tier**
* **Added (Pro):** Auto-escalation from targeted blocking to global panic freeze
when an attack spreads across multiple device fingerprints. Default threshold:
3 distinct devices in a 10-minute window.
* **Added (Pro):** Geographic-diversity safeguard. Before auto-escalating, checks
whether the decline burst is naturally distributed across ≥10 countries with
no single country holding >50% — if so, treats as a legitimate flash-sale or
viral-moment burst and holds off.
* **Added (Pro):** Fingerprint and IP CIDR allowlists. Devices or IP ranges on
the allowlist bypass the card-testing defense entirely — for QA, integration
partners, or known-good traffic. Both IPv4 and IPv6 CIDR ranges supported.
* **Added (Pro):** Advanced fingerprint signal — enumerates 12 common fonts via
baseline-width comparison and adds the detected-fonts list to the fingerprint
hash. Harder for botnets to spoof consistently across nodes than canvas + screen
alone. Opt-in via script tag data attribute (only injected when Pro is licensed
AND card-testing is enabled).
* **Added (Pro):** Per-fingerprint threshold overrides. Tighter or looser thresholds
for specific known devices.
* **Added (Pro):** Attack History tab — 24h decline count, decline-code breakdown,
top-10 attacking fingerprints, hourly timeline chart (Chart.js). CSV export of
all velocity events in the window.
* **Added (Pro):** Slack and email alert dispatcher — subscribes to `attack_detected`,`
auto_escalated`, and `panic_button_activated` events. Configure a Slack webhook
and/or email address to receive attack notifications.
* **Added (Pro):** Documented stable contract on the `trustlens/panic_button_activated`
action — Pro integrators can rely on the signature and timing.
* Free tier behavior unchanged.
#### 1.4.0
**Card-Testing Defense (Free) — blocks stolen-card attack traffic before it reaches
the payment gateway**
* **Added (Free):** Real-time card-testing detection. Watches per-device decline
rates in 60-second and 10-minute rolling windows. A device that crosses the decline
threshold is blocked from checkout for 90 seconds. No merchant configuration
required — sensible defaults ship enabled.
* **Added (Free):** Panic Freeze button on the new TrustLens Card-Testing Defense
admin page. One click blocks ALL checkouts for 15 minutes (configurable 5m/30m/
1h). Use during active attacks your thresholds haven’t caught.
* **Added (Free):** VIP Customer Bypass (enabled by default). Customers with at
least one successful past order are never blocked by card-testing velocity —
attacks can’t disrupt legitimate repeat buyers.
* **Added (Free):** Negative trust-score signal for customers linked to device
fingerprints involved in past attacks — keeps bad actors scored correctly even
after the 90-second targeted block expires.
* **Added (Free):** `during_attack_window` event logged on orders completed while
an attack is active — audit trail of which successful orders slipped through.
* **Added (Free):** Dashboard widget shows current defense state (IDLE / TARGETED/
PANIC) and 24-hour decline count at a glance.
* **Added (Free):** Daily retention cron keeps the velocity-events table trimmed
to the configured window (default 48h, configurable 24–168h).
* **Note on velocity systems:** This feature’s “velocity” is keyed on _device fingerprint_
and measures _gateway declines_ — unrelated to the existing Payment-Method Controls
velocity (email-keyed, completed-order-count-based) and Shipping Anomalies velocity(
email-keyed, distinct-address-count-based). Three independent systems, three
different threats, three different responses.
* **Coming in 1.5 (Pro):** Auto-escalation to global freeze, geographic-diversity
flash-sale safeguard, fingerprint allowlists, attack-history analytics, Slack/
email alerts.
#### 1.3.0
**Request-gate infrastructure — card-testing defense foundation**
* **Added (Free):** Internal `TrustLens_Request_Gate` primitive intercepts Classic
checkout _and_ Blocks / Store API checkout through a single rule-registration
surface. Fraud modules register rules; the gate dispatches them pre-gateway.
* **Added (Free):** Browser fingerprint collection on checkout and cart pages —
pseudonymous SHA-256 hash of canvas + screen + timezone + language + platform
+ WebGL signals. Raw signals never leave the browser. Server-side fallback hash
when JS is disabled. Schema migration adds 5 new columns to `wp_trustlens_fingerprints`(
fp_source, decline_count_24h, taint_flag, taint_reason, tainted_at).
* **Improved (Free):** Email blocklist (customers marked blocked in the admin)
now takes effect on Blocks checkout in addition to Classic — existing behavior
of the `Checkout_Blocker` class, now dispatched through the gate instead of its
own hooks.
* **Dev note:** This is an infrastructure release. The card-testing detection engine(
velocity windows, lockdown state machine, panic button, admin UI) ships in 1.4.0
and builds on this foundation.
* **Dev note:** PHPUnit test suite scaffolding added (`composer.json`, `phpunit.
xml.dist`, `tests/`). Not shipped in distribution zips.
#### 1.2.1
**Chargeback Ratio Monitor — new feature**
* **Added (Free):** Dashboard Chargeback Ratio speedometer — blended calendar-month
ratio with a **Healthy / Approaching threshold / Action needed** status so you
can see store health at a glance.
* **Added (Free):** Chargeback tracking moved from Pro to Free — automatic dispute
ingestion from Stripe and WooPayments, per-customer dispute counters, and chargeback
impact on trust scores now ship in every build.
* **Added (Free):** Manual chargeback entry form on the order edit page for gateways
that don’t push dispute webhooks to WooCommerce (PayPal, Square, offline).
* **Added (Free):** Automatic card brand capture on Stripe and WooPayments paid
orders. Historical Sync also captures card brand, so one sync run populates both
trust profiles and chargeback-ratio data.
* **Added (Pro):** Dedicated **TrustLens Chargeback Monitor** page — per-brand
ratio breakdown (Visa VDMP/VFMP, Mastercard ECP, Amex, Discover) with threshold
progress bars, 12-month trend chart, recent disputes activity feed, top-disputed
customers with one-click Evidence Report, store-wide dispute outcomes summary,
and inline alert-threshold control.
* **Added (Pro):** Daily email alert when any card brand reaches a configurable
percent (default 70%) of its network threshold. Deduplicated per brand per calendar
month — one email per brand, no spam.
* **Added (Pro):** Trailing-30-day ratio window alongside the Free calendar-month
view, plus a customizable warn-threshold percent (50–100%).
* **Added (Pro):** Auto-block after N lost disputes is now actually enforced. The
setting has existed since 1.2.0 but had no runtime effect until this release.
**Fixes & improvements**
* **Fixed:** Bulk customer actions (block, unblock, allowlist, remove-allowlist,
recalculate, delete) failed with a fatal error due to a broken dispatch call
to a non-existent `TrustLens_Bulk_Operations::instance()->execute()` method.
The AJAX handler now dispatches directly to the correct static methods with a
whitelisted action set.
* **Improved:** Chargeback Monitor ratio and trend queries are now transient-cached(
15 min / 1 hour TTL) with automatic invalidation on new disputes or brand-backfill
runs, so the dashboard doesn’t re-query order meta on every page load.
#### 1.2.0
* **Added:** Shipping Address Anomalies detection module — detects address hopping,
billing/shipping country mismatches, and address change velocity.
* **Added:** Address diversity ratio scoring — penalizes customers who ship to
many different addresses relative to order count.
* **Added:** Billing/shipping country mismatch detection — flags cross-border shipping
patterns.
* **Added:** Address change velocity signal — detects rapid address changes within
a configurable time window.
* **Added:** Pro address diversity trend analysis — detects sudden behavioral shifts
in shipping address patterns.
* **Added:** Pro enhanced country mismatch severity — deeper pattern analysis for
reshipping fraud detection.
* **Added:** Historical backfill for country codes on existing address fingerprints.
* **Added:** Configurable velocity window setting (7-90 days, default 30) in Settings
> Modules.
* **Added:** Customer Detail Analyst Grid — redesigned customer profile with trust
score gauge, signal impact bars, return rate trend chart, activity feed, linked
accounts, and collapsible admin notes.
* **Added:** Weekly return rate trend data with 1-hour transient cache for the
customer profile chart.
* **Fixed:** ActionScheduler runaway loop on the email-hash backfill — scheduling
is now idempotent and race-free via replace-semantics, backfill batches are try/
catch isolated, and failing orders are tagged with a sentinel so one bad row
can’t block the backfill forever. Removed the `admin_init` scheduler that caused
unbounded fan-out on sites with heartbeat traffic.
* **Fixed:** Shipping anomalies country-code backfill silent-skip loop — unresolvable
rows now get a sentinel value so they drop out of the `NULL` result set, and
the batch runner terminates cleanly on all failure modes.
* **Fixed:** Historical sync no longer hangs in “running” state when a single malformed
order throws — transitions to a terminal “failed” state so the user can retry
from the UI.
* **Fixed:** Hash column migration was skipped on sites whose stored DB version
already matched the current version.
* **Fixed:** Reset data now succeeds on free installs that don’t have Pro-only
tables.
* **Fixed:** Customer lookup now accepts legacy 32-char MD5 hashes alongside the
current SHA-256 format for backward compatibility.
* **Fixed:** Customer detail page `first_order_date` null guard prevents a PHP
notice on customers whose first order date isn’t set.
#### 1.1.8
* **Fixed:** Prevented excessive ActionScheduler task accumulation — order meta
saves no longer trigger unnecessary WooCommerce analytics reimports.
* **Added:** Daily cleanup of completed ActionScheduler actions older than 7 days
to keep the database lean.
* **Updated:** Freemius SDK.
#### 1.1.7
* **Added:** Pro one-click Dispute Evidence Report — generate a professional, print-
ready behavioral risk report for payment processor dispute responses.
* **Added:** “Dispute Report” button on the customer profile page and order metabox
for instant report generation.
* **Added:** Report includes trust score, risk signals, order history, return analysis
vs store average, linked accounts, and full event timeline.
* **Added:** Extensible action hooks `trustlens/customer_profile_actions` and `
trustlens/order_metabox_actions` for Pro feature buttons.
#### 1.1.6
* **Added:** Color-coded trust segment badge column on the WooCommerce orders list—
see customer risk at a glance while processing orders.
* **Added:** Segment filter dropdown on the orders list — filter orders by Critical,
Risk, Caution, Normal, Trusted, or VIP segment.
* **Added:** Sortable trust column — click the column header to sort orders by
segment severity (Critical first).
* **Added:** Trust badge links directly to the TrustLens customer profile for one-
click access to full behavioral history.
* **Added:** Automatic `_trustlens_email_hash` order meta storage with background
backfill for existing orders via Action Scheduler.
* **Improved:** Unscored customers display a “New” badge; safe segments (Normal,
Trusted, VIP) use muted styling to draw attention to risky orders.
#### 1.1.5
* **Added:** Shared TrustLens mail sender with recipient validation, structured
error capture, and rolling email delivery logs.
* **Added:** Keyed HMAC-SHA256 hashing for customer identifiers and linked-account
fingerprints.
* **Changed:** Refreshed the WordPress.org plugin title, description, FAQs, and
search-focused copy for clearer positioning around customer risk, abuse detection,
disputes, and chargebacks.
* **Changed:** Split the admin controller into focused pages, settings, notices,
and AJAX service classes for cleaner maintenance.
* **Fixed:** Welcome summary is now marked sent only after successful delivery
and can retry after transient mail failures.
* **Fixed:** Test notification now uses the same delivery path as real emails and
surfaces detailed mailer errors when available.
* **Fixed:** Scheduled reports now honor weekly/monthly recipient settings, support
comma-separated recipient lists, run at the configured due time, and include
a working manual “Send Now” path.
* **Fixed:** Stored scheduled reports now track real per-recipient delivery results,
retry failed sends, and avoid false-positive “sent” logs.
* **Fixed:** Privacy export and erasure now include signals, linked-account fingerprints,
category stats, and automation logs.
* **Fixed:** Automation actions now write canonical action IDs and analytics/ROI
reporting now read the correct action names.
* **Fixed:** Customer blocking now logs `customer_blocked` events consistently
so reports and event-based metrics stay accurate.
* **Fixed:** Customer state changes now use consistent canonical events and webhook
wiring for blocked, unblocked, and allowlisted flows.
* **Improved:** Notification and report cron hooks are now reconciled during runtime,
cleared when disabled, and cleaned up correctly on uninstall.
* **Improved:** Reset and customer delete flows now clear all related operational
data, logs, and derived records consistently.
* **Removed:** TrustLens-specific auto-update notice and one-click auto-update
toggle so plugin updates are managed only through standard WordPress controls.
* **Removed:** Remaining active `md5()` usage from plugin code, replacing it with
SHA-256 for internal dedupe keys.
#### 1.1.4
* **Added:** Dashboard chart cards now show polished empty-state UI for Trust Score
Trends, Refund Activity, Activity by Hour, and Protection Trend when data is
unavailable.
* **Fixed:** Historical Sync completion summary now reports the actual profiled
customer count from the TrustLens customer table.
* **Fixed:** Dashboard health attention messaging now aligns with actual risk-customer
counts.
* **Improved:** Historical Sync backfill now reconstructs historical events with
original timestamps and keeps rebuilds idempotent.
* **Docs:** Deployment guide now documents only Freemius ZIP based WordPress.org
deploy flow.
#### 1.1.3
* **Added:** Historical Sync now backfills coupon behavior metrics (`total_coupons_used`,`
first_order_coupons`, `coupon_then_refund`) from older WooCommerce orders.
* **Added:** Historical Sync now rebuilds category aggregates and linked-account
fingerprints from historical orders for more accurate scoring inputs.
* **Added:** Historical Sync now reconstructs historical timeline events (orders,
refunds, coupon events) using original order/refund timestamps.
* **Improved:** Sync backfill paths are re-sync safe and remove previously generated
synthetic sync events before rebuilding.
#### 1.1.2
* **Fixed:** Historical Sync now safely handles WooCommerce refund objects and
no longer fails with `OrderRefund::get_billing_email()` errors.
* **Fixed:** Empty dashboard sync flow now always shows the correct progress UI
when sync starts.
* **Improved:** Sync batch AJAX failures now recover UI state instead of leaving
controls hidden.
* **Added:** Reliable activation redirect to TrustLens dashboard after plugin activation.
#### 1.1.1
* **Fixed:** Historical Sync now surfaces precise server error messages instead
of generic AJAX failures.
* **Fixed:** Optimized sync startup order counting to avoid loading all order IDs
in memory.
* **Fixed:** Corrected sync customer totals to count only newly inserted customers
across batches.
* **Improved:** Refactored duplicated batch-processing logic into a shared internal
helper for consistency.
* **Improved:** Removed unused sync polling code path and dead AJAX endpoint, and
hardened Action Scheduler fallbacks.
* **Fixed:** Ensured WordPress pointer assets are enqueued on TrustLens admin pages
to prevent Freemius pointer JS errors.
#### 1.1.0
* **Added:** New dedicated **Payment Controls** settings tab.
* **Added:** Pro **Payment Method Risk Controls** to hide selected gateways for
risky segments at checkout.
* **Added:** Pro **Velocity Protection** for temporary gateway restrictions during
high order-attempt spikes.
* **Added:** Pro **Linked Account Protection** using linked-account fingerprints(
address, phone, IP, device) for real-time gateway restriction decisions.
* **Improved:** Restriction event logging now includes trigger reasons and linked-
account risk context for auditability.
#### 1.0.6
* **Added:** Redesigned Pro upsell experience with polished value panels, comparison
rows, and improved CTAs across Automation, Notifications, Webhooks, Reports,
and Chargebacks.
* **Improved:** Unified upsell rendering via a shared component for more consistent
styling and messaging.
* **Improved:** Dashboard empty state now always shows the Historical Sync action(
with clearer guidance when no eligible historical orders exist).
* **Fixed:** Removed obsolete locked-notification upsell styles and redundant upsell
markup paths.
#### 1.0.5
* UI Improvements.
#### 1.0.4
* **Added:** Automation is now a dedicated menu (TrustLens Automation) with its
own page and dashboard-style layout.
* **Added:** Chargebacks (Pro) settings tab: enable/disable module and “Auto-block
after N lost disputes” with proper save.
* **Added:** Test notification: 15-second timeout and clear message when mail/SMTP
is not configured.
* **Changed:** Automation removed from Settings tab; old Automation tab URL redirects
to the new Automation page.
* **Changed:** Modal styling (card look, accent bar, overlay blur, improved header/
body/footer and close button).
* **Changed:** Global “Enable Notifications” now applies to all notifications (
Standard and Pro).
* **Changed:** Pro notifications list refactored to a single source of truth (no
duplicate markup).
* **Fixed:** API tab no longer shows the stored key hash when a key exists; placeholder
and copy instructions shown instead.
* **Fixed:** API documentation: endpoints table matches implementation (lookup,
update customer, events, recalculate, stats/segments); example response corrected.
* **Fixed:** At that time, REST API routes for customer events and recalculate
used the then-current 32-character email hash format.
* **Fixed:** Data tab: starting Historical Sync from Settings Data now shows progress
bar and updates correctly.
* **Fixed:** Test notification no longer spins indefinitely when server mail is
not configured.
* **Other:** Redundancy cleanups on Automation, Data, and Notifications pages;
Chart.js not loaded on Automation page.
#### 1.0.3
* Bug fixes
#### 1.0.2
* Dashboard and customer pages UI refinements (spacing, sizing, alignment, and
visual polish).
* Improved color system with reusable segment variables and a primary plugin color
token.
* Split admin styles into page-specific files for better maintainability and scoped
loading.
* Test data generation now seeds higher trust scores in the 80-95 range.
#### 1.0.1
* Release packaging and deployment workflow updates (no functional changes).
#### 1.0.0
**Core Engine**
* Trust score calculation engine with weighted signal aggregation (0-100 scale)
* 6-tier customer segmentation: VIP, Trusted, Normal, Caution, Risk, Critical
* Account age loyalty bonus (up to +15 points for 1+ year accounts)
* Configurable minimum order threshold before segment classification
* Allowlist system with automatic score override to 100
**Detection Modules**
* Return abuse detection — refund rate, refund value, and return frequency analysis
* Order pattern analysis — completion rates, cancellation tracking, order velocity
* Coupon abuse detection — first-order discount exploitation and coupon-then-refund
patterns
* Category-aware scoring — per-category return rate tracking with weighted penalties
* Linked accounts detection — multi-account identification via address, phone,
IP, payment, and device fingerprinting
**Dashboard & Analytics**
* 9-section command center dashboard with store health score
* 6 interactive Chart.js charts: trust trends, segment distribution, refund activity,
hourly activity, category return rates, monthly protection trend
* KPI cards: total customers, average trust score, new high-risk, events (24h),
total orders, return rate
* ROI scorecard with money protected, money at risk, protection rate, and actions
taken
* Top returners table and high-risk customer attention list
**Customer Management**
* Searchable customer list with segment, score, and return rate columns
* Customer detail page with full behavioral history and signal breakdown
* Manual block and unblock with checkout enforcement
* Allowlist management for VIP protection
* CSV export for full customer list
* JSON export for individual customer profiles
**Integrations**
* WooCommerce order edit screen integration showing trust score
* REST API with 8 endpoints and API key authentication
* GDPR data export and erasure via WordPress privacy tools
* WooCommerce High-Performance Order Storage (HPOS) compatibility
* Action Scheduler for asynchronous score processing
**Notifications**
* Blocked checkout email alert
* Welcome summary (24 hours after activation)
* Weekly protection summary report
**Historical Sync**
* Background import of existing WooCommerce orders
* Progress tracking with start/stop/resume controls
* Batch processing without site performance impact
## Meta
* Version **1.2.3**
* Last updated **5 Deeg ago**
* Active installations **Fewer than 10**
* WordPress version ** 6.4 or higher **
* Tested up to **6.9.4**
* PHP version ** 7.4 or higher **
* Language
* [English (US)](https://wordpress.org/plugins/trustlens/)
* Tags
* [card-testing](https://ltz.wordpress.org/plugins/tags/card-testing/)[chargeback](https://ltz.wordpress.org/plugins/tags/chargeback/)
[fraud prevention](https://ltz.wordpress.org/plugins/tags/fraud-prevention/)[woocommerce](https://ltz.wordpress.org/plugins/tags/woocommerce/)
* [Advanced View](https://ltz.wordpress.org/plugins/trustlens/advanced/)
## Ratings
5 out of 5 stars.
* [ 3 5-star reviews ](https://wordpress.org/support/plugin/trustlens/reviews/?filter=5)
* [ 0 4-star reviews ](https://wordpress.org/support/plugin/trustlens/reviews/?filter=4)
* [ 0 3-star reviews ](https://wordpress.org/support/plugin/trustlens/reviews/?filter=3)
* [ 0 2-star reviews ](https://wordpress.org/support/plugin/trustlens/reviews/?filter=2)
* [ 0 1-star reviews ](https://wordpress.org/support/plugin/trustlens/reviews/?filter=1)
[Your review](https://wordpress.org/support/plugin/trustlens/reviews/#new-post)
[See all reviews](https://wordpress.org/support/plugin/trustlens/reviews/)
## Contributors
* [ webstepper ](https://profiles.wordpress.org/webstepper/)
* [ Freemius ](https://profiles.wordpress.org/freemius/)
## Support
Got something to say? Need help?
[View support forum](https://wordpress.org/support/plugin/trustlens/)