Smart COD Control & Fraud Blocker for WooCommerce

Fake COD orders are costing your store money every single day.

Returned shipments. Wasted delivery costs. Inventory tied up in transit. Smart COD Control stops fraud before the order is placed — not after the courier comes back empty-handed.

Built by The Plugin Forge — professional WooCommerce tools built for real stores.

What Makes This Different

Most fraud plugins react after the damage is done. This plugin acts at checkout — before a single penny is spent on shipping.

Blocks fraud at the source — COD option disappears for risky customers before they can place an order
OTP phone verification — Customers verify their phone via SMS before COD is accepted
Zero performance cost — Only active during checkout, invisible everywhere else
100% private — Everything stays in your database. No external tracking, no SaaS fees
Works with everything — Classic checkout, Block checkout, HPOS, multisite

Core Features

OTP Phone Verification (New in 1.2.0)

The most powerful COD fraud deterrent available. Customers must verify their phone number with a one-time code before placing a COD order. No verification, no order.

• Works with Twilio, Vonage (Nexmo), or any Custom Webhook
• 6-digit OTP with configurable expiry (default 10 min)
• 60-second resend cooldown — no SMS spam
• Configurable max attempts before lockout
• Verified phone is matched against billing phone at submission
• Works on both Classic and Block checkout

Geographic Controls

Allow or block COD by country, state, or postal code. Limit COD to delivery zones where your logistics can guarantee collection.

Order Value Rules

Set minimum and maximum cart totals for COD. Block high-value risk orders, enforce minimum thresholds, and reduce impulsive fake orders.

COD Handling Fee

Add a customizable surcharge to COD orders. A small friction cost dramatically reduces low-commitment fake placements.

Schedule Control

Restrict COD to specific days and hours. Statistically, late-night orders carry higher cancellation rates — block them automatically.

User Role Restrictions

Limit COD to verified accounts, specific WordPress roles, or customers with a minimum order history. Block guest checkout from COD entirely.

Product & Category Rules

Disable COD for specific products, variants, or entire categories. Essential for electronics, jewellery, and high-value goods.

Coupon Protection

Block COD when discount coupons are applied. Prevents customers from stacking promotions with unverified cash-on-delivery.

Weight-Based Controls

Set maximum cart weight for COD eligibility. Protect large, fragile, or expensive-to-return shipments.

Behavior Risk Scoring

Automatic trust scoring based on order history, cancellation rate, refunds, and account age. Low-score customers are blocked from COD silently.

Admin Approval Workflow

Hold suspicious COD orders for manual review. Approve or reject directly from your WooCommerce dashboard — no third-party tools needed.

Auto-Blacklist

Automatically block customers who exceed a threshold of failed deliveries or cancellations. One-time setup, permanent protection.

Manual Blacklist

One-click blocking of any email address or phone number. Instant effect across all future orders.

Fraud Logs

Every blocked attempt logged with full context — customer details, block reason, cart total, location, and timestamp. See exactly what’s being caught and why.

Fraud Heatmap

Visual analytics showing geographic concentrations of COD fraud attempts. Identify problem regions and tighten your rules.

Test Simulator

Validate your rules without placing a real order. Test any combination of location, cart value, and customer data before going live.

Quick Start

1. Go to WooCommerce → Smart COD Control
2. Enable the plugin and configure your cart value limits
3. Set up OTP Verification with your SMS provider
4. Add location or schedule rules as needed
5. Run the Test Simulator to validate
6. Go live — your store is protected

Built and maintained by The Plugin Forge — follow us for updates, tutorials, and new plugins.

Privacy & Data Collection

What is stored locally (blocked orders only):
Customer email, phone number, IP address, cart total, shipping location, block reason, and timestamp.

OTP Verification:
When enabled, the customer’s phone number is sent to your chosen SMS provider (Twilio, Vonage, or your webhook) to deliver the verification code. No data is shared with The Plugin Forge or any third party by this plugin.

Everything else:
* Stored in your WordPress database only
* No external servers or tracking
* No cookies or analytics collection

GDPR / CCPA: Include this plugin in your store’s privacy policy. Inform customers that phone numbers and emails may be logged for fraud prevention. Customers can request deletion — all data is permanently removed via uninstall.php.

Compatibility

• WordPress 5.8+ — Tested up to 6.9.4
• WooCommerce 5.0+ — Tested up to 10.6.1
• PHP 7.4+
• HPOS (High-Performance Order Storage) ✓
• WooCommerce Blocks Checkout ✓
• Classic Checkout ✓
• Multisite ✓
• No required external dependencies ✓