Does Checkout Origin Guard have any unpatched vulnerabilities?

No. All known vulnerabilities in Checkout Origin Guard have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Checkout Origin Guard compatible with WordPress 6.9.4?

According to WordPress.org data, Checkout Origin Guard 1.7.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Checkout Origin Guard compatible with PHP 7.4+?

Checkout Origin Guard requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Checkout Origin Guard updated?

Checkout Origin Guard was last updated on Jan 27, 2026. Frequent updates are generally a positive security signal.

What is Checkout Origin Guard's security score?

Checkout Origin Guard has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Checkout Origin Guard Security & Risk Analysis

wordpress.org/plugins/checkout-origin-guard

One-page WooCommerce checkout hardening; bot blocking, rate/sequence checks, business/email heuristics, and optional AVS-based risk signals.

0 active installs v1.7.1 PHP 7.4+ WP 6.0+ Updated Jan 27, 2026

bot-protectionfraud-preventionip-blockerspamwoocommerce-checkout-security

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Checkout Origin Guard Safe to Use in 2026?

Generally Safe

Score 100/100

Checkout Origin Guard has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The plugin 'checkout-origin-guard' v1.7.1 exhibits a generally strong security posture based on the provided static analysis. The absence of any recorded vulnerabilities (CVEs) and the clean taint analysis with zero critical or high severity flows are significant strengths. The code also demonstrates good practices by exclusively using prepared statements for SQL queries, implementing nonce checks (5 instances), and capability checks (8 instances). Furthermore, the majority of output (85%) is properly escaped, mitigating XSS risks.

However, a few areas warrant attention. The presence of a file operation, even if it's only one, is an entry point that could potentially be exploited if not handled with extreme care and robust input validation, although the static analysis did not flag any unsanitized paths. While the attack surface is reported as zero entry points, this is a somewhat unusual finding and might indicate limitations in the static analysis tool's ability to detect certain entry points or a very simple plugin. The 15% of output that is not properly escaped, while not critically high, still represents a potential XSS vulnerability, particularly if that unescaped output is user-controllable.

Key Concerns

Unescaped output present (15%)
Presence of a file operation

Vulnerabilities

None known

Checkout Origin Guard Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Checkout Origin Guard Code Analysis

Dangerous Functions

Raw SQL Queries

12 prepared

Unescaped Output

60 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared12 total queries

Output Escaping

85% escaped71 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

handle_settings_save (checkout-origin-guard.php:880)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Checkout Origin Guard Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 12

actionplugins_loadedcheckout-origin-guard.php:63

actionparse_requestcheckout-origin-guard.php:65

actionwoocommerce_checkout_processcheckout-origin-guard.php:66

actionwoocommerce_checkout_order_createdcheckout-origin-guard.php:67

actionwoocommerce_payment_completecheckout-origin-guard.php:68

actionadmin_menucheckout-origin-guard.php:70

actionadmin_post_wcog_botblock_savecheckout-origin-guard.php:71

actionadmin_post_wcog_botblock_exportcheckout-origin-guard.php:72

actionadmin_post_wcog_bb_blockcheckout-origin-guard.php:74

actionadmin_post_wcog_bb_unblockcheckout-origin-guard.php:75

actioninitcheckout-origin-guard.php:77

actionadmin_noticescheckout-origin-guard.php:1663

Maintenance & Trust

Checkout Origin Guard Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 27, 2026

PHP min version7.4

Downloads424

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Checkout Origin Guard Alternatives

Blacklist Manager – WooCommerce Anti-Fraud & Checkout Verification & Spam Prevention

wc-blacklist-manager

100

Anti-fraud, checkout verification and spam prevention plugin for WooCommerce and WordPress forms.

2K No CVEs

CHEQ Essentials

cheq-essentials-go-to-market-security

100

Protect, analyze & block threats in real time your website from bots, click fraud, and invalid traffic with CHEQ Essentials.

700 No CVEs

Anti Fake Orders & IP Blocker

anti-fake-orders-ip-blocker

100

Protect your WooCommerce store from fake orders by blocking suspicious IPs, emails, and detecting bot checkout activity.

400 No CVEs

IP Address Approval

ip-address-approval

100

The IP Address Approval system provides an easy way for you to Allow or Block access to your website to protect your site from unwanted visitors.

100 No CVEs

KillBot

killbot

100

The KillBot plugin for WordPress uses the external KillBot service to protect websites from bots and automated traffic.

50 No CVEs

Developer Profile

Checkout Origin Guard Developer Profile

POTAR

4 plugins · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Checkout Origin Guard

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/checkout-origin-guard/assets/css/wcog.css/wp-content/plugins/checkout-origin-guard/assets/js/wcog.js/wp-content/plugins/checkout-origin-guard/assets/js/wcog-checkout.js/wp-content/plugins/checkout-origin-guard/assets/js/wcog-company-shield.js

Script Paths

/wp-content/plugins/checkout-origin-guard/assets/js/wcog.js/wp-content/plugins/checkout-origin-guard/assets/js/wcog-checkout.js/wp-content/plugins/checkout-origin-guard/assets/js/wcog-company-shield.js

Version Parameters

checkout-origin-guard/assets/css/wcog.css?ver=checkout-origin-guard/assets/js/wcog.js?ver=checkout-origin-guard/assets/js/wcog-checkout.js?ver=checkout-origin-guard/assets/js/wcog-company-shield.js?ver=

HTML / DOM Fingerprints

CSS Classes

wcog-botblock-messagewcog-company-shield-error

HTML Comments

+8 more

Data Attributes

data-wcog-botblock-modedata-wcog-cs-modedata-wcog-cs-deny-substrdata-wcog-cs-allow-substrdata-wcog-cs-vowel-ratiodata-wcog-cs-alt-minlen+2 more

JS Globals

wcog_botblock_ajax_objectwcog_company_shield_ajax_object

REST Endpoints

/wp-json/wcog/v1/botblock/log/wp-json/wcog/v1/companyshield/log

FAQ