Fraudulent bot orders are more than just annoying — they trigger payment processor fees, eat staff review time, distort your analytics, and occasionally succeed, costing you real inventory and chargebacks.
WooCommerce reCAPTCHA Checkout adds two independent layers of Google reCAPTCHA to your checkout page simultaneously:
v2 (checkbox) asks the customer to tick “I’m not a robot” — simple, familiar, and effective.
v3 (invisible) silently scores every checkout attempt in the background. Requests below your threshold never reach WooCommerce.
Both layers must pass for an order to go through. Either failure blocks the submission and shows a clear error message to the customer.
Don’t have both key pairs yet? No problem. The plugin detects what’s configured and runs the strongest available mode automatically — v2 only, v3 only, or both.
A built-in key testing tool lets you verify your Google API credentials right from the Settings page — instant pass/fail feedback, no guesswork.
Free, no subscription, no upsell. Built by Web321 Marketing Ltd. in Saanichton, BC to WordPress coding standards.
Yes — completely free, no subscription, no licence key, and no hidden upsell. You only need a free Google reCAPTCHA key pair (or two). If the plugin saves you money on fraudulent orders, we’d love a small donation — but it’s entirely optional.
No. The plugin runs in v2-only, v3-only, or dual mode depending on which keys you’ve configured. Dual mode (both key pairs) gives the strongest protection. You can start with one pair and add the other at any time — the plugin detects the change automatically.
No meaningful impact. Google’s reCAPTCHA script loads only on the checkout page. The v3 token fetch adds a fraction of a second before the form submits — imperceptible to customers. The rest of your site is completely unaffected.
Google assigns each checkout request a score from 0.0 (very likely a bot) to 1.0 (very likely human). The default threshold is 0.5 — Google’s own recommended starting point. Raise it to be stricter, lower it if real customers are occasionally getting blocked. The settings panel shows a colour-coded guide.
The plugin hooks into the classic shortcode-based checkout ([woocommerce_checkout]). Full block checkout compatibility is on the roadmap. If your store uses the block checkout, contact Web321 to discuss a custom implementation.
Google reCAPTCHA sends interaction data to Google’s servers and may set cookies. You should disclose reCAPTCHA use in your privacy policy. For stricter requirements, use a cookie consent plugin that gates the reCAPTCHA script until the visitor grants consent.
They’ll see a friendly, customisable error message and can simply try placing the order again. If you’re seeing a pattern of false positives, lowering the v3 score threshold (e.g. from 0.5 to 0.3) almost always resolves it. WP_DEBUG mode logs the exact score for each attempt to help you tune the threshold.
