WooCommerce checkout
Protect WooCommerce order checkout from bots.
Keys required. Create a site in the dashboard and copy your site key (HTML) and secret key (server). Replace
sq_live_your_key in the snippets below.
How this integration works
Same three steps as every other platform — only the paste location and server hook change.
| Step | What you do for WooCommerce checkout |
|---|---|
| 1 | Add the widget near the Place order button (checkout template or hook). |
| 2 | Verify in woocommerce_checkout_process. |
| 3 | Show a checkout error if verification fails. |
Where to put the widget
Checkout template or hook near Place order button.
Server-side hook (WordPress)
Verify the token in woocommerce_checkout_process before the form plugin saves the submission.
Recommended settings
| Setting | Value |
|---|---|
| Widget mode | Interactive — User clicks to verify — sign-up, checkout |
| Form selector | form.checkout (used in data-form for auto mode) |
| Server verify | PHP |
Copy-paste snippet
Paste into your WooCommerce checkout form or template. Load squeaker.js once per page.
<!-- woocommerce/checkout/form-checkout.php or hook -->
<squeaker-widget
data-sitekey="sq_live_your_key"
data-api="https://api.squeaker.cc/v1"
data-mode="interactive"
data-theme="light"
></squeaker-widget>
<script src="https://cdn.squeaker.cc/squeaker.js" async defer></script>
<!-- functions.php -->
add_action('woocommerce_checkout_process', function () {
$token = $_POST['squeaker-token'] ?? '';
// verifyLocal + verify
// wc_add_notice('Verification failed', 'error'); if invalid
}); Server verification
Read squeaker-token from the request and POST to /v1/verify with your secret key.
Full reference: Server verify docs.
$token = $_POST['squeaker-token'] ?? '';
if ($token === '') {
http_response_code(400);
exit('Missing token');
}
$apiUrl = getenv('SQUEAKER_API_URL') ?: 'https://api.squeaker.cc/v1';
$payload = json_encode([
'secret' => getenv('SQUEAKER_SECRET'),
'token' => $token,
'remoteip' => $_SERVER['REMOTE_ADDR'] ?? null,
]);
$ctx = stream_context_create([
'http' => [
'method' => 'POST',
'header' => "Content-Type: application/json\r\n",
'content' => $payload,
],
]);
$response = file_get_contents("{$apiUrl}/verify", false, $ctx);
$result = json_decode($response, true);
if (!$result['success']) {
http_response_code(403);
exit($result['error'] ?? 'Invalid token');
}
// Token valid — process the form Open setup generator with WooCommerce checkout pre-selected · Browse all platforms