Rule: Blocklist match
Rule key: blocklist · Default weight: 1.0 · Tier: Lite
The Blocklist rule fires the moment any atom on the current order matches a row in wfg_blocklist. Atoms include email, IP, device fingerprint, phone, card BIN+last4, and username.
Per-atom weights
Each atom type contributes a different base score on match (capped at 100):
| Atom type | Base contribution |
|---|---|
| 100 | |
| Username | 100 |
| Device fingerprint | 90 |
| IP address | 80 |
| Phone | 60 |
| Card BIN+last4 | 50 |
Multiple matches stack until they hit the per-rule 100-point ceiling. An order matching both a blocklisted email and a blocklisted IP is functionally identical to one matching just the email (both score 100).
Auto-population
The blocklist grows in three ways:
- Manual — added by you via the Blocklist page.
- Chargeback webhooks — when a Stripe or PayPal dispute arrives, the disputed order\’s atoms are auto-added (per the Chargeback auto-blocklist setting).
- Fast checkout strikes — when an atom (device fingerprint or IP) hits the configured strike threshold for the Fast Checkout rule, it\’s auto-blocked.
Expiring entries
Each blocklist row has an expires_at timestamp (nullable for permanent). The rule\’s SQL query filters out expired entries on every order — no separate cleanup cron required, but you can run DELETE FROM wfg_blocklist WHERE expires_at < UTC_TIMESTAMP() periodically if the table grows unwieldy.