Sale!

Security for WooCommerce

From: $79.00 / year

$79.00 / year
Original price was: $158.00.Current price is: $126.40. every 2 years
Clear

Running a WooCommerce store means more than taking orders. You may also need to control where customers can buy from, restrict access to selected products, manage guest downloads, strengthen administrator login security, and reduce unnecessary exposure of WordPress files.

Security for WooCommerce brings practical access controls, download protection, security monitoring, and site-hardening tools into one WooCommerce-focused dashboard.

  • Restrict store, cart, checkout, product, and category access by country
  • Allow or block exact IPv4 and IPv6 addresses
  • Block individual products or restrict selected categories
  • Control guest download access with IP rules and protect selected Media Library files
  • Run manual scans and schedule daily scans for suspicious code indicators
  • Add two-factor authentication for administrator accounts and an extra login gate
  • Apply WordPress hardening options, including file permissions, directory listing, and version metadata controls
Security for WooCommerce is built for merchants who need more control over access to their store, products, checkout, downloadable content, and WordPress administration area.
Security for WooCommerce dashboard showing store access controls, malware scan status, download protection, and site hardening.

Built for common ecommerce security needs

Security for WooCommerce gives merchants practical tools for controlling unwanted access, limiting regional availability, protecting selected files, and strengthening administrator login security.

  • Sell only in approved countries or regions
  • Limit cart, checkout, product, or category access for blocked countries
  • Allow trusted IP addresses and block known unwanted IP addresses
  • Control guest access to WooCommerce download links
  • Protect selected Media Library files from direct access by logged-out visitors
  • Require authenticator-app codes for administrator accounts
  • Review suspicious file indicators through manual or scheduled scans
For broader store protection, Security for WooCommerce can work alongside Anti-Fraud for WooCommerce. Use Security for WooCommerce to control website access, protect selected files, and strengthen WordPress administration. Use Anti-Fraud for WooCommerce to assess checkout and order risk.

 

Is this extension right for you?

Security for WooCommerce focuses on website access, regional restrictions, protected downloads, administrator login security, file monitoring, and WordPress hardening.

If your primary concern is fraudulent orders, card testing, stolen payment methods, or suspicious checkout activity, Anti-Fraud for WooCommerce by OPMC is designed specifically for order and checkout risk. Merchants can use both extensions together because they address different parts of store security.

Need Security for WooCommerce Anti-Fraud for WooCommerce
Primary purpose Control website access and strengthen WordPress security Assess checkout and order risk
Country controls Restrict access to the store, products, categories, cart, or checkout Use order location as part of fraud analysis
IP address controls Allow or block exact visitor IP addresses Use IP information as part of order risk analysis
Block individual products Yes
Restrict product categories by country Yes
Guest download IP controls Yes
Protect selected Media Library files Yes
Suspicious file scanning Yes
Administrator two-factor authentication Yes
WordPress hardening Yes
Fraud scoring and order risk analysis Yes
Card testing protection Yes
Suspicious order alerts Yes

 

Need both website security and fraud prevention? Security for WooCommerce helps control who can access your website and adds practical WordPress hardening tools. Anti-Fraud for WooCommerce focuses on checkout activity, fraud scoring, and risky orders.

 

Control who can access your store

Use country and IP rules to reduce unwanted access and limit important parts of the buying journey.

Restrict access by country

Select countries whose visitors should be restricted, while keeping your configured store country available as a safeguard.

Depending on your settings, restrictions can apply across the storefront or to specific areas such as product pages, product categories, the cart, and checkout.

Country restriction settings for store access, products, cart, and checkout in Security for WooCommerce.

Restrict cart and checkout access

Prevent visitors from blocked countries from adding products to the cart or completing checkout.

This is useful when you do not sell, ship, or provide services in particular regions.

Setting to restrict cart and checkout access for visitors from blocked countries.

Block individual products or limit product pages by country

Mark an individual product as blocked when it should not be publicly available. Administrators and shop managers can still view blocked products while managing the store.

You can also prevent visitors from blocked countries from opening product pages when country-based product restrictions are enabled.

Product access restriction setting in Security for WooCommerce.

Restrict selected product categories

Choose WooCommerce product categories that visitors from blocked countries should not be able to browse.

This can help stores manage regional catalogs, licensing limitations, wholesale ranges, or products that are unavailable in particular locations.

Product category restriction settings for visitors from blocked countries.

Set daily access restrictions

Set a daily time window during which visitors from blocked countries cannot access the site. The schedule is evaluated using the visitor country timezone.

Customize the blocked visitor message

Replace the default blocked-access notice with a message that explains your store policy or tells visitors how to contact you.

Manage access with IP rules

Use exact IPv4 or IPv6 addresses to make exceptions for trusted visitors or block addresses associated with unwanted access.

Allow trusted IP addresses

Add known addresses for team members, agencies, offices, or trusted partners. The allow list takes priority over the block list.

Block known IP addresses

Add exact IP addresses that should not be able to access the storefront while Traffic protection is enabled.

IP allow list and block list settings in Security for WooCommerce.

Protect downloads and selected media files

Add access controls for WooCommerce guest download links and protect selected files from direct access.

Control guest download links by IP address

When WooCommerce does not require customers to log in before downloading, choose how guest download links should handle visitor IP addresses.

Available modes allow all guest download IPs, deny listed IPs, or allow only listed IPs. These rules apply to WooCommerce guest download links and do not replace WooCommerce customer permissions or order-based download controls.

Guest download IP access settings in Security for WooCommerce.
Choose how guest download links handle allowed and blocked IP addresses.

Protect selected Media Library files

Mark individual Media Library attachments as protected. The extension moves protected attachments into a dedicated uploads directory and adds rewrite rules intended to prevent logged-out visitors from opening supported file types directly.

Direct-access protection depends on the server honoring WordPress rewrite rules. Test protected files after enabling this feature.

Discourage search engine indexing

Add robots.txt signals for protected attachment pages and file paths so search engines are less likely to index them. These signals discourage indexing but cannot guarantee removal from every search engine.

Disable directory listing

Add a rule that prevents bare directory indexes when no index file exists. Availability depends on the store’s server configuration.

Monitor files for suspicious code indicators

Run signature-based scans from WordPress and review the results in the Security for WooCommerce dashboard.

Run a manual scan

Start a scan when you want to review site files for suspicious PHP patterns that may require investigation.

Suspicious file scan results in Security for WooCommerce.

Schedule daily scans

Enable background scans that run once per day through WordPress cron. Results appear in the Malware scan area for review.

The scanner reports suspicious indicators. It does not confirm that a file is malicious, remove infected files, or replace a host-level security service or web application firewall. Review findings before changing or deleting files.

Review security activity

Use the activity log to review recorded country restrictions, IP rule matches, product and category restrictions, guest download decisions, and other supported security events. Configure log retention based on your store’s needs.

Harden your WordPress installation

Apply additional protections to common WordPress files and public metadata.

Review and harden file permissions

View a report comparing key WordPress paths with recommended permissions. When file permission hardening is enabled and settings are saved, the extension attempts to apply the recommended permissions.

Many hosting environments prevent PHP from changing file permissions, so review the report and confirm the result with your host when needed.

Hide WordPress version metadata

Remove WordPress version metadata from feeds, scripts, and styles where supported. This reduces public version exposure but is not a substitute for keeping WordPress, WooCommerce, themes, and extensions updated.

Strengthen administrator login access

Add extra protection before or during administrator login.

Add two-factor authentication for administrators

Require users with administrator accounts to enter a time-based code from an authenticator app after entering their WordPress password.

Administrator two-factor authentication setting in Security for WooCommerce.

Add an extra login gate

Display a separate username and password gate at wp-login.php before the normal WordPress login form.

The gate credentials are separate from WordPress user accounts. Store them securely and confirm your recovery process before enabling the feature.

Common use cases

Sell only in selected countries

Restrict visitors from countries you do not serve and decide whether the restriction applies to the storefront, products, categories, cart, or checkout.

Manage regional product availability

Block individual products or hide selected product categories from visitors in restricted countries.

Control guest downloads

Use exact IP rules to allow or deny access to WooCommerce guest download links when login is not required.

Protect selected digital assets

Move selected Media Library attachments into the protected directory and discourage direct access and search indexing.

Strengthen administrator access

Add administrator 2FA and an optional gate before the normal WordPress login form.

Review basic WordPress security indicators

Use suspicious-code scans, activity logging, file permission reporting, directory listing controls, and version metadata removal from one dashboard.

Designed for stores that need more control

Security for WooCommerce can support:

  • Stores selling only within specific countries or regions
  • Stores with regional product or category restrictions
  • Digital product sellers using WooCommerce guest download links
  • Merchants who need exact IP allow and block lists
  • Store owners who want administrator 2FA and an extra login gate
  • Teams that want suspicious file scanning and activity logging inside WordPress
  • Agencies managing access controls and basic hardening for WooCommerce clients

Why choose Security for WooCommerce?

Security for WooCommerce combines WooCommerce-focused access rules with practical WordPress monitoring and hardening tools.

  • Restrict countries, exact IP addresses, products, categories, cart, and checkout
  • Control guest download access and protect selected Media Library files
  • Run manual scans and schedule daily suspicious-code scans
  • Review supported security events through an activity log
  • Add two-factor authentication for administrator accounts
  • Add an optional gate before the normal WordPress login form
  • Review file permissions and reduce common WordPress exposure points
  • Manage settings through a dedicated WooCommerce security dashboard
OPMC logo

Built by OPMC

OPMC has been building and supporting WooCommerce extensions since 2014. Our team works with real ecommerce stores across integrations, automation, checkout workflows, and store security.

Security for WooCommerce is actively maintained and supported to help merchants manage practical access controls and WordPress hardening from inside WooCommerce.

Get started with Security for WooCommerce

Control store access by country and IP address, manage regional product availability, protect guest downloads and selected media files, monitor suspicious code indicators, and strengthen administrator login security.

Add Security for WooCommerce to your store today.

Additional information

Billing option

1 Year, 2 Years

At Woocommerce.opmc.com.au, we want to ensure that you are 100% happy with your purchase.

  • If you have technical or sales queries, do not hesitate get in touch with us
  • If after you attempted to resolve issues with Support staff and feel the product(s) you purchased does/do not the best fit your requirements, we want to make things right.

Our policy offers a full refund within 30 days of your date of purchase. We’d love to know what went wrong and how we can improve, so please include details about the reason for your refund request if you reach out to us directly.

Woocommerce.opmc.com.au and our payment process submit the refund immediately and make every attempt to process the refund as quickly as possible. Your financial institution can take up to 20 days for the refund to reflect in your bank account/card.

Setup and Configuration

To set up your store with Security for WooCommerce:

  1. Go to: WooCommerce > Settings > Integration > Security for WooCommerce
  2. Enable Firewall On/Off button to activate the plugin.
  3. Your website IP address will be loaded automatically in the next tab.
  4. Select your location country in Your current location/country tab.


Allow/Block Customers from Multiple countries

To block and allow audience from multiple countries:

  1. Go to Blocked countries list tab.
  2. Click Select All to check all the countries, uncheck your country of origin and keep unchecking all other countries you want to allow, keeping Ctrl or ⌘ key pressed while selecting from the list of countries.
  3. Save changes by clicking Save changes button at the bottom of Security for WooCommerce settings.


To Allow Customers from One Country Only

If you are operating a business for only one country and want to allow audience from that specific country then:

  1. Go to Allow only traffic from this country tab.
  2. Select the country you want to allow audience for and save changes.


Whitelisting of IPs

To manually whitelist IP addresses;

  1. Navigate to Whitelist IPs tab.
  2. Add the IP address to whitelist. Press Tab, Enter or Comma ( , ) to add another IP address.


Blacklisting of IPs

To manually backlist IP addresses:

  1. Go to Blacklisted IPs tab.
  2. Enter IP address to add to the blacklist. Press Tab, Enter or Comma ( , ) to add another IP address.


Usage

When a visitor arrives from a country that the merchant is not offering business to, they will see the following message, "Sorry, your country is not permitted to visit this website."


Also, when customers come from allowed countries, on checkout they will be given option to ship products to only countries that merchant has authorised to offer service.



Troubleshooting

If you encounter any error enable Debug Log On/Off button and save changes. Feel free to contact us

  1. Download the .zip file
  2. Go toWordPress Admin > Plugins > Add New and Upload Plugin with the file you downloaded with Choose File.
  3. Install Now and Activate the extension.

Reviews

There are no reviews yet.

Only logged in customers who have purchased this product may leave a review.

Security for WooCommerce plugin thumbnail - a shield with the OPMPC "O" and fern inside
Security for WooCommerce
From: $79.00 / year