Rule: IP risk (VPN/proxy/datacenter)
Rule key: ip_risk · Default weight: 0.6 · Tier: Lite
Classifies the customer\’s IP into one of four buckets and scores accordingly.
| Classification | Base score |
|---|---|
| Clean (residential, mobile) | 0 |
| Private / loopback (probably misconfigured proxy) | 50 |
| Datacenter (DigitalOcean, AWS, GCP, Azure, OVH, Hetzner, Linode, Vultr, etc.) | 60 |
| Known VPN/proxy/Tor exit (when MaxMind adapter is configured) | up to 80 |
Built-in datacenter list
The plugin bundles ~80 known datacenter CIDR ranges. To extend with your own (e.g. a hosting provider you\’ve confirmed is used for fraud), filter woofraudguard_datacenter_cidrs:
add_filter( \'woofraudguard_datacenter_cidrs\', function ( $cidrs ) {
$cidrs[\'185.232.0.0/16\'] = \'BadHost\';
return $cidrs;
} );Why \”private/loopback\” is risky
If WooCommerce is seeing 127.0.0.1 or 10.x.x.x as the customer\’s IP, your reverse proxy isn\’t forwarding the real client IP. That\’s usually a misconfiguration, but it\’s also a common pattern for attackers who\’ve compromised a server inside your network. Score 50 is conservative — if you trust your infra you can lower it.