Bot Shield overview
Bot Shield is the protection layer of SOptim. It sits between your storefront and your checkout, scoring every visitor in real time and acting on the score: allow, challenge, or block.
The six modules
| Module | What it does | Available on |
|---|---|---|
| Access Control | Country/region block lists, IP allow lists, admin bypass | All plans |
| Visitor Analytics | See who's hitting your store, drill into individual sessions, CSV export | Grow+ |
| Custom Rules | Block by ASN, user-agent, headers, or behavior with a rule editor | Scale+ |
| Fraud Orders | Auto-flag risky orders before fulfillment | Grow+ |
| Disputes | Generate chargeback evidence packets in two clicks | Max |
| Network Intelligence | Cross-shop reputation — block IPs flagged by other SOptim merchants | Scale+ |
Modes
In Bot Shield → Settings you choose one of three modes:
- Auto-Pilot (default) — score every visitor, act on the score automatically. Safest for most shops.
- Monitor only — score and log, but never block. Use this for your first week to see what we'd block.
- Custom rules only — disable scoring, only enforce rules you've written by hand. Advanced.
How decisions are made
We score on six signals: IP reputation, ASN reputation, user-agent shape, behavioral entropy, network-intel hits, and (Scale+) custom rule matches. Each signal contributes a weight; the final score maps to one of three actions:
0–30allow30–70challenge (invisible CAPTCHA)70–100block
The score is fail-open: if our detection service errors, we allow the visitor through. Better to let a bot in than block a real customer because our service had a hiccup.
Block page
Blocked visitors land on /apps/soptim/blocked — a Shopify App Proxy URL that renders your branded message. Customize it in Bot Shield → Access Control → Block page. See Access Control for details.