=== WC API Rate Limiter by Volade ===
Contributors: volade
Tags: woocommerce, rest-api, rate-limit, security, ecommerce
Requires at least: 6.0
Tested up to: 6.8
Requires PHP: 7.4
Stable tag: 1.0.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Rate limiting for WooCommerce REST API — stop card testing, scraping and API abuse.

== Description ==

**WC API Rate Limiter by Volade** protects your WooCommerce store against abusive REST API traffic: card testing bots, credential stuffing, catalog scraping and accidental overload from headless frontends.

* 4 presets: Card testing shield, WooCommerce standard, Agency multi-store, API keys only
* Per-IP buckets with configurable window and limits
* Blocked-request log with JSON export (free, no account)
* IP allowlist, per-route rules and CSV export with Volade connected account
* Multisite rollup and WP-CLI bulk on V+ Premium
* Embedded Volade SDK — discover, XP, V+ premium

Works without a Volade account. Connect for advanced rules; V+ for multisite and CLI bulk.

== Installation ==

1. Upload the plugin ZIP via Plugins → Add New → Upload
2. Activate **WC API Rate Limiter by Volade**
3. Open Volade → API Rate Limiter (or WooCommerce → API Rate Limiter)
4. Apply the **Card testing shield** preset on live stores

== Frequently Asked Questions ==

= Does this replace a WAF? =

No — it is a lightweight WooCommerce-focused rate limiter inside WordPress. Pair it with your host WAF for defense in depth.

= Which routes are limited? =

By default, sensitive WooCommerce routes: orders, customers, coupons and payment gateways. You can expand to all `/wc/` routes.

= Do I need a Volade account? =

No. Presets, basic limits and JSON export work without an account.

== Changelog ==

= 1.0.0 =
* 5 presets (Card testing, Card testing MAX, WooCommerce, Agency, API keys)
* Hybrid fingerprint, Store API sync, wc_card_shield scope, auto-ban blocklist
* Blocked-request log, Site Health, WP-CLI (status, export, clear, preset)
