{"id":278911,"date":"2026-02-13T19:28:56","date_gmt":"2026-02-13T19:28:56","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/trustlens\/"},"modified":"2026-05-11T20:10:50","modified_gmt":"2026-05-11T20:10:50","slug":"trustlens","status":"publish","type":"plugin","link":"https:\/\/ky.wordpress.org\/plugins\/trustlens\/","author":23405775,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.2.3","stable_tag":"1.2.3","tested":"6.9.4","requires":"6.4","requires_php":"7.4","requires_plugins":null,"header_name":"TrustLens \u2013 Customer Risk Intelligence & Abuse Detection for WooCommerce","header_author":"Webstepper","header_description":"Customer Trust Intelligence for WooCommerce. See your customers clearly.","assets_banners_color":"303748","last_updated":"2026-05-11 20:10:50","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/webstepper.io\/wordpress\/plugins\/trustlens","header_author_uri":"https:\/\/webstepper.io","rating":5,"author_block_rating":0,"active_installs":0,"downloads":826,"num_ratings":3,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.1":{"tag":"1.0.1","author":"webstepper","date":"2026-02-13 19:28:20"},"1.0.3":{"tag":"1.0.3","author":"webstepper","date":"2026-02-15 22:19:02"},"1.0.4":{"tag":"1.0.4","author":"webstepper","date":"2026-02-16 12:56:14"},"1.0.5":{"tag":"1.0.5","author":"webstepper","date":"2026-02-16 12:56:14"},"1.0.6":{"tag":"1.0.6","author":"webstepper","date":"2026-02-16 14:06:36"},"1.1.0":{"tag":"1.1.0","author":"webstepper","date":"2026-02-16 16:11:21"},"1.1.1":{"tag":"1.1.1","author":"webstepper","date":"2026-02-23 22:55:15"},"1.1.2":{"tag":"1.1.2","author":"webstepper","date":"2026-02-23 23:20:39"},"1.1.3":{"tag":"1.1.3","author":"webstepper","date":"2026-02-23 23:44:16"},"1.1.4":{"tag":"1.1.4","author":"webstepper","date":"2026-02-24 00:13:38"},"1.1.5":{"tag":"1.1.5","author":"webstepper","date":"2026-03-09 21:06:00"},"1.1.6":{"tag":"1.1.6","author":"webstepper","date":"2026-03-21 21:15:54"},"1.1.7":{"tag":"1.1.7","author":"webstepper","date":"2026-03-21 23:29:44"},"1.1.8":{"tag":"1.1.8","author":"webstepper","date":"2026-03-31 18:27:36"},"1.2.0":{"tag":"1.2.0","author":"webstepper","date":"2026-04-11 01:33:02"},"1.2.1":{"tag":"1.2.1","author":"webstepper","date":"2026-04-14 23:32:42"},"1.2.2":{"tag":"1.2.2","author":"webstepper","date":"2026-04-17 23:40:55"},"1.2.3":{"tag":"1.2.3","author":"webstepper","date":"2026-05-11 20:10:50"}},"upgrade_notice":{"1.2.3":"<p>Security and reliability hardening \u2014 closes a card-testing defense bypass via fingerprint rotation, an IP-spoofing path through <code>X-Forwarded-For<\/code>, a webhook secret exposed in the DOM, and several race conditions in the score-update and chargeback paths. Also enables Card-Testing Defense by default on fresh installs (matching the documented promise) and fixes the welcome email so it actually fires after activation. <strong>Breaking change for any existing webhook receiver<\/strong>: outgoing signatures now sign <code>timestamp + &amp;#039;.&amp;#039; + body<\/code> with a new <code>X-TrustLens-Timestamp<\/code> header \u2014 update receiver verification before upgrading.<\/p>","1.2.2":"<p>Automation Rules reliability rewrite and capability expansion \u2014 5 new fraud-signal triggers, 14 new condition fields, 2 new actions, save-time validation that blocks rules which can never fire, async HMAC-signed webhooks with auto-retry, and inline skip logging that answers &quot;why didn&#039;t my rule fire?&quot;. Plus Card-Testing Defense consolidated to a single live view and a persistent plugin-wide admin header with \u2318K palette. Safe additive upgrade.<\/p>","1.5.0":"<p>Card-Testing Defense Pro features: auto-escalation, geographic-diversity flash-sale safeguard, fingerprint + IP allowlists, advanced fingerprint signals, per-fingerprint threshold overrides, attack history analytics with CSV export, Slack\/email alerts. No changes to Free behavior.<\/p>","1.4.0":"<p>Free card-testing defense \u2014 detects and blocks stolen-card attack traffic before it reaches Stripe \/ WooPayments. Protects your gateway account from suspension caused by high decline ratios. Enable in TrustLens \u2192 Card-Testing Defense. Sensible defaults; takes 30 seconds to switch on.<\/p>","1.3.0":"<p>Infrastructure release. Email blocklist now covers Blocks \/ Store API checkout in addition to Classic. Browser fingerprint collection added on checkout pages (pseudonymous hash only; privacy-preserving). Sets the foundation for card-testing defense in 1.4.0.<\/p>","1.2.1":"<p>Chargeback Ratio Monitor + bulk-action fix. Free: dashboard chargeback-ratio speedometer, dispute ingestion from Stripe\/WooPayments, per-customer tracking, manual entry form. Pro: per-brand ratios, email alerts before Visa\/Mastercard\/Amex thresholds, Chargeback Monitor page. Recommended for stores accepting card payments.<\/p>","1.2.0":"<p>Major feature + reliability release: new Shipping Address Anomalies module, redesigned Customer Detail page (trust score gauge, signal impact bars, return rate trend), and a critical fix for ActionScheduler runaway loops that could otherwise bloat the scheduler table on admin-heavy sites. All existing sites should upgrade.<\/p>","1.1.8":"<p>Performance fix: prevents ActionScheduler table bloat from order meta saves and adds daily cleanup of old completed actions.<\/p>","1.1.7":"<p>Dispute evidence release: Pro one-click behavioral risk report for payment processor disputes \u2014 trust score, return patterns, linked accounts, and event timeline in a print-ready format.<\/p>","1.1.6":"<p>Trust visibility release: color-coded trust segment badges on the WooCommerce orders list with filtering and sorting \u2014 see customer risk at a glance while processing orders.<\/p>","1.1.5":"<p>Mail, privacy, reporting, and customer-risk reliability release: shared email sending, keyed customer\/fingerprint hashing, corrected automation analytics, accurate scheduled reports, customer-state consistency, cron cleanup, and refreshed WordPress.org copy.<\/p>","1.1.4":"<p>Dashboard UX and sync consistency release: adds chart empty states and improves historical sync completion\/reporting accuracy.<\/p>","1.1.3":"<p>Historical sync accuracy release: backfills coupon\/category\/linked-account behavior metrics and reconstructs historical events for improved scoring and reporting.<\/p>","1.1.2":"<p>Sync stability and UX release: fixes refund-related sync crashes, improves empty-state progress behavior, and adds reliable post-activation dashboard redirect.<\/p>","1.1.1":"<p>Sync reliability release: clearer sync errors, more robust batch processing, and cleanup of unused sync code paths.<\/p>","1.1.0":"<p>New Payment Controls tab with advanced Pro gateway restrictions (risk segment, velocity, and linked-account protection).<\/p>","1.0.6":"<p>Professional upsell redesign and clearer dashboard sync onboarding.<\/p>","1.0.5":"<p>UI Improvements.<\/p>","1.0.4":"<p>Automation is now its own menu (TrustLens \u2192 Automation). API and Data tabs fixes, modal styling, notification improvements, and test email timeout.<\/p>","1.0.3":"<p>Bug fixes.<\/p>","1.0.2":"<p>UI\/UX refinement release with modular CSS organization and improved test-data seeding.<\/p>","1.0.1":"<p>Maintenance release. No functional changes.<\/p>","1.0.0":"<p>First release. Install TrustLens and run the historical sync to start building customer trust profiles immediately.<\/p>"},"ratings":{"1":0,"2":0,"3":0,"4":0,"5":3},"assets_icons":{"icon.svg":{"filename":"icon.svg","revision":3461127,"resolution":false,"location":"assets","locale":false}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3461149,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3461149,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.1","1.0.3","1.0.4","1.0.5","1.0.6","1.1.0","1.1.1","1.1.2","1.1.3","1.1.4","1.1.5","1.1.6","1.1.7","1.1.8","1.2.0","1.2.1","1.2.2","1.2.3"],"block_files":[],"assets_screenshots":[],"screenshots":{"1":"<strong>Command Center Dashboard<\/strong> \u2014 Full analytics overview with health score, KPI cards, trust score trends, and segment distribution","2":"<strong>Customer List<\/strong> \u2014 Searchable, sortable list with segment badges, trust scores, return rates, and quick actions","3":"<strong>Customer Detail Page<\/strong> \u2014 Complete customer profile with score history, event timeline, linked accounts, and all behavioral signals","4":"<strong>Trust Score Trends Chart<\/strong> \u2014 30-day trend line showing average trust score movement across your customer base","5":"<strong>Revenue Protection Overview<\/strong> \u2014 ROI scorecard showing money protected, money at risk, protection rate, and actions taken","6":"<strong>Detection Overview<\/strong> \u2014 Coupon abuse stats and chargeback tracking at a glance","7":"<strong>Settings Page<\/strong> \u2014 Configure scoring thresholds, checkout blocking message, and notification preferences","8":"<strong>Order Integration<\/strong> \u2014 Customer trust score and segment displayed on the WooCommerce order edit screen","9":"<strong>Linked Accounts View<\/strong> \u2014 Multi-account detection showing matched fingerprints and risk indicators"},"jetpack_post_was_ever_published":false},"plugin_section":[262246],"plugin_tags":[262525,76320,132861,262601,286],"plugin_category":[45],"plugin_contributors":[78154,254395],"plugin_business_model":[],"class_list":["post-278911","plugin","type-plugin","status-publish","hentry","plugin_section-dashboard-widgets","plugin_tags-card-testing","plugin_tags-chargeback","plugin_tags-fraud-prevention","plugin_tags-refund-abuse","plugin_tags-woocommerce","plugin_category-ecommerce","plugin_contributors-freemius","plugin_contributors-webstepper","plugin_committers-webstepper"],"banners":{"banner":"https:\/\/ps.w.org\/trustlens\/assets\/banner-772x250.png?rev=3461149","banner_2x":"https:\/\/ps.w.org\/trustlens\/assets\/banner-1544x500.png?rev=3461149","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":"https:\/\/ps.w.org\/trustlens\/assets\/icon.svg?rev=3461127","icon":"https:\/\/ps.w.org\/trustlens\/assets\/icon.svg?rev=3461127","icon_2x":false,"generated":false},"screenshots":[],"raw_content":"<!--section=description-->\n<p><strong>Stop losing money to abuse you can't see.<\/strong> Serial returners, coupon exploiters, fraud rings, and stolen-card bots quietly drain WooCommerce stores \u2014 sometimes thousands per year. The damage usually shows up only after the chargeback ratio climbs or the margin disappears.<\/p>\n\n<p>TrustLens is a behavior-based <strong>customer trust scoring and fraud detection plugin for WooCommerce<\/strong>. It scores every shopper from <strong>0 to 100<\/strong> using real store behavior and sorts them into six risk segments \u2014 <strong>VIP, Trusted, Normal, Caution, Risk, Critical<\/strong>. Eight detection modules run in the background: returns, orders, coupons, categories, linked accounts, shipping anomalies, chargebacks, and card-testing attacks at checkout. You see exactly which signals moved each score, and <strong>you decide what to do<\/strong> about it.<\/p>\n\n<p><strong>TrustLens never auto-blocks in Free.<\/strong> You review the customer profile and choose: block at checkout, allowlist forever, or simply watch the trend. Nothing happens behind your back. All customer data stays inside your store \u2014 no third-party calls \u2014 and linked-account fingerprints are pseudonymized with keyed HMAC-SHA256 hashes.<\/p>\n\n<h4>Abuse patterns TrustLens catches<\/h4>\n\n<p>TrustLens turns the WooCommerce data you already have into actionable customer intelligence. Instead of reading hundreds of orders and refunds line by line, you get one clear score per customer and a six-segment view of your entire customer base. The dashboard surfaces the patterns that move the needle:<\/p>\n\n<ul>\n<li><strong>Return abuse and wardrobing<\/strong> \u2014 serial returners, high refund rates buried across hundreds of orders, customers with 90%+ full-refund ratios<\/li>\n<li><strong>Coupon and discount fraud<\/strong> \u2014 repeat first-order coupon use, coupon-then-refund cycles, throwaway accounts created only to grab a discount<\/li>\n<li><strong>Multi-account fraud rings<\/strong> \u2014 different emails sharing the same shipping address, IP, payment method, phone number, or device fingerprint<\/li>\n<li><strong>Chargeback exposure<\/strong> \u2014 disputes per customer, blended store-wide chargeback ratio, brand-by-brand approach to Visa, Mastercard, Amex, and Discover monitoring thresholds<\/li>\n<li><strong>Card-testing attacks at checkout<\/strong> \u2014 bots probing stolen cards through your payment gateway, racking up declines, fees, and downstream chargebacks<\/li>\n<li><strong>Shipping address fraud<\/strong> \u2014 address hopping, billing\/shipping country mismatches, rapid address-change velocity, reshipping patterns<\/li>\n<li><strong>Hidden VIPs<\/strong> \u2014 long-tenured loyal customers you should protect from accidental friction or false positives<\/li>\n<\/ul>\n\n<p>You see who's worth rewarding, who's silently costing you, and you take the call.<\/p>\n\n<h4>What's included in the free version<\/h4>\n\n<p>The WordPress.org download is the <strong>complete plugin<\/strong> \u2014 no trial limits, no disabled scoring, no locked modules. Everything below ships in Free.<\/p>\n\n<p><strong>Detection \u2014 all 8 modules included<\/strong><\/p>\n\n<ul>\n<li><strong>Return Abuse Detection<\/strong> \u2014 analyzes refund rate, refund frequency, refund value, and full-vs-partial refund ratio to spot serial returners and wardrobing<\/li>\n<li><strong>Order Pattern Analysis<\/strong> \u2014 completion rates, cancellation patterns, unusual order velocity<\/li>\n<li><strong>Coupon Abuse Detection<\/strong> \u2014 repeat first-order coupon use, coupon-then-refund pattern, excessive coupon stacking<\/li>\n<li><strong>Category-Aware Risk Scoring<\/strong> \u2014 applies extra risk when customers show high return rates in specific product categories<\/li>\n<li><strong>Linked Accounts Detection<\/strong> \u2014 identifies accounts sharing shipping addresses, billing addresses, phone numbers, IPs, payment methods, or device user-agent fingerprints<\/li>\n<li><strong>Shipping Address Anomalies<\/strong> \u2014 address hopping, billing\/shipping country mismatches, address-change velocity, configurable velocity window (7\u201390 days)<\/li>\n<li><strong>Chargeback Tracking<\/strong> \u2014 per-customer dispute history with automatic ingestion from Stripe and WooPayments, manual entry form for other gateways, automatic card-brand capture for accurate ratio reporting<\/li>\n<li><strong>Card-Testing Defense<\/strong> \u2014 real-time decline-velocity monitoring in 60-second and 10-minute rolling windows, attacker device fingerprints locked out for 90 seconds, VIP customer bypass on by default so repeat buyers are never disrupted, one-click Panic Freeze button that halts all checkouts for 15 minutes during an active attack<\/li>\n<\/ul>\n\n<p><strong>Trust scoring engine<\/strong><\/p>\n\n<ul>\n<li><strong>0\u2013100 trust score<\/strong> for every customer, recalculated automatically when behavior changes<\/li>\n<li><strong>Six risk segments<\/strong> \u2014 VIP, Trusted, Normal, Caution, Risk, Critical<\/li>\n<li><strong>Every signal visible on the customer profile<\/strong> so you can see exactly how a score was calculated<\/li>\n<li><strong>Account-age loyalty bonus<\/strong> up to +15 points for long-standing customers<\/li>\n<li><strong>Configurable scoring thresholds<\/strong> \u2014 minimum orders required, return-risk levels, checkout-blocking settings<\/li>\n<\/ul>\n\n<p><strong>Dashboard and monitoring<\/strong><\/p>\n\n<ul>\n<li><strong>Command Center dashboard<\/strong> \u2014 trust score trends, segment distribution, refund activity, high-risk customer list, revenue-protection KPIs<\/li>\n<li><strong>Chargeback Ratio Speedometer<\/strong> \u2014 blended calendar-month ratio with Healthy \/ Approaching threshold \/ Action-needed status against Visa, Mastercard, Amex, and Discover monitoring programs<\/li>\n<li><strong>Module status row<\/strong> \u2014 quick on\/off and one stat per detection module at a glance<\/li>\n<li><strong>Persistent plugin-wide admin header<\/strong> with unified navigation, live status pill, notifications bell, and \u2318K command palette for fast access to any customer or setting<\/li>\n<\/ul>\n\n<p><strong>Customer management<\/strong><\/p>\n\n<ul>\n<li><strong>Trust badges on the WooCommerce orders list<\/strong> \u2014 sortable, filterable by segment, one click to the full customer profile<\/li>\n<li><strong>Detailed customer profile<\/strong> with score history, event timeline, linked accounts, signal impact bars, and return-rate trend chart<\/li>\n<li><strong>Bulk actions<\/strong> \u2014 block, unblock, allowlist, recalculate, delete in bulk<\/li>\n<li><strong>Allowlist protection<\/strong> \u2014 locks a customer's score at 100 and prevents any negative signals from affecting them, protecting VIPs from false positives<\/li>\n<li><strong>Checkout enforcement<\/strong> \u2014 blocked customers can't add items to cart or complete checkout (works on both Classic and WooCommerce Blocks \/ Store API checkout)<\/li>\n<li><strong>Customizable block message<\/strong><\/li>\n<\/ul>\n\n<p><strong>Operational<\/strong><\/p>\n\n<ul>\n<li><strong>Historical Sync<\/strong> \u2014 build trust profiles from past WooCommerce orders in the background using small batches that don't slow the frontend<\/li>\n<li><strong>REST API<\/strong> with 8 endpoints for integrations, customer lookups, score retrieval, segment filtering, and triggering recalculations<\/li>\n<li><strong>WooCommerce HPOS compatibility<\/strong> \u2014 fully compatible with High-Performance Order Storage<\/li>\n<li><strong>GDPR privacy tools<\/strong> \u2014 full WordPress privacy export and erasure integration, including signals, fingerprints, category stats, and automation logs<\/li>\n<li><strong>Order-screen integration<\/strong> \u2014 trust score and segment displayed directly on every WooCommerce order edit page<\/li>\n<li><strong>Core email notifications<\/strong> \u2014 blocked-checkout alerts, activation summary, weekly protection report<\/li>\n<\/ul>\n\n<h4>What Pro adds<\/h4>\n\n<p>Pro is for stores that want TrustLens to act on what it finds \u2014 automation, advanced alerts, deeper chargeback analytics, and payment-risk workflows.<\/p>\n\n<p><strong>Advanced Chargeback Monitor<\/strong><\/p>\n\n<p>A dedicated <strong>TrustLens \u2192 Chargeback Monitor<\/strong> page built to keep you clear of card-network monitoring programs:<\/p>\n\n<ul>\n<li>Per-brand ratio breakdown \u2014 <strong>Visa VDMP\/VFMP, Mastercard ECP, Amex, Discover<\/strong> \u2014 with threshold progress bars<\/li>\n<li><strong>12-month trend chart<\/strong> showing how each brand has moved over time<\/li>\n<li><strong>Trailing-30-day window<\/strong> alongside the Free calendar-month view<\/li>\n<li><strong>Recent disputes activity feed<\/strong> with case status<\/li>\n<li><strong>Top-disputed customers<\/strong> with one-click access to a <strong>Dispute Evidence Report<\/strong> \u2014 print-ready professional behavioral risk report (trust score, signals, order history, return analysis vs store average, linked accounts, full event timeline) that you can submit alongside processor dispute responses<\/li>\n<li><strong>Customizable warn-threshold percent<\/strong> (50\u2013100%)<\/li>\n<li><strong>Auto-Block After N Lost Disputes<\/strong> \u2014 configurable runtime enforcement<\/li>\n<\/ul>\n\n<p><strong>Chargeback Ratio Email Alerts<\/strong> \u2014 daily check that emails you before any brand crosses its network threshold, deduplicated per brand per calendar month so you're never spammed.<\/p>\n\n<p><strong>Automation Rules<\/strong><\/p>\n\n<p>Build trigger-based rules that fire when customer risk changes, orders are placed, refunds are processed, disputes are filed, linked accounts are detected, card-testing attacks happen, or shipping anomalies are spotted.<\/p>\n\n<ul>\n<li><strong>16+ triggers<\/strong> including Chargeback Filed, Dispute Recorded, Linked Accounts Detected, Card Testing Attack, Shipping Anomaly<\/li>\n<li><strong>30+ condition fields<\/strong> including trust score, segment, total order value, total disputes, customer age, country mismatch, coupon total, payment method, linked accounts count<\/li>\n<li><strong>Actions<\/strong> \u2014 block customer, hold order, send email, fire webhook, allowlist customer, cancel order, tag customer<\/li>\n<li><strong>Async dispatch with automatic retry<\/strong> (60s \/ 120s \/ 240s backoff)<\/li>\n<li><strong>HMAC-SHA256 signed webhooks<\/strong> by default for security<\/li>\n<li><strong>Save-time validator<\/strong> blocks rules that can never fire \u2014 unsatisfiable conditions, schema violations, contradictions \u2014 each with a specific inline reason<\/li>\n<li><strong>Inline rule inspector<\/strong> shows SKIP status with the exact reason (\"Cooldown active\" \/ \"Condition not met: trust_score &gt; 50\") so you can answer \"why didn't my rule fire?\" in one glance<\/li>\n<\/ul>\n\n<p><strong>Card-Testing Defense Pro<\/strong><\/p>\n\n<p>On top of free Card-Testing Defense, Pro adds attack-scale protection:<\/p>\n\n<ul>\n<li><strong>Auto-escalation<\/strong> from targeted blocking to global Panic Freeze when an attack spreads across multiple device fingerprints (default: 3 distinct devices in 10 minutes)<\/li>\n<li><strong>Geographic-diversity safeguard<\/strong> \u2014 before escalating, checks whether the decline burst is naturally distributed across \u226510 countries with no single country &gt;50%, so legitimate flash-sale or viral traffic isn't mistaken for an attack<\/li>\n<li><strong>Fingerprint and IP CIDR allowlists<\/strong> for QA, integration partners, and known-good traffic (IPv4 and IPv6 ranges supported)<\/li>\n<li><strong>Advanced fingerprint signal<\/strong> \u2014 12-font detection via baseline-width comparison, harder for botnets to spoof consistently across nodes<\/li>\n<li><strong>Per-fingerprint threshold overrides<\/strong> for tighter or looser thresholds on specific known devices<\/li>\n<li><strong>Attack History tab<\/strong> with 24-hour decline count, decline-code breakdown, top-10 attacking fingerprints, hourly timeline chart, CSV export of all velocity events<\/li>\n<li><strong>Slack and email alert dispatcher<\/strong> for <code>attack_detected<\/code>, <code>auto_escalated<\/code>, and <code>panic_button_activated<\/code> events<\/li>\n<\/ul>\n\n<p><strong>Payment Method Risk Controls<\/strong> \u2014 hide specific payment gateways for high-risk customers, linked accounts, or velocity spikes. Fine-grained checkout protection without blocking the whole order.<\/p>\n\n<p><strong>Scheduled Reports<\/strong> \u2014 daily, weekly, or monthly email summaries of store risk activity, customer trends, and protection KPIs.<\/p>\n\n<p><strong>10 advanced notification types<\/strong> \u2014 High-Risk Order Alert, Segment Change Alert, Daily Digest, High-Value Order Alert, Repeat Refunder Alert, Velocity Alert, Score Recovery Alert, New Customer Risk Alert, Monthly Revenue Protection Report, Chargeback Filed Alert.<\/p>\n\n<p><strong>Advanced Address Analysis<\/strong> \u2014 diversity-trend detection and enhanced country-mismatch severity for deeper shipping-fraud insight.<\/p>\n\n<p><strong>Bottom line:<\/strong> Free surfaces the risk. Pro acts on it.<\/p>\n\n<h4>How trust scoring works<\/h4>\n\n<p>Every customer starts at a neutral <strong>50<\/strong>. TrustLens detection modules analyze behavior and apply positive or negative signals:<\/p>\n\n<ul>\n<li><strong>Completed orders<\/strong> increase trust<\/li>\n<li><strong>Refunds<\/strong> decrease trust based on frequency, value, and full-vs-partial ratio<\/li>\n<li><strong>Coupon abuse patterns<\/strong> apply penalties (repeat first-order coupons, coupon-then-refund cycles)<\/li>\n<li><strong>High return rates in specific categories<\/strong> add additional risk<\/li>\n<li><strong>Linked accounts<\/strong> with already-risky customers reduce scores via fraud-ring detection<\/li>\n<li><strong>Disputes and chargebacks<\/strong> apply significant penalties<\/li>\n<li><strong>Shipping anomalies<\/strong> (address hopping, country mismatches, change velocity) reduce scores<\/li>\n<li><strong>Card-testing exposure<\/strong> \u2014 customers tied to device fingerprints involved in past attacks lose trust<\/li>\n<li><strong>Account age<\/strong> adds a loyalty bonus of up to <strong>+15<\/strong> for long-standing customers<\/li>\n<\/ul>\n\n<p>Scores are always clamped to 0\u2013100. Every signal is visible on the customer profile so you can see exactly how each score was calculated and trust the decision.<\/p>\n\n<p>Customers below the configurable minimum order threshold (default: 3 orders) stay in the Normal segment until enough data exists for confident scoring \u2014 so new stores don't get noisy false positives in their first weeks.<\/p>\n\n<h4>Who TrustLens is for<\/h4>\n\n<ul>\n<li><strong>WooCommerce store owners<\/strong> losing margin to serial returners, refund abuse, or coupon fraud<\/li>\n<li><strong>Operations and CX managers<\/strong> who need data to back up customer policies with confidence<\/li>\n<li><strong>Fraud prevention teams<\/strong> looking past payment-gateway signals into behavioral patterns<\/li>\n<li><strong>Merchants worried about Visa, Mastercard, Amex, or Discover<\/strong> chargeback monitoring programs (VDMP \/ VFMP \/ ECP)<\/li>\n<li><strong>Stores with generous return policies<\/strong> that attract both loyal customers and abuse<\/li>\n<li><strong>Stores using Stripe or WooPayments<\/strong> \u2014 chargeback and card-brand data flow in automatically with no manual setup<\/li>\n<li><strong>Stores using other gateways<\/strong> (PayPal, Square, offline, custom) \u2014 manual chargeback entry keeps your ratio accurate<\/li>\n<\/ul>\n\n<h4>Privacy and data handling<\/h4>\n\n<p>TrustLens works <strong>entirely inside your WordPress and WooCommerce installation<\/strong>. It does not send customer data to the plugin developer or to any default third-party service. External delivery only happens if you explicitly configure features like webhooks, Slack alerts, or email notifications.<\/p>\n\n<ul>\n<li>Customer identifiers are pseudonymized with <strong>keyed HMAC-SHA256 hashes<\/strong> so raw email and identifier values are never exposed or reused across sites<\/li>\n<li>Linked-account fingerprints (address, phone, IP, payment method, device) use the same keyed-hash approach<\/li>\n<li><strong>WordPress privacy tools<\/strong> are fully integrated \u2014 customers can request data export or erasure through the standard WordPress workflow, and TrustLens responds with signals, fingerprints, category stats, and automation logs included<\/li>\n<li><strong>GDPR-compatible<\/strong> by design<\/li>\n<li>All scoring signals are visible on the customer profile so customer-service teams can explain any score on request<\/li>\n<\/ul>\n\n<h4>Built for production WooCommerce<\/h4>\n\n<p>TrustLens is engineered for busy stores and growing order volume:<\/p>\n\n<ul>\n<li><strong>Asynchronous background scoring<\/strong> via Action Scheduler \u2014 the same system WooCommerce uses for its own background jobs<\/li>\n<li><strong>WooCommerce HPOS compatibility<\/strong> \u2014 fully compatible with High-Performance Order Storage and legacy stores alike<\/li>\n<li><strong>Transient-cached dashboard queries<\/strong> (15-minute and 1-hour TTLs) with automatic invalidation on new events so the dashboard doesn't re-query order meta on every page load<\/li>\n<li><strong>Batch-based Historical Sync<\/strong> that processes past orders in small chunks without blocking the frontend<\/li>\n<li><strong>Lightweight checkout enforcement<\/strong> using a single email-hash lookup<\/li>\n<li><strong>Unified Request Gate<\/strong> that intercepts both Classic and Blocks \/ Store API checkout through one rule-registration surface<\/li>\n<li><strong>PHP 7.4+ supported<\/strong>, WordPress 6.4+ tested, WooCommerce-first throughout<\/li>\n<\/ul>\n\n<p>If you need <strong>chargeback prevention<\/strong>, <strong>return-abuse detection<\/strong>, <strong>fraud-ring detection<\/strong>, or <strong>stolen-card attack protection<\/strong> for WooCommerce, TrustLens gives you the data and the tools to act \u2014 without taking control out of your hands.<\/p>\n\n<h3>External Services<\/h3>\n\n<p>This plugin may connect to external services as described below.<\/p>\n\n<h4>Freemius SDK<\/h4>\n\n<p>This plugin uses the <a href=\"https:\/\/freemius.com\">Freemius<\/a> SDK for optional usage tracking, license management, and plugin updates.<\/p>\n\n<p><strong>When data is sent:<\/strong><\/p>\n\n<ul>\n<li>During plugin activation, only if the user explicitly opts in<\/li>\n<li>When checking for plugin updates<\/li>\n<li>When activating or deactivating a Pro license<\/li>\n<\/ul>\n\n<p><strong>What data is sent:<\/strong><\/p>\n\n<ul>\n<li>Site URL, WordPress version, and PHP version<\/li>\n<li>Plugin version and activation status<\/li>\n<li>Admin email (only if opted in)<\/li>\n<li>License key (Pro version only)<\/li>\n<\/ul>\n\n<p><strong>Important:<\/strong> No data is sent unless you explicitly opt in during plugin activation. You can skip the opt-in entirely and use the free version without sharing any data.<\/p>\n\n<ul>\n<li>Service: <a href=\"https:\/\/freemius.com\">Freemius<\/a><\/li>\n<li>Terms of Service: <a href=\"https:\/\/freemius.com\/terms\/\">https:\/\/freemius.com\/terms\/<\/a><\/li>\n<li>Privacy Policy: <a href=\"https:\/\/freemius.com\/privacy\/\">https:\/\/freemius.com\/privacy\/<\/a><\/li>\n<\/ul>\n\n<h4>Webhooks (Pro, Optional)<\/h4>\n\n<p>When webhooks are enabled in TrustLens settings (Pro feature), the plugin sends HTTP POST requests to URLs configured by the administrator.<\/p>\n\n<p><strong>When data is sent:<\/strong><\/p>\n\n<ul>\n<li>When a customer's trust score is updated (if enabled)<\/li>\n<li>When a customer is blocked (if enabled)<\/li>\n<li>When a checkout is blocked (if enabled)<\/li>\n<li>When a high-risk order is placed (if enabled)<\/li>\n<li>When testing webhook connectivity<\/li>\n<\/ul>\n\n<p><strong>What data is sent:<\/strong><\/p>\n\n<ul>\n<li>Customer email hash and, when available, the customer email stored in TrustLens<\/li>\n<li>Trust score and customer segment<\/li>\n<li>Event type and timestamp<\/li>\n<li>Order details for high-risk order events (order ID, total, status)<\/li>\n<li>Site URL and site name<\/li>\n<\/ul>\n\n<p><strong>Important:<\/strong> Webhook endpoints are entirely configured by you. No data is sent to any third-party service unless you explicitly add webhook URLs. The plugin does not send data to the plugin developer or any default external service.<\/p>\n\n<!--section=installation-->\n<ol>\n<li>Install <strong>TrustLens<\/strong> directly from the WordPress plugin repository, or upload the <code>trustlens<\/code> folder to <code>\/wp-content\/plugins\/<\/code><\/li>\n<li>Activate the plugin through the <strong>Plugins<\/strong> menu \u2014 TrustLens checks for WooCommerce automatically<\/li>\n<li>Open <strong>TrustLens \u2192 Dashboard<\/strong> to see the Command Center<\/li>\n<li>Click <strong>Run Historical Sync<\/strong> to build trust profiles from your existing WooCommerce orders \u2014 the sync runs in the background in small batches and does not affect site performance<\/li>\n<li>Visit <strong>TrustLens \u2192 Settings<\/strong> to adjust scoring thresholds, checkout blocking, and notification preferences<\/li>\n<\/ol>\n\n<p><strong>What works out of the box:<\/strong><\/p>\n\n<ul>\n<li>All 8 detection modules are enabled by default<\/li>\n<li>Card-Testing Defense ships <strong>enabled<\/strong> with sensible thresholds \u2014 no configuration required to start blocking stolen-card attacks<\/li>\n<li>VIP Customer Bypass is on, so repeat buyers are never disrupted by velocity rules<\/li>\n<li>Chargeback tracking is active for Stripe and WooPayments \u2014 disputes ingest automatically<\/li>\n<li>TrustLens <strong>does not auto-block<\/strong> any customer in Free until you explicitly choose to<\/li>\n<\/ul>\n\n<p>If you use Stripe or WooPayments, no extra setup is required for chargeback and card-brand capture. Other gateways can be tracked through the manual chargeback entry form on the order edit page.<\/p>\n\n<!--section=faq-->\n<dl>\n<dt id=\"does%20trustlens%20work%20with%20guest%20checkout%3F\"><h3>Does TrustLens work with guest checkout?<\/h3><\/dt>\n<dd><p>Yes. Customers are identified by a hash of their email address, so guest and registered customers are tracked equally. If a guest later registers, their history carries over.<\/p><\/dd>\n<dt id=\"will%20trustlens%20automatically%20block%20customers%3F\"><h3>Will TrustLens automatically block customers?<\/h3><\/dt>\n<dd><p>By default, no. The free version is manual: it surfaces customer risk data, and you decide when to block or allowlist someone. Pro can optionally automate specific actions, including alerts, order holds, verification requirements, and customer blocking if you configure automation rules or chargeback auto-blocking.<\/p><\/dd>\n<dt id=\"how%20does%20linked%20accounts%20detection%20work%3F\"><h3>How does linked accounts detection work?<\/h3><\/dt>\n<dd><p>TrustLens creates fingerprints from shipping addresses, billing addresses, phone numbers, IP addresses, payment methods, and device user agents. When multiple customer accounts share fingerprints, they are flagged as linked. This helps detect multi-account abuse like repeated first-order discounts.<\/p><\/dd>\n<dt id=\"can%20trustlens%20help%20reduce%20return%20abuse%20and%20refund%20abuse%20in%20woocommerce%3F\"><h3>Can TrustLens help reduce return abuse and refund abuse in WooCommerce?<\/h3><\/dt>\n<dd><p>Yes. TrustLens tracks refund rate, refund value, refund frequency, category-specific return behavior, and related customer patterns over time. This helps you spot serial returners and high-risk refund behavior earlier instead of reviewing refunds one order at a time.<\/p><\/dd>\n<dt id=\"can%20trustlens%20help%20with%20chargebacks%20and%20disputes%3F\"><h3>Can TrustLens help with chargebacks and disputes?<\/h3><\/dt>\n<dd><p>Yes \u2014 and the core chargeback tracking is in the <strong>free<\/strong> version. TrustLens automatically ingests disputes from Stripe and WooPayments, accepts manual entry for other gateways (PayPal, Square, offline), keeps per-customer dispute counters, and feeds dispute history into trust scores. The free dashboard also shows a <strong>Chargeback Ratio Speedometer<\/strong> with a Healthy \/ Approaching \/ Action-needed status against Visa, Mastercard, Amex, and Discover thresholds.<\/p>\n\n<p>Pro adds a dedicated <strong>Advanced Chargeback Monitor<\/strong> with per-brand breakdown (Visa VDMP\/VFMP, Mastercard ECP, Amex, Discover), 12-month trend, trailing-30-day window, daily ratio email alerts, a one-click Dispute Evidence Report for processor responses, and auto-block after N lost disputes.<\/p><\/dd>\n<dt id=\"how%20does%20the%20chargeback%20ratio%20monitor%20work%3F\"><h3>How does the Chargeback Ratio Monitor work?<\/h3><\/dt>\n<dd><p>TrustLens captures the card brand on every Stripe and WooPayments paid order and tracks how many of those orders end up as disputes. Your blended monthly chargeback ratio is shown on the dashboard speedometer, with status colors keyed to <strong>Visa VDMP\/VFMP, Mastercard ECP, Amex, and Discover<\/strong> monitoring thresholds \u2014 so you can see if you're approaching enrollment before it happens. Pro adds per-brand ratios, the 12-month trend chart, the trailing-30-day window, and daily email alerts.<\/p><\/dd>\n<dt id=\"what%20is%20card-testing%20defense%3F\"><h3>What is Card-Testing Defense?<\/h3><\/dt>\n<dd><p>Card-Testing Defense (free) is real-time protection against stolen-card attack bots that probe your checkout with thousands of declined payment attempts. TrustLens watches per-device decline rates in 60-second and 10-minute rolling windows. When a device crosses the threshold it's locked out of checkout for 90 seconds, blocking the attack before it reaches your payment gateway and runs up gateway fees, fraud fees, and downstream chargebacks.<\/p>\n\n<p><strong>VIP Customer Bypass<\/strong> is enabled by default, so customers with at least one successful past order are never blocked by velocity. A one-click <strong>Panic Freeze<\/strong> button halts all checkouts for 15 minutes during an active attack your thresholds haven't caught.<\/p>\n\n<p>Pro adds auto-escalation, a geographic-diversity safeguard so flash-sale traffic isn't mistaken for an attack, fingerprint and IP CIDR allowlists, attack analytics with CSV export, and Slack alerts.<\/p><\/dd>\n<dt id=\"can%20i%20automate%20actions%20based%20on%20customer%20risk%3F\"><h3>Can I automate actions based on customer risk?<\/h3><\/dt>\n<dd><p>Yes, with Pro. Automation Rules let you build trigger-based rules that fire when customer risk changes, orders are placed, refunds are processed, disputes are filed, linked accounts are detected, card-testing attacks happen, or shipping anomalies are spotted. Each rule supports 30+ condition fields and actions like block customer, hold order, send email, fire webhook, allowlist customer, cancel order, or tag customer.<\/p>\n\n<p>Pro automation also includes a save-time validator that blocks rules that can never fire, an inline inspector that shows exactly why each rule fired or didn't, and async HMAC-SHA256-signed webhooks with automatic retry.<\/p><\/dd>\n<dt id=\"what%20happens%20when%20i%20block%20a%20customer%3F\"><h3>What happens when I block a customer?<\/h3><\/dt>\n<dd><p>Blocked customers see a customizable message when they try to add items to their cart or proceed to checkout. The block applies to both logged-in users and guest checkouts matching the blocked email. All blocked checkout attempts are logged.<\/p><\/dd>\n<dt id=\"can%20i%20undo%20a%20block%3F\"><h3>Can I undo a block?<\/h3><\/dt>\n<dd><p>Yes. You can unblock a customer at any time from their profile page or the customer list. You can also add customers to the allowlist, which locks their score at 100 and prevents any negative signals from affecting them.<\/p><\/dd>\n<dt id=\"what%20happens%20right%20after%20i%20install%20trustlens%3F\"><h3>What happens right after I install TrustLens?<\/h3><\/dt>\n<dd><p>New WooCommerce orders are analyzed automatically after activation. If you already have historical orders, you can run Historical Sync from the dashboard to build trust profiles from your existing store data without slowing down the frontend.<\/p><\/dd>\n<dt id=\"does%20this%20slow%20down%20my%20store%3F\"><h3>Does this slow down my store?<\/h3><\/dt>\n<dd><p>No. Score calculations run asynchronously via Action Scheduler (the same system WooCommerce uses). Checkout blocking uses a lightweight email-hash lookup. The historical sync processes orders in small batches in the background.<\/p><\/dd>\n<dt id=\"does%20trustlens%20send%20customer%20data%20to%20an%20external%20service%3F\"><h3>Does TrustLens send customer data to an external service?<\/h3><\/dt>\n<dd><p>No. TrustLens works inside your WordPress and WooCommerce installation. It does not send customer data to the plugin developer or to any default third-party service. External delivery only happens if you explicitly configure features like webhooks or email notifications.<\/p><\/dd>\n<dt id=\"is%20trustlens%20compatible%20with%20woocommerce%20hpos%3F\"><h3>Is TrustLens compatible with WooCommerce HPOS?<\/h3><\/dt>\n<dd><p>Yes. TrustLens declares full compatibility with High-Performance Order Storage and works with both legacy and HPOS-enabled stores.<\/p><\/dd>\n<dt id=\"does%20trustlens%20store%20personal%20data%3F\"><h3>Does TrustLens store personal data?<\/h3><\/dt>\n<dd><p>TrustLens stores customer email addresses and behavioral data (order counts, refund counts, trust scores) in custom database tables. Matching identifiers used for linked-account detection are pseudonymized using keyed HMAC-SHA256 hashes, preventing the raw values from being exposed or reused across sites. The plugin integrates with WordPress privacy tools \u2014 customers can request data export or erasure through the standard WordPress privacy workflow.<\/p><\/dd>\n<dt id=\"can%20i%20access%20trustlens%20data%20from%20external%20systems%3F\"><h3>Can I access TrustLens data from external systems?<\/h3><\/dt>\n<dd><p>Yes. TrustLens includes a REST API with 8 endpoints for looking up customers, retrieving scores, filtering by segment, and triggering recalculations. API access requires either the <code>manage_woocommerce<\/code> capability or a valid API key configured in settings.<\/p><\/dd>\n<dt id=\"can%20i%20get%20alerts%20and%20reports%20by%20email%3F\"><h3>Can I get alerts and reports by email?<\/h3><\/dt>\n<dd><p>Yes. The free version includes core email notifications such as blocked checkout alerts, a welcome summary, and a weekly summary. Pro adds advanced alerts, daily digests, monthly revenue protection reports, and scheduled email reports.<\/p><\/dd>\n<dt id=\"what%20is%20the%20minimum%20data%20needed%20for%20accurate%20scoring%3F\"><h3>What is the minimum data needed for accurate scoring?<\/h3><\/dt>\n<dd><p>By default, customers need at least 3 orders before they move out of the Normal segment. You can adjust this threshold in Settings &gt; General. Customers below the threshold still accumulate signals \u2014 they just aren't classified until enough data exists.<\/p><\/dd>\n<dt id=\"does%20the%20free%20version%20include%20all%20detection%20modules%3F\"><h3>Does the free version include all detection modules?<\/h3><\/dt>\n<dd><p>Yes. All <strong>8 detection modules<\/strong> ship in the free version \u2014 returns, orders, coupons, categories, linked accounts, shipping address anomalies, chargebacks, and card-testing defense. There are no trial limits, no disabled scoring, and no locked modules.<\/p>\n\n<p>Pro adds automation rules, webhooks, scheduled reports, payment-method risk controls, the advanced per-brand Chargeback Monitor with daily alerts, Card-Testing Defense Pro (auto-escalation + analytics + Slack alerts), and 10 advanced notification types.<\/p><\/dd>\n<dt id=\"what%20happens%20if%20i%20rotate%20my%20wordpress%20secret%20keys%3F\"><h3>What happens if I rotate my WordPress secret keys?<\/h3><\/dt>\n<dd><p><strong>Important:<\/strong> TrustLens uses your WordPress <code>auth<\/code> secret key (via <code>wp_salt('auth')<\/code>) as the HMAC keying material for hashing customer emails and linked-account fingerprints. This is a deliberate security choice \u2014 it makes stored hashes non-reversible and non-portable across sites.<\/p>\n\n<p>The trade-off is that <strong>regenerating your WordPress secret keys<\/strong> (whether through a security plugin's \"regenerate keys\" tool or by editing <code>wp-config.php<\/code> directly) will permanently invalidate every customer hash and fingerprint already stored in your TrustLens tables. After rotation, the plugin won't be able to match a returning customer to their existing trust profile, and linked-account detection will reset.<\/p>\n\n<p>If you ever need to rotate WordPress secret keys, plan to <strong>run Historical Sync afterward<\/strong> so TrustLens rebuilds the customer table from your existing WooCommerce order data using the new keying material. Allowlisted\/blocked status set manually on individual customer rows is the exception that won't auto-recover \u2014 re-apply those after the sync.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.2.3<\/h4>\n\n<p><strong>Security and reliability hardening.<\/strong> Closes several issues surfaced during a pre-release audit.<\/p>\n\n<p><strong>Fixed<\/strong><\/p>\n\n<ul>\n<li><strong>Card-Testing Defense \u2014 VIP bypass too permissive.<\/strong> Previously, any customer with at least one completed order was permanently exempt from card-testing velocity blocks \u2014 meaning a fraud actor who completed a single order gained immunity from then on. The threshold now matches the plugin-wide <code>trustlens_min_orders<\/code> setting (default 3 orders) AND customers in <code>risk<\/code> or <code>critical<\/code> segments no longer bypass card-testing defense regardless of order count.<\/li>\n<li><strong>Chargeback meta not HPOS-compatible.<\/strong> Manual chargeback writes used <code>update_post_meta()<\/code> \/ <code>get_post_meta()<\/code> directly, which silently target the wrong table on stores with WooCommerce High-Performance Order Storage enabled. Switched to <code>WC_Order::update_meta_data()<\/code> \/ <code>WC_Order::get_meta()<\/code> so the chargeback indicator and Record Manual Chargeback form work correctly on HPOS stores.<\/li>\n<li><strong>IP spoofing via forwarding headers.<\/strong> <code>HTTP_X_FORWARDED_FOR<\/code> (request gate) and <code>HTTP_CLIENT_IP<\/code> + <code>HTTP_X_FORWARDED_FOR<\/code> (payment-method controls) were trusted unconditionally, letting an attacker send <code>X-Forwarded-For: 1.2.3.4<\/code> to rotate their apparent IP and defeat per-IP velocity rules. Both code paths now default to <code>REMOTE_ADDR<\/code>. Sites legitimately behind a trusted reverse proxy (Cloudflare, load balancer, Sucuri) can opt in to X-Forwarded-For via the new <code>trustlens\/trust_proxy_headers<\/code> filter \u2014 the last entry in the header is used (the IP the closest trusted hop observed).<\/li>\n<li><strong>Webhook signing secret exposed in DOM.<\/strong> The \"Test\" button on the Pro Webhooks settings page rendered the signing secret as a <code>data-secret<\/code> HTML attribute, making it readable by any browser extension or XSS payload running in the admin panel. The secret is no longer rendered to the page; the AJAX handler now looks up the endpoint server-side from the stored config.<\/li>\n<li><strong>Webhook async dispatch could pile up duplicates.<\/strong> Automation rule webhooks used <code>as_enqueue_async_action()<\/code> without dedup, so a rapid burst of identical triggers (e.g. <code>score_updated<\/code> firing several times during a batch refund) queued multiple deliveries for the same rule+customer. Now dedup'd via <code>wstl_ensure_single_action<\/code>; retries from inside the dispatch handler still carry a distinct retry counter and bypass dedup so failed deliveries still get their 60s \/ 120s \/ 240s attempts.<\/li>\n<li><strong>Score-update queue race.<\/strong> <code>wstl_queue_score_update()<\/code> used a read-then-write pattern that could double-schedule the score recalculation under concurrent events for the same customer. Replaced with <code>wstl_ensure_single_action<\/code>, which uses unschedule-then-schedule semantics and is race-free.<\/li>\n<li><strong>Chargeback record double-increment under concurrency.<\/strong> The manual chargeback AJAX path ran two separate UPDATE statements (one for <code>total_disputes<\/code>, one for the outcome counter). Two concurrent calls for the same customer could leave <code>disputes_lost<\/code> exceeding <code>total_disputes<\/code>. Now done as a single atomic UPDATE when the outcome is known at record time.<\/li>\n<li><strong>Shipping anomaly re-entrancy.<\/strong> The <code>trustlens\/shipping_anomaly<\/code> action fired (and <code>address_anomaly_detected<\/code> was logged) from inside <code>get_signal()<\/code>, which runs on every score recalculation. That could spawn re-entrant Action Scheduler jobs through automation rules. Both events now fire once from <code>handle_order_completed<\/code>, so each detection produces exactly one event per order completion.<\/li>\n<li><strong>Guest-order automation actions silently dropped.<\/strong> Customer-level actions (send email, block customer, tag, etc.) on order-bound rules silently returned when the order was a guest checkout. Now a <code>'skipped'<\/code> row is written to the rule log with the reason \"Guest order: no customer email hash\" \u2014 the inspector can finally answer \"why didn't my rule fire?\".<\/li>\n<li><strong>Lockdown targets transient race.<\/strong> Card-Testing Defense stored every targeted device fingerprint in one shared transient map; concurrent attacks from different devices could clobber each other on write. Switched to one transient per fingerprint so concurrent target writes never conflict. Admin listing and \"any-target-active\" check use indexed <code>wp_options LIKE<\/code> queries.<\/li>\n<li><strong>Automation <code>is_first_order<\/code> matched 0-order customers.<\/strong> Condition now requires <code>total_orders === 1<\/code> (exact), so rules don't fire against brand-new customer records that exist before any order has been counted.<\/li>\n<li><strong>Chargeback signal ignored min-orders threshold.<\/strong> A one-time buyer who filed a legitimate dispute could trigger the -30 chargeback penalty before any other signals existed. The chargeback module now honors <code>trustlens_min_orders<\/code> like the returns, coupons, and shipping modules.<\/li>\n<li><strong>Dispute Report didn't validate the hash format.<\/strong> <code>$_GET['hash']<\/code> is now checked against <code>wstl_is_email_hash()<\/code> before being passed to the lookup, matching the rest of the codebase.<\/li>\n<li><strong>Webhook log table escaping.<\/strong> Endpoint URL inside <code>&lt;code&gt;<\/code> was escaped with <code>esc_url()<\/code> (an attribute-context function) instead of <code>esc_html()<\/code>. Switched to the correct function for text content.<\/li>\n<li><strong>Automation retention cron not cleared on deactivation.<\/strong> The <code>trustlens\/automation\/retention_cleanup<\/code> event survived <code>Deactivate<\/code>, leaving an orphan WP-Cron entry. Now cleared alongside the other scheduled events.<\/li>\n<li><strong>Duplicate score-save logic.<\/strong> <code>process_score_calculation()<\/code> and <code>TrustLens_Score_Calculator::recalculate_score()<\/code> each contained their own copy of the save-and-fire(<code>score_updated<\/code> \/ <code>segment_changed<\/code>) flow. The Action Scheduler callback now delegates to the calculator method so the two paths can't drift.<\/li>\n<li><strong>Redundant order re-fetches.<\/strong> <code>class-module-orders<\/code> and <code>class-module-shipping-anomalies<\/code> registered <code>woocommerce_order_status_completed<\/code> with 1 arg and immediately called <code>wc_get_order()<\/code> on the order ID. Hooks now register with 2 args and use the <code>WC_Order<\/code> instance WooCommerce passes \u2014 with a defensive fallback for third-party callers firing the hook with one argument.<\/li>\n<li><strong>Card-testing defense bypass via client fingerprint rotation.<\/strong> Bots that rotated their JavaScript-side fingerprint per request avoided the per-fingerprint velocity threshold (each rotated hash had count 1, never tripping the limit). Declines are now also recorded under the server-fallback fingerprint (IP + User-Agent + Accept-Language) \u2014 which stays stable across client-hash rotation \u2014 so the velocity detector accumulates and targets even rotating attackers. Lockdown checks test both hashes on every request, so an attacker who got the server hash targeted on attempt 3 stays blocked even if they rotate the client hash on attempt 4.<\/li>\n<li><strong>Panic Freeze duration ceiling.<\/strong> The duration the panic-freeze AJAX accepted from the admin form was clamped to 3600s (1 hour). An admin mis-entering the value could accidentally block checkout for an hour. The server-side ceiling is now 30 minutes by default, filterable via <code>trustlens\/card_testing\/panic_max_duration<\/code> for sites that genuinely need longer.<\/li>\n<li><strong>Cron reconciliation on every page load.<\/strong> <code>ensure_notification_schedules()<\/code> was hooked to <code>init<\/code> and ran on every frontend request, writing to <code>wp_options<\/code> on stores with notifications disabled. The reconciliation now self-throttles to once per hour, with explicit invalidation on notification-setting changes so toggles still take effect immediately.<\/li>\n<li><strong>Automation <code>customer_age_days<\/code> \/ <code>days_since_last_order<\/code> timezone drift.<\/strong> Conditions mixed local-time (<code>current_time('timestamp')<\/code>) with UTC-stored MySQL timestamps, producing up to \u00b114 hours of drift on non-UTC sites \u2014 enough to push a daily-granularity condition off by a full day. Both sides now anchor to UTC.<\/li>\n<li><strong>Webhook endpoints option marked <code>autoload=no<\/code>.<\/strong> The endpoint config (which contains plaintext HMAC signing secrets) was autoloaded on every request. It's now loaded only when a webhook actually needs to fire.<\/li>\n<li><strong>Card-Testing Defense not actually enabled by default.<\/strong> The readme advertised \"ships enabled with sensible thresholds\" but the activation flow never set the <code>trustlens_module_card_testing_enabled<\/code> option, so the module sat dormant until merchants found the toggle in Settings. New installs now enable card-testing defense and the VIP customer bypass automatically, matching the documented promise. Existing sites keep whatever value they already have \u2014 no surprise behavior changes.<\/li>\n<li><strong>Welcome email never sent on default-off installs.<\/strong> The 24-hour-post-activation welcome summary was gated behind the master <code>trustlens_enable_notifications<\/code> switch, which ships disabled. The handler silently returned and the carefully-built welcome email was dropped on every fresh install. The welcome email is now gated only by its own <code>trustlens_notify_welcome_summary<\/code> opt-out (which already defaults to on), so the onboarding email actually fires.<\/li>\n<li><strong>Plugin row \"Dashboard\" \/ \"Settings\" shortcuts.<\/strong> The Plugins screen now surfaces direct links to the TrustLens dashboard and Settings page in the plugin row, matching standard WordPress plugin UX.<\/li>\n<li><strong>Dashboard onboarding card now signals active protection.<\/strong> When a fresh install lands on the empty dashboard, a small pill next to the onboarding steps confirms that the detection modules are already scoring incoming orders, so merchants know protection is live and not deferred until they finish setup.<\/li>\n<\/ul>\n\n<p><strong>Changed (potentially breaking for existing webhook receivers)<\/strong><\/p>\n\n<ul>\n<li><strong>Webhook signature scheme v2.<\/strong> Outgoing webhook signatures now cover <code>timestamp + '.' + body<\/code> instead of <code>body<\/code> alone, and a new <code>X-TrustLens-Timestamp<\/code> header carries the Unix epoch. This lets receivers reject replayed deliveries by checking the timestamp falls within a short window (recommended: \u00b15 minutes). Verification on the receiver side: compute <code>'sha256=' + hmac_sha256(timestamp + '.' + body, secret)<\/code> and constant-time-compare against <code>X-TrustLens-Signature<\/code>. If you have an existing webhook receiver, update its verification code before upgrading.<\/li>\n<\/ul>\n\n<p><strong>Internal<\/strong><\/p>\n\n<ul>\n<li>Centralized client-IP retrieval in <code>wstl_get_client_ip()<\/code> so future fraud modules don't have to re-solve the spoofable-header problem.<\/li>\n<li>Centralized webhook signature computation in <code>TrustLens_Webhooks::compute_signature()<\/code> so the three send sites (settings test, classic webhooks, automation webhooks) can't drift apart.<\/li>\n<li>Defensive: replaced <code>ActionScheduler_Store::STATUS_PENDING<\/code> constant reference with the literal <code>'pending'<\/code> in <code>wstl_queue_score_update()<\/code> so the function survives unusual AS bootstrap orderings.<\/li>\n<\/ul>\n\n<h4>1.2.2<\/h4>\n\n<p><strong>Automation Rules \u2014 reliability rewrite + major capability expansion.<\/strong> Plus Card-Testing Defense admin UX consolidation.<\/p>\n\n<p><strong>Automation<\/strong><\/p>\n\n<ul>\n<li><strong>Added triggers:<\/strong> Chargeback Filed \u00b7 Dispute Recorded \u00b7 Linked Accounts Detected \u00b7 Card Testing Attack \u00b7 Shipping Anomaly.<\/li>\n<li><strong>Added condition fields:<\/strong> Total Order Value \u00b7 Total Disputes \u00b7 Linked Accounts \u00b7 Coupon Then Refund \u00b7 Cancelled Orders \u00b7 Customer Type \u00b7 Is Blocked \u00b7 Customer Age \u00b7 Days Since Last Order \u00b7 Payment Method \u00b7 Shipping Country \u00b7 Billing Country \u00b7 Country Mismatch \u00b7 Coupon Total.<\/li>\n<li><strong>Added actions:<\/strong> Allowlist Customer \u00b7 Cancel Order.<\/li>\n<li><strong>Added:<\/strong> Save-time validator blocks rules that can never fire \u2014 unsatisfiable conditions, schema-bound violations, trigger-state contradictions, invalid operators for the field type, incomplete actions \u2014 each with a specific inline reason.<\/li>\n<li><strong>Added:<\/strong> Inspector shows <code>SKIP<\/code> status on evaluations that didn't execute, with the reason (\"Cooldown active\" \/ \"Condition not met: trust_score &gt; 50\"). Directly answers \"why didn't my rule fire?\".<\/li>\n<li><strong>Changed:<\/strong> Webhooks now dispatch async with automatic retry (60s\/120s\/240s backoff) and are HMAC-SHA256 signed by default.<\/li>\n<li><strong>Changed:<\/strong> Rule editor no longer full-page-reloads on save or delete; errors appear inline inside the modal.<\/li>\n<li><strong>Fixed:<\/strong> Concurrent rule saves were last-write-wins \u2014 now serialized via advisory lock.<\/li>\n<li><strong>Fixed:<\/strong> A failed action locked the rule out for an hour via cooldown \u2014 now clears on error so the next event retries.<\/li>\n<li><strong>Fixed:<\/strong> Rules with an unknown condition field silently matched everything (catastrophic for <code>block_customer<\/code> rules). Now rejected.<\/li>\n<li><strong>Fixed:<\/strong> Timezone drift between log timestamps and inspector counters when MySQL server TZ \u2260 site TZ.<\/li>\n<li><strong>Fixed:<\/strong> Operators <code>&lt;<\/code>, <code>&lt;=<\/code>, <code>&lt;&gt;<\/code> couldn't save at all.<\/li>\n<li><strong>Fixed:<\/strong> \"Send Email\" action ignored the recipient field; now honors it as a per-rule override (falls back to site notification email when blank).<\/li>\n<li><strong>Fixed:<\/strong> \"Refund Processed\" trigger silently dropped order context \u2014 order-only actions\/conditions never fired on refunds.<\/li>\n<\/ul>\n\n<p><strong>Admin UX \u2014 Card-Testing Defense + Dashboard<\/strong><\/p>\n\n<ul>\n<li><strong>Changed:<\/strong> Card-Testing Defense page consolidated from four tabs into a single live view \u2014 panic controls, live state, and targeted fingerprints visible without clicking.<\/li>\n<li><strong>Added:<\/strong> Dashboard alert band for active Panic Freeze, targeted lockdowns, and card-network programs over chargeback threshold.<\/li>\n<li><strong>Added:<\/strong> Module-status pill row on the dashboard (on\/off + one stat for each subsystem).<\/li>\n<li><strong>Added:<\/strong> Persistent plugin-wide admin header with unified nav, live status pill, notifications bell, and \u2318K command palette.<\/li>\n<li><strong>Fixed:<\/strong> Unchecking \"Enable Card-Testing Defense\" or \"VIP bypass\" didn't save (Settings API checkbox quirk).<\/li>\n<li><strong>Fixed:<\/strong> Slack webhook delivery failures are now logged instead of swallowed.<\/li>\n<li><strong>Fixed:<\/strong> Uninstall clears card-testing options and cron hooks; deactivation unschedules card-testing crons.<\/li>\n<li><strong>Fixed:<\/strong> Card-testing attacks with an identifiable customer email now fire <code>trustlens\/checkout_blocked<\/code> (once per newly-targeted fingerprint) so Notifications \/ Automation \/ Webhooks can react.<\/li>\n<\/ul>\n\n<p>Safe additive upgrade \u2014 new composite index added idempotently, no data migration.<\/p>\n\n<h4>1.5.0<\/h4>\n\n<p><strong>Card-Testing Defense \u2014 Pro tier<\/strong><\/p>\n\n<ul>\n<li><strong>Added (Pro):<\/strong> Auto-escalation from targeted blocking to global panic freeze when an attack spreads across multiple device fingerprints. Default threshold: 3 distinct devices in a 10-minute window.<\/li>\n<li><strong>Added (Pro):<\/strong> Geographic-diversity safeguard. Before auto-escalating, checks whether the decline burst is naturally distributed across \u226510 countries with no single country holding &gt;50% \u2014 if so, treats as a legitimate flash-sale or viral-moment burst and holds off.<\/li>\n<li><strong>Added (Pro):<\/strong> Fingerprint and IP CIDR allowlists. Devices or IP ranges on the allowlist bypass the card-testing defense entirely \u2014 for QA, integration partners, or known-good traffic. Both IPv4 and IPv6 CIDR ranges supported.<\/li>\n<li><strong>Added (Pro):<\/strong> Advanced fingerprint signal \u2014 enumerates 12 common fonts via baseline-width comparison and adds the detected-fonts list to the fingerprint hash. Harder for botnets to spoof consistently across nodes than canvas + screen alone. Opt-in via script tag data attribute (only injected when Pro is licensed AND card-testing is enabled).<\/li>\n<li><strong>Added (Pro):<\/strong> Per-fingerprint threshold overrides. Tighter or looser thresholds for specific known devices.<\/li>\n<li><strong>Added (Pro):<\/strong> Attack History tab \u2014 24h decline count, decline-code breakdown, top-10 attacking fingerprints, hourly timeline chart (Chart.js). CSV export of all velocity events in the window.<\/li>\n<li><strong>Added (Pro):<\/strong> Slack and email alert dispatcher \u2014 subscribes to <code>attack_detected<\/code>, <code>auto_escalated<\/code>, and <code>panic_button_activated<\/code> events. Configure a Slack webhook and\/or email address to receive attack notifications.<\/li>\n<li><strong>Added (Pro):<\/strong> Documented stable contract on the <code>trustlens\/panic_button_activated<\/code> action \u2014 Pro integrators can rely on the signature and timing.<\/li>\n<li>Free tier behavior unchanged.<\/li>\n<\/ul>\n\n<h4>1.4.0<\/h4>\n\n<p><strong>Card-Testing Defense (Free) \u2014 blocks stolen-card attack traffic before it reaches the payment gateway<\/strong><\/p>\n\n<ul>\n<li><strong>Added (Free):<\/strong> Real-time card-testing detection. Watches per-device decline rates in 60-second and 10-minute rolling windows. A device that crosses the decline threshold is blocked from checkout for 90 seconds. No merchant configuration required \u2014 sensible defaults ship enabled.<\/li>\n<li><strong>Added (Free):<\/strong> Panic Freeze button on the new TrustLens \u2192 Card-Testing Defense admin page. One click blocks ALL checkouts for 15 minutes (configurable 5m\/30m\/1h). Use during active attacks your thresholds haven't caught.<\/li>\n<li><strong>Added (Free):<\/strong> VIP Customer Bypass (enabled by default). Customers with at least one successful past order are never blocked by card-testing velocity \u2014 attacks can't disrupt legitimate repeat buyers.<\/li>\n<li><strong>Added (Free):<\/strong> Negative trust-score signal for customers linked to device fingerprints involved in past attacks \u2014 keeps bad actors scored correctly even after the 90-second targeted block expires.<\/li>\n<li><strong>Added (Free):<\/strong> <code>during_attack_window<\/code> event logged on orders completed while an attack is active \u2014 audit trail of which successful orders slipped through.<\/li>\n<li><strong>Added (Free):<\/strong> Dashboard widget shows current defense state (IDLE \/ TARGETED \/ PANIC) and 24-hour decline count at a glance.<\/li>\n<li><strong>Added (Free):<\/strong> Daily retention cron keeps the velocity-events table trimmed to the configured window (default 48h, configurable 24\u2013168h).<\/li>\n<li><strong>Note on velocity systems:<\/strong> This feature's \"velocity\" is keyed on <em>device fingerprint<\/em> and measures <em>gateway declines<\/em> \u2014 unrelated to the existing Payment-Method Controls velocity (email-keyed, completed-order-count-based) and Shipping Anomalies velocity (email-keyed, distinct-address-count-based). Three independent systems, three different threats, three different responses.<\/li>\n<li><strong>Coming in 1.5 (Pro):<\/strong> Auto-escalation to global freeze, geographic-diversity flash-sale safeguard, fingerprint allowlists, attack-history analytics, Slack \/ email alerts.<\/li>\n<\/ul>\n\n<h4>1.3.0<\/h4>\n\n<p><strong>Request-gate infrastructure \u2014 card-testing defense foundation<\/strong><\/p>\n\n<ul>\n<li><strong>Added (Free):<\/strong> Internal <code>TrustLens_Request_Gate<\/code> primitive intercepts Classic checkout <em>and<\/em> Blocks \/ Store API checkout through a single rule-registration surface. Fraud modules register rules; the gate dispatches them pre-gateway.<\/li>\n<li><strong>Added (Free):<\/strong> Browser fingerprint collection on checkout and cart pages \u2014 pseudonymous SHA-256 hash of canvas + screen + timezone + language + platform + WebGL signals. Raw signals never leave the browser. Server-side fallback hash when JS is disabled. Schema migration adds 5 new columns to <code>wp_trustlens_fingerprints<\/code> (fp_source, decline_count_24h, taint_flag, taint_reason, tainted_at).<\/li>\n<li><strong>Improved (Free):<\/strong> Email blocklist (customers marked blocked in the admin) now takes effect on Blocks checkout in addition to Classic \u2014 existing behavior of the <code>Checkout_Blocker<\/code> class, now dispatched through the gate instead of its own hooks.<\/li>\n<li><strong>Dev note:<\/strong> This is an infrastructure release. The card-testing detection engine (velocity windows, lockdown state machine, panic button, admin UI) ships in 1.4.0 and builds on this foundation.<\/li>\n<li><strong>Dev note:<\/strong> PHPUnit test suite scaffolding added (<code>composer.json<\/code>, <code>phpunit.xml.dist<\/code>, <code>tests\/<\/code>). Not shipped in distribution zips.<\/li>\n<\/ul>\n\n<h4>1.2.1<\/h4>\n\n<p><strong>Chargeback Ratio Monitor \u2014 new feature<\/strong><\/p>\n\n<ul>\n<li><strong>Added (Free):<\/strong> Dashboard Chargeback Ratio speedometer \u2014 blended calendar-month ratio with a <strong>Healthy \/ Approaching threshold \/ Action needed<\/strong> status so you can see store health at a glance.<\/li>\n<li><strong>Added (Free):<\/strong> Chargeback tracking moved from Pro to Free \u2014 automatic dispute ingestion from Stripe and WooPayments, per-customer dispute counters, and chargeback impact on trust scores now ship in every build.<\/li>\n<li><strong>Added (Free):<\/strong> Manual chargeback entry form on the order edit page for gateways that don't push dispute webhooks to WooCommerce (PayPal, Square, offline).<\/li>\n<li><strong>Added (Free):<\/strong> Automatic card brand capture on Stripe and WooPayments paid orders. Historical Sync also captures card brand, so one sync run populates both trust profiles and chargeback-ratio data.<\/li>\n<li><strong>Added (Pro):<\/strong> Dedicated <strong>TrustLens \u2192 Chargeback Monitor<\/strong> page \u2014 per-brand ratio breakdown (Visa VDMP\/VFMP, Mastercard ECP, Amex, Discover) with threshold progress bars, 12-month trend chart, recent disputes activity feed, top-disputed customers with one-click Evidence Report, store-wide dispute outcomes summary, and inline alert-threshold control.<\/li>\n<li><strong>Added (Pro):<\/strong> Daily email alert when any card brand reaches a configurable percent (default 70%) of its network threshold. Deduplicated per brand per calendar month \u2014 one email per brand, no spam.<\/li>\n<li><strong>Added (Pro):<\/strong> Trailing-30-day ratio window alongside the Free calendar-month view, plus a customizable warn-threshold percent (50\u2013100%).<\/li>\n<li><strong>Added (Pro):<\/strong> Auto-block after N lost disputes is now actually enforced. The setting has existed since 1.2.0 but had no runtime effect until this release.<\/li>\n<\/ul>\n\n<p><strong>Fixes &amp; improvements<\/strong><\/p>\n\n<ul>\n<li><strong>Fixed:<\/strong> Bulk customer actions (block, unblock, allowlist, remove-allowlist, recalculate, delete) failed with a fatal error due to a broken dispatch call to a non-existent <code>TrustLens_Bulk_Operations::instance()-&gt;execute()<\/code> method. The AJAX handler now dispatches directly to the correct static methods with a whitelisted action set.<\/li>\n<li><strong>Improved:<\/strong> Chargeback Monitor ratio and trend queries are now transient-cached (15 min \/ 1 hour TTL) with automatic invalidation on new disputes or brand-backfill runs, so the dashboard doesn't re-query order meta on every page load.<\/li>\n<\/ul>\n\n<h4>1.2.0<\/h4>\n\n<ul>\n<li><strong>Added:<\/strong> Shipping Address Anomalies detection module \u2014 detects address hopping, billing\/shipping country mismatches, and address change velocity.<\/li>\n<li><strong>Added:<\/strong> Address diversity ratio scoring \u2014 penalizes customers who ship to many different addresses relative to order count.<\/li>\n<li><strong>Added:<\/strong> Billing\/shipping country mismatch detection \u2014 flags cross-border shipping patterns.<\/li>\n<li><strong>Added:<\/strong> Address change velocity signal \u2014 detects rapid address changes within a configurable time window.<\/li>\n<li><strong>Added:<\/strong> Pro address diversity trend analysis \u2014 detects sudden behavioral shifts in shipping address patterns.<\/li>\n<li><strong>Added:<\/strong> Pro enhanced country mismatch severity \u2014 deeper pattern analysis for reshipping fraud detection.<\/li>\n<li><strong>Added:<\/strong> Historical backfill for country codes on existing address fingerprints.<\/li>\n<li><strong>Added:<\/strong> Configurable velocity window setting (7-90 days, default 30) in Settings &gt; Modules.<\/li>\n<li><strong>Added:<\/strong> Customer Detail Analyst Grid \u2014 redesigned customer profile with trust score gauge, signal impact bars, return rate trend chart, activity feed, linked accounts, and collapsible admin notes.<\/li>\n<li><strong>Added:<\/strong> Weekly return rate trend data with 1-hour transient cache for the customer profile chart.<\/li>\n<li><strong>Fixed:<\/strong> ActionScheduler runaway loop on the email-hash backfill \u2014 scheduling is now idempotent and race-free via replace-semantics, backfill batches are try\/catch isolated, and failing orders are tagged with a sentinel so one bad row can't block the backfill forever. Removed the <code>admin_init<\/code> scheduler that caused unbounded fan-out on sites with heartbeat traffic.<\/li>\n<li><strong>Fixed:<\/strong> Shipping anomalies country-code backfill silent-skip loop \u2014 unresolvable rows now get a sentinel value so they drop out of the <code>NULL<\/code> result set, and the batch runner terminates cleanly on all failure modes.<\/li>\n<li><strong>Fixed:<\/strong> Historical sync no longer hangs in \"running\" state when a single malformed order throws \u2014 transitions to a terminal \"failed\" state so the user can retry from the UI.<\/li>\n<li><strong>Fixed:<\/strong> Hash column migration was skipped on sites whose stored DB version already matched the current version.<\/li>\n<li><strong>Fixed:<\/strong> Reset data now succeeds on free installs that don't have Pro-only tables.<\/li>\n<li><strong>Fixed:<\/strong> Customer lookup now accepts legacy 32-char MD5 hashes alongside the current SHA-256 format for backward compatibility.<\/li>\n<li><strong>Fixed:<\/strong> Customer detail page <code>first_order_date<\/code> null guard prevents a PHP notice on customers whose first order date isn't set.<\/li>\n<\/ul>\n\n<h4>1.1.8<\/h4>\n\n<ul>\n<li><strong>Fixed:<\/strong> Prevented excessive ActionScheduler task accumulation \u2014 order meta saves no longer trigger unnecessary WooCommerce analytics reimports.<\/li>\n<li><strong>Added:<\/strong> Daily cleanup of completed ActionScheduler actions older than 7 days to keep the database lean.<\/li>\n<li><strong>Updated:<\/strong> Freemius SDK.<\/li>\n<\/ul>\n\n<h4>1.1.7<\/h4>\n\n<ul>\n<li><strong>Added:<\/strong> Pro one-click Dispute Evidence Report \u2014 generate a professional, print-ready behavioral risk report for payment processor dispute responses.<\/li>\n<li><strong>Added:<\/strong> \"Dispute Report\" button on the customer profile page and order metabox for instant report generation.<\/li>\n<li><strong>Added:<\/strong> Report includes trust score, risk signals, order history, return analysis vs store average, linked accounts, and full event timeline.<\/li>\n<li><strong>Added:<\/strong> Extensible action hooks <code>trustlens\/customer_profile_actions<\/code> and <code>trustlens\/order_metabox_actions<\/code> for Pro feature buttons.<\/li>\n<\/ul>\n\n<h4>1.1.6<\/h4>\n\n<ul>\n<li><strong>Added:<\/strong> Color-coded trust segment badge column on the WooCommerce orders list \u2014 see customer risk at a glance while processing orders.<\/li>\n<li><strong>Added:<\/strong> Segment filter dropdown on the orders list \u2014 filter orders by Critical, Risk, Caution, Normal, Trusted, or VIP segment.<\/li>\n<li><strong>Added:<\/strong> Sortable trust column \u2014 click the column header to sort orders by segment severity (Critical first).<\/li>\n<li><strong>Added:<\/strong> Trust badge links directly to the TrustLens customer profile for one-click access to full behavioral history.<\/li>\n<li><strong>Added:<\/strong> Automatic <code>_trustlens_email_hash<\/code> order meta storage with background backfill for existing orders via Action Scheduler.<\/li>\n<li><strong>Improved:<\/strong> Unscored customers display a \"New\" badge; safe segments (Normal, Trusted, VIP) use muted styling to draw attention to risky orders.<\/li>\n<\/ul>\n\n<h4>1.1.5<\/h4>\n\n<ul>\n<li><strong>Added:<\/strong> Shared TrustLens mail sender with recipient validation, structured error capture, and rolling email delivery logs.<\/li>\n<li><strong>Added:<\/strong> Keyed HMAC-SHA256 hashing for customer identifiers and linked-account fingerprints.<\/li>\n<li><strong>Changed:<\/strong> Refreshed the WordPress.org plugin title, description, FAQs, and search-focused copy for clearer positioning around customer risk, abuse detection, disputes, and chargebacks.<\/li>\n<li><strong>Changed:<\/strong> Split the admin controller into focused pages, settings, notices, and AJAX service classes for cleaner maintenance.<\/li>\n<li><strong>Fixed:<\/strong> Welcome summary is now marked sent only after successful delivery and can retry after transient mail failures.<\/li>\n<li><strong>Fixed:<\/strong> Test notification now uses the same delivery path as real emails and surfaces detailed mailer errors when available.<\/li>\n<li><strong>Fixed:<\/strong> Scheduled reports now honor weekly\/monthly recipient settings, support comma-separated recipient lists, run at the configured due time, and include a working manual \"Send Now\" path.<\/li>\n<li><strong>Fixed:<\/strong> Stored scheduled reports now track real per-recipient delivery results, retry failed sends, and avoid false-positive \"sent\" logs.<\/li>\n<li><strong>Fixed:<\/strong> Privacy export and erasure now include signals, linked-account fingerprints, category stats, and automation logs.<\/li>\n<li><strong>Fixed:<\/strong> Automation actions now write canonical action IDs and analytics\/ROI reporting now read the correct action names.<\/li>\n<li><strong>Fixed:<\/strong> Customer blocking now logs <code>customer_blocked<\/code> events consistently so reports and event-based metrics stay accurate.<\/li>\n<li><strong>Fixed:<\/strong> Customer state changes now use consistent canonical events and webhook wiring for blocked, unblocked, and allowlisted flows.<\/li>\n<li><strong>Improved:<\/strong> Notification and report cron hooks are now reconciled during runtime, cleared when disabled, and cleaned up correctly on uninstall.<\/li>\n<li><strong>Improved:<\/strong> Reset and customer delete flows now clear all related operational data, logs, and derived records consistently.<\/li>\n<li><strong>Removed:<\/strong> TrustLens-specific auto-update notice and one-click auto-update toggle so plugin updates are managed only through standard WordPress controls.<\/li>\n<li><strong>Removed:<\/strong> Remaining active <code>md5()<\/code> usage from plugin code, replacing it with SHA-256 for internal dedupe keys.<\/li>\n<\/ul>\n\n<h4>1.1.4<\/h4>\n\n<ul>\n<li><strong>Added:<\/strong> Dashboard chart cards now show polished empty-state UI for Trust Score Trends, Refund Activity, Activity by Hour, and Protection Trend when data is unavailable.<\/li>\n<li><strong>Fixed:<\/strong> Historical Sync completion summary now reports the actual profiled customer count from the TrustLens customer table.<\/li>\n<li><strong>Fixed:<\/strong> Dashboard health attention messaging now aligns with actual risk-customer counts.<\/li>\n<li><strong>Improved:<\/strong> Historical Sync backfill now reconstructs historical events with original timestamps and keeps rebuilds idempotent.<\/li>\n<li><strong>Docs:<\/strong> Deployment guide now documents only Freemius ZIP based WordPress.org deploy flow.<\/li>\n<\/ul>\n\n<h4>1.1.3<\/h4>\n\n<ul>\n<li><strong>Added:<\/strong> Historical Sync now backfills coupon behavior metrics (<code>total_coupons_used<\/code>, <code>first_order_coupons<\/code>, <code>coupon_then_refund<\/code>) from older WooCommerce orders.<\/li>\n<li><strong>Added:<\/strong> Historical Sync now rebuilds category aggregates and linked-account fingerprints from historical orders for more accurate scoring inputs.<\/li>\n<li><strong>Added:<\/strong> Historical Sync now reconstructs historical timeline events (orders, refunds, coupon events) using original order\/refund timestamps.<\/li>\n<li><strong>Improved:<\/strong> Sync backfill paths are re-sync safe and remove previously generated synthetic sync events before rebuilding.<\/li>\n<\/ul>\n\n<h4>1.1.2<\/h4>\n\n<ul>\n<li><strong>Fixed:<\/strong> Historical Sync now safely handles WooCommerce refund objects and no longer fails with <code>OrderRefund::get_billing_email()<\/code> errors.<\/li>\n<li><strong>Fixed:<\/strong> Empty dashboard sync flow now always shows the correct progress UI when sync starts.<\/li>\n<li><strong>Improved:<\/strong> Sync batch AJAX failures now recover UI state instead of leaving controls hidden.<\/li>\n<li><strong>Added:<\/strong> Reliable activation redirect to TrustLens dashboard after plugin activation.<\/li>\n<\/ul>\n\n<h4>1.1.1<\/h4>\n\n<ul>\n<li><strong>Fixed:<\/strong> Historical Sync now surfaces precise server error messages instead of generic AJAX failures.<\/li>\n<li><strong>Fixed:<\/strong> Optimized sync startup order counting to avoid loading all order IDs in memory.<\/li>\n<li><strong>Fixed:<\/strong> Corrected sync customer totals to count only newly inserted customers across batches.<\/li>\n<li><strong>Improved:<\/strong> Refactored duplicated batch-processing logic into a shared internal helper for consistency.<\/li>\n<li><strong>Improved:<\/strong> Removed unused sync polling code path and dead AJAX endpoint, and hardened Action Scheduler fallbacks.<\/li>\n<li><strong>Fixed:<\/strong> Ensured WordPress pointer assets are enqueued on TrustLens admin pages to prevent Freemius pointer JS errors.<\/li>\n<\/ul>\n\n<h4>1.1.0<\/h4>\n\n<ul>\n<li><strong>Added:<\/strong> New dedicated <strong>Payment Controls<\/strong> settings tab.<\/li>\n<li><strong>Added:<\/strong> Pro <strong>Payment Method Risk Controls<\/strong> to hide selected gateways for risky segments at checkout.<\/li>\n<li><strong>Added:<\/strong> Pro <strong>Velocity Protection<\/strong> for temporary gateway restrictions during high order-attempt spikes.<\/li>\n<li><strong>Added:<\/strong> Pro <strong>Linked Account Protection<\/strong> using linked-account fingerprints (address, phone, IP, device) for real-time gateway restriction decisions.<\/li>\n<li><strong>Improved:<\/strong> Restriction event logging now includes trigger reasons and linked-account risk context for auditability.<\/li>\n<\/ul>\n\n<h4>1.0.6<\/h4>\n\n<ul>\n<li><strong>Added:<\/strong> Redesigned Pro upsell experience with polished value panels, comparison rows, and improved CTAs across Automation, Notifications, Webhooks, Reports, and Chargebacks.<\/li>\n<li><strong>Improved:<\/strong> Unified upsell rendering via a shared component for more consistent styling and messaging.<\/li>\n<li><strong>Improved:<\/strong> Dashboard empty state now always shows the Historical Sync action (with clearer guidance when no eligible historical orders exist).<\/li>\n<li><strong>Fixed:<\/strong> Removed obsolete locked-notification upsell styles and redundant upsell markup paths.<\/li>\n<\/ul>\n\n<h4>1.0.5<\/h4>\n\n<ul>\n<li>UI Improvements.<\/li>\n<\/ul>\n\n<h4>1.0.4<\/h4>\n\n<ul>\n<li><strong>Added:<\/strong> Automation is now a dedicated menu (TrustLens \u2192 Automation) with its own page and dashboard-style layout.<\/li>\n<li><strong>Added:<\/strong> Chargebacks (Pro) settings tab: enable\/disable module and \"Auto-block after N lost disputes\" with proper save.<\/li>\n<li><strong>Added:<\/strong> Test notification: 15-second timeout and clear message when mail\/SMTP is not configured.<\/li>\n<li><strong>Changed:<\/strong> Automation removed from Settings tab; old Automation tab URL redirects to the new Automation page.<\/li>\n<li><strong>Changed:<\/strong> Modal styling (card look, accent bar, overlay blur, improved header\/body\/footer and close button).<\/li>\n<li><strong>Changed:<\/strong> Global \"Enable Notifications\" now applies to all notifications (Standard and Pro).<\/li>\n<li><strong>Changed:<\/strong> Pro notifications list refactored to a single source of truth (no duplicate markup).<\/li>\n<li><strong>Fixed:<\/strong> API tab no longer shows the stored key hash when a key exists; placeholder and copy instructions shown instead.<\/li>\n<li><strong>Fixed:<\/strong> API documentation: endpoints table matches implementation (lookup, update customer, events, recalculate, stats\/segments); example response corrected.<\/li>\n<li><strong>Fixed:<\/strong> At that time, REST API routes for customer events and recalculate used the then-current 32-character email hash format.<\/li>\n<li><strong>Fixed:<\/strong> Data tab: starting Historical Sync from Settings \u2192 Data now shows progress bar and updates correctly.<\/li>\n<li><strong>Fixed:<\/strong> Test notification no longer spins indefinitely when server mail is not configured.<\/li>\n<li><strong>Other:<\/strong> Redundancy cleanups on Automation, Data, and Notifications pages; Chart.js not loaded on Automation page.<\/li>\n<\/ul>\n\n<h4>1.0.3<\/h4>\n\n<ul>\n<li>Bug fixes<\/li>\n<\/ul>\n\n<h4>1.0.2<\/h4>\n\n<ul>\n<li>Dashboard and customer pages UI refinements (spacing, sizing, alignment, and visual polish).<\/li>\n<li>Improved color system with reusable segment variables and a primary plugin color token.<\/li>\n<li>Split admin styles into page-specific files for better maintainability and scoped loading.<\/li>\n<li>Test data generation now seeds higher trust scores in the 80-95 range.<\/li>\n<\/ul>\n\n<h4>1.0.1<\/h4>\n\n<ul>\n<li>Release packaging and deployment workflow updates (no functional changes).<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<p><strong>Core Engine<\/strong><\/p>\n\n<ul>\n<li>Trust score calculation engine with weighted signal aggregation (0-100 scale)<\/li>\n<li>6-tier customer segmentation: VIP, Trusted, Normal, Caution, Risk, Critical<\/li>\n<li>Account age loyalty bonus (up to +15 points for 1+ year accounts)<\/li>\n<li>Configurable minimum order threshold before segment classification<\/li>\n<li>Allowlist system with automatic score override to 100<\/li>\n<\/ul>\n\n<p><strong>Detection Modules<\/strong><\/p>\n\n<ul>\n<li>Return abuse detection \u2014 refund rate, refund value, and return frequency analysis<\/li>\n<li>Order pattern analysis \u2014 completion rates, cancellation tracking, order velocity<\/li>\n<li>Coupon abuse detection \u2014 first-order discount exploitation and coupon-then-refund patterns<\/li>\n<li>Category-aware scoring \u2014 per-category return rate tracking with weighted penalties<\/li>\n<li>Linked accounts detection \u2014 multi-account identification via address, phone, IP, payment, and device fingerprinting<\/li>\n<\/ul>\n\n<p><strong>Dashboard &amp; Analytics<\/strong><\/p>\n\n<ul>\n<li>9-section command center dashboard with store health score<\/li>\n<li>6 interactive Chart.js charts: trust trends, segment distribution, refund activity, hourly activity, category return rates, monthly protection trend<\/li>\n<li>KPI cards: total customers, average trust score, new high-risk, events (24h), total orders, return rate<\/li>\n<li>ROI scorecard with money protected, money at risk, protection rate, and actions taken<\/li>\n<li>Top returners table and high-risk customer attention list<\/li>\n<\/ul>\n\n<p><strong>Customer Management<\/strong><\/p>\n\n<ul>\n<li>Searchable customer list with segment, score, and return rate columns<\/li>\n<li>Customer detail page with full behavioral history and signal breakdown<\/li>\n<li>Manual block and unblock with checkout enforcement<\/li>\n<li>Allowlist management for VIP protection<\/li>\n<li>CSV export for full customer list<\/li>\n<li>JSON export for individual customer profiles<\/li>\n<\/ul>\n\n<p><strong>Integrations<\/strong><\/p>\n\n<ul>\n<li>WooCommerce order edit screen integration showing trust score<\/li>\n<li>REST API with 8 endpoints and API key authentication<\/li>\n<li>GDPR data export and erasure via WordPress privacy tools<\/li>\n<li>WooCommerce High-Performance Order Storage (HPOS) compatibility<\/li>\n<li>Action Scheduler for asynchronous score processing<\/li>\n<\/ul>\n\n<p><strong>Notifications<\/strong><\/p>\n\n<ul>\n<li>Blocked checkout email alert<\/li>\n<li>Welcome summary (24 hours after activation)<\/li>\n<li>Weekly protection summary report<\/li>\n<\/ul>\n\n<p><strong>Historical Sync<\/strong><\/p>\n\n<ul>\n<li>Background import of existing WooCommerce orders<\/li>\n<li>Progress tracking with start\/stop\/resume controls<\/li>\n<li>Batch processing without site performance impact<\/li>\n<\/ul>","raw_excerpt":"Customer trust scores for WooCommerce. Catch return abuse, coupon fraud, chargebacks, and card-testing attacks before they cost you.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ky.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/278911","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ky.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/ky.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/ky.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=278911"}],"author":[{"embeddable":true,"href":"https:\/\/ky.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/webstepper"}],"wp:attachment":[{"href":"https:\/\/ky.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=278911"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/ky.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=278911"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/ky.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=278911"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/ky.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=278911"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/ky.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=278911"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/ky.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=278911"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}