Comparison · Updated 2026-05-22
Locksmith vs SOptim — gated content vs bot defense
Locksmith and SOptim get compared a lot, and we want to head that off. They solve different problems. This post explains what each one actually does, why merchants keep landing on both apps in the same search, and the cases where running both side-by-side is the right answer.
The 30-second version
Locksmith is a content-gating app. It hides parts of your store — specific products, collections, pages, variants, even individual prices — behind keys that visitors have to unlock. The keys can be passcodes, customer tags, secret links, geolocation, date and time, purchase history, or Liquid expressions. If you run a wholesale catalog, a members-only collection, or a regional pricing tier, Locksmith is the tool the Shopify community points at by default.
SOptim is a bot and fraud-defense app. It scores incoming sessions on behavior signals (mouse movement, keystroke cadence, paste, scroll), runs a heavy fingerprint hash, looks up cross-shop reputation in a Defense Network, and — most importantly — refuses high-risk sessions at checkout through a Shopify Validation Function. It exists to stop card-testers, scrapers, and abusive automation from converting.
The overlap is one feature: Locksmith ships a Checkout Validation rule that can block checkout based on its key state. That is genuine functionality, and it is the reason this comparison page exists. But the rest of the two products are pointed at different jobs.
Where each app is the answer
Before the feature table, the framing that matters most.
- Pick Locksmith if you need to gate parts of your storefront. Wholesale pricing visible only to tagged customers. A product collection that needs a passcode. A page hidden until a buyer clicks a secret link in an email. Regional pricing where the EUR variant is hidden from US visitors. A "members-only" area for repeat buyers. Locksmith is the most established app on the App Store for this category — launched 2014-10-29 by Lightward, 297 reviews at 4.7 stars, 92% five-star, and a 2025 Built for Shopify award. The Liquid integration is the deepest in the category and the support reputation is unusual in a good way.
- Pick SOptim if your problem is order quality, not visibility. Card-testing bots are creating $1 failed-card orders. A scraper is hitting product pages at three requests per second. A competitor's price-monitor is pulling your catalog. Real shoppers are checking out fine, but the orders that come through include disposable email addresses, BIN-country mismatches, or shipping addresses that have been flagged on other Shopify stores. That class of problem needs a session-scoring, fingerprint-checking, network-aware defense app — which is what SOptim is.
If you find yourself wanting both, you probably need both. They sit at different layers of the funnel.
The feature table
Side-by-side, based on each app's public App Store listing as of 2026-05-22. Anything we can't verify from a primary source, we leave blank rather than guess.
| Feature | Locksmith | SOptim |
|---|---|---|
| Lock products / collections / variants | Yes | — |
| Lock pages / blog posts / templates | Yes | — |
| Lock prices (show / hide a price) | Yes | — |
| Passcodes as a key | Yes | — |
| Customer tags as a key | Yes | — |
| Secret-link keys | Yes | — |
| Email-domain keys | Yes | — |
| Purchase-history keys | Yes | — |
| Date / time keys | Yes | — |
| Geolocation keys | Yes | Yes (country / region rules) |
| Liquid expressions as keys | Yes | — |
| Checkout Validation rule (Function) | Yes — key-state based | Yes — risk-score based |
| Behavior scoring (mouse / keys / paste) | — | Yes |
| Heavy fingerprint hash (canvas + audio + WebGL) | — | Yes |
| Cross-shop reputation network | — | Yes (Defense Network) |
| VPN / proxy / TOR detection | — | Yes (Grow+) |
| Order-level fraud rules (BIN, disposable email, velocity) | — | Yes (6 templates, Free) |
| Dispute evidence packets (signed PDF + JSON) | — | Scale+ |
| Auto-cancel high-risk orders | — | Max tier |
| Lighthouse store audits (LCP / CLS / INP) | — | Yes (Free, unlimited) |
| Built for Shopify badge | Yes (2025 Build Award) | Not yet |
| Free tier | 15-day trial only | Yes (50 blocks/mo, unlimited audits) |
Sources: Locksmith App Store listing (apps.shopify.com/locksmith, 297 reviews, 4.7 stars, 2025 Build Award winner, as of 2026-05-22) and SOptim's own pricing page. Dashes mean the feature isn't part of the app's documented scope — not a quality judgement.
Why this comparison exists at all
The honest answer: Locksmith has a Checkout Validation feature, and Shopify's category pages surface it next to bot-blocker apps because of that one shared capability. So merchants searching for bot protection click through to the Locksmith listing, see "Checkout Validation," and assume the rest of the app does what bot-blocker apps do. It doesn't.
Locksmith's Checkout Validation rule is exactly what you'd expect from a content-gating app: it refuses checkout if the cart contains a product whose key hasn't been unlocked. So if you've gated wholesale products behind a customer tag, a buyer without that tag who somehow added the gated product to their cart will be stopped at checkout. That's the right behavior for wholesale-only catalogs, and it's well-implemented. But it isn't doing risk scoring. It isn't fingerprinting. It isn't blocking a card-testing bot that's trying to brute-force a stolen Visa against your gateway.
SOptim's Validation Function takes the same Shopify primitive (the cart.validations.generate.run hook) and points it at a completely different decision: is this session, on the evidence we've collected during the browsing path, likely to be a card-tester or a known abuser? If yes, refuse checkout with a message you control. If no, allow checkout. No content rules. No keys. Just a behavior-and-reputation gate.
What Locksmith does that SOptim doesn't
Three categories of work where Locksmith is the right tool and we have no equivalent.
- Wholesale and B2B price visibility. A retail-facing catalog where tagged wholesale customers see a different price tier, with the discount tied to a passcode or a customer tag rather than a discount code at checkout. Locksmith's price-lock keys cover this cleanly. SOptim doesn't touch product visibility.
- Members-only content. A subscriber-exclusive product drop, a page that only buyers of a previous SKU can see, a collection that opens after a calendar date. These are key-based business rules. Locksmith was built for them.
- Liquid-driven custom rules. Locksmith exposes Liquid as a key type, which means store owners can express access conditions as deep as their theme allows — segmenting on metafields, on order tags, on cart contents. The depth here is unique on the App Store, and it's the reason Locksmith picked up its 2025 Build Award.
What SOptim does that Locksmith doesn't
Symmetrically, the categories where SOptim is the right tool.
- Behavioral risk scoring. Every session that lands on your theme gets a 0-100 score derived from mouse movement variance, keystroke cadence, paste detection, scroll velocity, and timing entropy. The score is logged, surfaced in the dashboard, and consumed by the Validation Function. Locksmith doesn't have a risk model — its decisions are based on key state, not on how the visitor behaves.
- Cross-shop reputation. The Defense Network shares blocking signals across SOptim-installed stores. A fingerprint blocked on three other stores in the last 24 hours earns a penalty on your store too, before its first checkout attempt. Locksmith's keys are per-store by design — that's the right model for gated content, but it doesn't let one merchant's block protect another.
- Order-level fraud rules. Six templates ship on the Free tier: disposable-email block, BIN-country mismatch flag, shipping-to-high-risk-country block, large-order-from-new-customer flag, same-IP-multiple-emails velocity block, invalid-phone flag. These run on the order object after checkout, alongside the Validation Function that runs during checkout. Locksmith doesn't ship order-level rules.
- Dispute evidence packets. When SOptim's Validation Function refuses a checkout, the Scale tier generates a signed PDF and JSON evidence packet — timestamped, GDPR-safe, ready to upload to a Visa or Mastercard dispute case. Locksmith doesn't operate on the dispute side of the funnel.
- Free site audits. SOptim's audit module is unlimited on the Free tier — full Lighthouse Performance, Accessibility, SEO, and Best Practices reports, with PDF download. The behavior signal collection and the audit module share the same theme app extension, so a single install covers both. Locksmith doesn't run audits — different product category.
Pricing, side by side
Both apps charge in USD, monthly through Shopify's billing. Snapshot taken 2026-05-22 from each app's public pricing page.
| Tier | Locksmith | SOptim |
|---|---|---|
| Free | None — 15-day trial only | 50 bot blocks/mo + unlimited audits + 5 countries / 10 IPs + 24h RUM + 6 order-rule templates |
| Entry paid | $12/mo (Shopify Basic stores) | $19/mo Grow — 500 blocks/mo, VPN+iCloud Relay, 5 custom rules, 30d RUM |
| Mid paid | $29/mo (Shopify Grow stores) | $49/mo Scale — unlimited blocks, 50 custom rules, full Defense Network, dispute evidence, Slack+Klaviyo |
| Upper paid | $99/mo (Shopify Advanced stores) | $99/mo Max — 3 shops, ML auto-tuning, revenue impact, Care tier (2h/mo dev), 4h founder SLA |
| Top paid | $199/mo (Shopify Plus stores) | — |
Locksmith's pricing is keyed to your Shopify plan tier, not to feature count. That's an unusual model — you pay more for the same Locksmith functionality if your Shopify subscription is on a bigger plan. Lightward also ships a "Pay what feels good" policy that lets merchants on tighter budgets request a custom rate. The policy is real and we've seen merchants reference it positively in reviews.
SOptim's pricing is keyed to feature scope and block volume, not to your Shopify plan. The Free tier exists for stores that want to keep bot defense running without a recurring bill — 50 blocks and unlimited audits cover a meaningful fraction of single-shop merchants. The paid tiers add custom rules, Defense Network depth, dispute evidence, and at the top end ML auto-tuning plus a Care SLA.
Running both apps at once
This is the case we see most often. A merchant who runs gated wholesale pricing or members-only content has Locksmith as a foundational piece of their store. They later notice fraud orders or scraping pressure, install SOptim, and the two apps sit side-by-side without conflict.
Both apps register Validation Functions. Shopify runs every installed Validation Function on a checkout, and any one of them can refuse the cart. So Locksmith's key-state rule and SOptim's risk-score rule both run, both reach a decision, and the checkout is refused if either one returns a denial. The orders that pass have valid keys and a clean risk profile. No configuration is needed for the two Functions to coexist — Shopify handles ordering and result aggregation.
On the storefront side, Locksmith's theme integration controls visibility (what the buyer can see) while SOptim's theme app extension collects behavior signals (what we know about the session). The two extensions don't touch the same DOM nodes. Install order doesn't matter.
The decision in one sentence
If your decision is about who can see or buy a specific product, install Locksmith. If your decision is about whether the session at checkout looks like a real shopper or a bot, install SOptim. If both apply to your store, install both — they were designed for different layers of the same funnel.
Try SOptim free
Free tier: 50 bot blocks/month, unlimited Lighthouse audits, six order-rule templates, basic Defense Network participation. No credit card. Works alongside Locksmith with no configuration.
Install on ShopifyFootnotes
- Locksmith review count, star rating, and Built for Shopify badge status taken from apps.shopify.com/locksmith on 2026-05-22.
- Locksmith launched 2014-10-29 by Lightward (Chicago, IL). The 2025 Build Award status is shown on the public listing.
- The Checkout Validation feature in Locksmith is real and well-built for its intended use case (gated-product enforcement). We are not contrasting that feature unfavorably — we are saying the two apps' Checkout Validation Functions point at different decisions.
- SOptim is independent and is not affiliated with Locksmith or Lightward. We have not used Locksmith in production; everything stated here is verifiable on its App Store listing.
- We will update this page if either app ships meaningful changes. Last review: 2026-05-22.