Changelog
Major user-visible changes only. Bug fixes and infra work are tracked internally.
2026-05-24 โ Cart abandonment: one funnel + auto-recovery
Cart abandonment is now tracked as a single shopper journey instead of two disjointed buckets. Plus, recovery emails can run on autopilot.
- One unified funnel. Cart-only abandons (shopper added items but never started checkout) and checkout abandons (shopper started checkout but didn't pay) now share one record per shopper. The dashboard shows where each visitor dropped, not two unrelated numbers.
- Better recovery math. No more double-counting the same shopper across the two stages. Recovery rate and recoverable revenue figures finally reflect reality.
- Auto-recovery (Pro+). Turn on auto-recovery and SOptim sends one recovery email per abandoned cart, on your schedule (1h / 4h / 24h after abandon) with optional discount (0% / 5% / 10% / 15%). Shared daily quota with your manual sends.
- Bot abandons stay quiet. Auto-recovery skips carts where the abandonment cause is "bot" โ your real shoppers get the email, the bots don't.
2026-05-24 โ Store Health Audit: 5 audit modules go live
The audit hub now runs real checks instead of waitlist previews. Five modules wired up:
- Performance audit (Starter+). Pulls a fresh PageSpeed Insights run for your storefront and grades Core Web Vitals (LCP, CLS, INP, FCP, TTFB) against Google's thresholds. Surfaces the top 3 opportunities Lighthouse spotted, with the estimated savings per fix.
- App cost estimate (Pro+). Scans your installed Shopify apps, totals the monthly bill from a curated price lookup, and flags which apps SOptim can replace โ so you can see the savings if you consolidate. Updates weekly.
- SEO health (Pro+). Crawls four storefront pages (home + a product + a collection + a blog post) and grades title length, meta description, canonical, Open Graph, JSON-LD, H1, and image alt coverage. Returns a per-page score plus the top 3 issues to fix first.
- Compliance check (Pro+). Looks for a cookie consent banner, Google Consent Mode v2, all five policy pages (privacy / terms / refund / shipping / legal), and CCPA opt-out signals. Knows your jurisdiction from your billing address โ EU/UK stores get flagged hard if the cookie banner is missing.
- Anomaly alerts (Pro+). Runs nightly. Watches your daily bot block volume, cart abandonment rate, block ratio, and dispute count against the trailing 14-day baseline. Surfaces alerts when something deviates from normal โ spike or drop โ so you can investigate before it costs you sales.
All audit cards now follow the same visual language as the rest of the dashboard: score badge, severity tones, tier-gated CTAs with inline lock badges. Free shops still see the cards with an "Upgrade to run" message.
2026-05-24 โ Unified outcome surface across all modules
Unified outcome surface across all modules so every screen tells the same "here's what SOptim saved you" story.
- One visual language. Bot Shield, Cart Abandonment, Account Protection, Speed Engine, and more now lead with the same outcome card โ same headline size, same period framing, same tier-gated CTA pattern.
- Empty states that explain. Brand-new shops and quiet modules now surface "we're watching โ first signal usually lands within 48h" instead of a $0 number.
- Lock badges on gated actions. CTAs that require an upgrade render disabled with a Pro+ / Scale+ / Starter+ badge inline, so the upgrade path is one glance away.
2026-05-24 โ Bot Shield dashboard: Revenue protected hero + 30-day export
- Revenue protected hero. New headline card at the top of the Bot Shield dashboard rolls up everything SOptim has saved this month into a single dollar figure โ bot orders cancelled, carts recovered, disputes won, and fraud orders auto-cancelled. Non-zero buckets show inline counts so you can see at a glance which defenses are pulling their weight.
- Empty state, not a graveyard. Brand-new shops see "Bot Shield is watching โ first blocks usually land within 48h" instead of a $0 number โ sets the right expectation while detection warms up.
- 30-day report (Pro+). New "Export 30-day report" button opens a print-styled report in a new tab with a KPI grid, last-14-day daily timeline, top 10 blocked patterns, and top 10 fraud rules triggered. Use your browser's Print โ Save as PDF to keep a copy for your finance team or insurance claims.
- Tier gating. Free and Starter see the hero with the export button disabled and a Pro+ badge. Pro and Scale get the export. Hero figures themselves are visible on every tier.
2026-05-24 โ Visitor analytics now suggests block rules
- Detected patterns. Visitor analytics surfaces high-confidence patterns above the visit table โ countries, ASNs, and IP neighborhoods where a clear majority of recent visitors got blocked. Each pattern shows the share blocked, the sample count, and how recently it was detected.
- One-click suggested blocks. Apply a pattern as a block rule in one click. Dismiss the suggestion to suppress it. Tap "Review evidence" to expand the most recent matching visits before you decide.
- Auto-block (Scale). Scale tier can opt in to "Auto-enable suggested patterns" โ high-confidence patterns then become block rules without merchant action. Pro and Starter still apply manually.
- Stopped this month. New banner totals the visitors stopped and estimated protected revenue for the trailing 30 days.
2026-05-24 โ Fraud orders: auto-cancel rules with 3 templates
- Auto-action rules engine. Fraud orders moves from manual review to automated action: rules evaluate every new order on the orders/create webhook and run a cancel / tag-for-review / block-IP action when the trigger matches. Priority order, first-match wins.
- 3 one-click templates. Auto-cancel obvious fraud (HIGH risk + credit card), Hold high-value high-risk for review (orders > $500 + risk โฅ 0.5 โ tagged
soptim-fraud-review), and Block repeat fraud IPs (โฅ3 prior auto-cancels in 30d). - Custom rule builder. Compose your own trigger from risk score, order total, country list, first-order flag, shipโ bill country, account age, and pick the action. Starter+.
- Outcome dashboard. New banner on
/app/bot-shield/fraudshowing 30-day auto-cancelled count, estimated chargebacks prevented (USD), and false-positive rate (merchant-reverted / total successful actions). - Revert. Every auto-action surfaces a Revert button in the fraud orders table so merchants can correct mistakes โ flips the audit log + feeds the false-positive metric. (Shopify doesn't allow un-cancelling an order; revert flags the log only.)
- Tier limits. Free 1 active rule (templates only), Starter 5 rules + custom builder, Pro 50 rules, Scale unlimited.
2026-05-24 โ Cart Abandonment now diagnoses cause + recovery actions
- Cart abandonment diagnoses why. Every abandoned Shopify checkout is now classified into one of five causes โ bot, slow LCP, shipping shock, idle timeout, or unknown โ so you can fix the root issue instead of just counting losses.
- Per-cart recovery actions. New table on
/app/cro/cart-abandonmentwith one-click Send recovery email, Send + 10% off (24-hour Shopify discount code), Copy recovery URL, and Mark as bot for every diagnosed abandonment. - Recovery URL. Every diagnosed cart gets a single-use 7-day recovery link via
apps/soptim/cart-recover?token=.... Opens trigger anopened_attimestamp on the recovery action so you can see who actually came back. - Tier limits. Free 10 manual sends/month, Starter 100/month, Pro + Scale unlimited. Auto-recovery placeholder ships as "Coming soon" pending Phase 2.
2026-05-24 โ Other ways to optimize
- Other ways to optimize. New section on Bot Shield dashboard previewing 5 future modules: Speed audit, App cost audit, SEO health, Compliance check, Anomaly alerts. Click any card to join the waitlist for that module โ we'll build the most-requested first.
2026-05-23 โ Pricing restructure to 4 flat tiers
- Plans simplified from 5 โ 4. New lineup: Free (100 blocks/mo), Starter ($9.99/mo), Pro ($39/mo), Scale ($159/mo). Old Grow / Max / Premium tiers retired. Existing subscribers stay at their original price and feature set under our grandfathering guarantee.
- Free quota raised from 50 to 100 bot blocks/month โ no credit card, forever.
- Starter ($9.99) matches Blockify Premium's price point and adds the server-side checkout block. Closes the bottom-of-funnel pricing gap with bot-blocker competitors.
- Pro ($39) = unlimited blocks, full Defense Network, Klaviyo, dispute evidence. (Maps to the old Scale tier with a price cut from $49.)
- Scale ($159) = multi-shop, ML auto-tuning, AI conversion + churn predictions, Care addon bundled, 2-hour founder SLA. Consolidates the old Max + Premium tiers.
- JSON-LD AggregateOffer rebuilt with 4 offers,
highPrice: 159,offerCount: 4. Comparison table reflows from 30 features ร 5 tiers to 30 features ร 4 tiers across all 9 locales.
2026-05-23 โ Rule Templates gallery + CRO Engine + Store Health + Speed Engine
- Rule Templates โ 29 total. New Templates tab on both
/app/bot-shield/checkout(21 order templates across Phase A + Phase C) and/app/bot-shield/storefront/templates(8 traffic templates including new ISP-block + city-block via Cloudflarecf-ipcity). One-click enable, no regex needed. Custom hand-written rules continue to live under the Advanced tab. - App Embed Health Check. New page
/app/bot-shield/healthwith 8 diagnostics: embed installed, embed enabled, App Proxy reachable, score events flowing, Validation Function deployed, webhooks subscribed, block page reachable, network sync running. Confirms Bot Shield is wired up correctly. - Admin Lockout Recovery. Generate / regenerate / revoke a bypass URL from Settings โ General. The URL gives a 24-hour HMAC-signed cookie that skips every Bot Shield check on the browser you open it in.
- Country Redirector. New page
/app/bot-shield/storefront/redirectsplus theme Module 7. Redirect blocked-country traffic to a localised storefront or partner page instead of a hard block. Up to 1/5/25/unlimited rules by plan. - Auto-cancel high-risk orders (Max). Opt-in toggle on
/app/bot-shield/fraud. For orders scoring above 90, SOptim cancels + refunds + adds a timeline note automatically. Polariss-modalrequires you to type CANCEL before enabling. - CRO Engine โ new module. Top-level entry at
/app/crowith four sub-modules:- Scroll & Engagement (Free). Theme Module 5 captures scroll depth, time on page, sections viewed, bounce. Page-level KPIs vs. storefront benchmark.
- Exit Intent (Grow+). Theme Module 6 with behaviour + scroll gating fires popups on ~8โ12% of sessions (not everyone). Three popup templates, Klaviyo integration.
- Product Health Score (Free). 0โ100 score per product combining traffic, conversion, returns, content, inventory. Sort ascending to spot the bottom decile.
- Mobile vs Desktop Drop-off (Grow+). Side-by-side 4-step funnel by device class. Surfaces the biggest mobile-vs-desktop gap and drills into the worst pages.
- Store Health Monitor. New page
/app/audit/store-health. Weekly crawl of 26 top URLs with Lighthouse, RUM, image audit, redirect chains, meta and schema validation. History tab tracks composite score over 12 weeks. - Speed Engine M1. New page
/app/audit/speed-engine. Resource Timing audit plus 5 fix detectors (render-blocking JS, oversized hero images, third-party tag bloat, font preload, CDN cache misses) with before/after RUM tracking on every applied fix. - WHOIS infra (RDAP).
order.newly-registered-email-domaintemplate now backed byDomainAgeCachepopulated from RDAP. Catches fraud orders from email domains registered in the last 30 days. - BIN cache rebuilt. 3-layer cache (memory โ DB โ binlist.net fetch) replaces the previous 247-entry static list. Order templates that read BIN data now hit a real lookup with proper card-country accuracy.
- Premium $199 tier. New plan slot above Max for shops needing the unified CRO Engine dashboard, longer event retention, and priority support. Pricing comparison table on
/pricingnow spans 4 tiers ร 30 features ร 9 locales. - Blog comparisons. Five new long-form comparisons in
/blog: Blockify-vs-SOptim (9 locales), MIDA-vs-SOptim (9 locales), Blocky-vs-SOptim (9 locales), Locksmith-vs-SOptim (EN), NoFraud/Wyllo-vs-SOptim (EN). - Bot Defense Playbook. New 4,560-word Hub article in 9 locales covering the bot landscape on Shopify in 2026 โ checkout fraud patterns, country-level signals, behaviour fingerprinting.
2026-05-22 โ Sprint 2 close-out + Sprint 3 wire-up
- Hard quota cliff (Free + Grow). When you burn through your monthly bot-block quota, the next would-be blocks are allowed through instead of silently dropped. The dashboard surfaces them as "Passed through (over quota)" so you see the real exposure โ no more hidden capacity gaps.
- Bot Shield activity widget on the dashboard. Four KPI cards (blocks this cycle, passed-through over quota, estimated revenue saved, all-time blocks) plus a 20-row activity table for the most recent block events. Lazy-loaded below the fold so it doesn't slow the first paint.
- Bot activity chart extended to 30 days. Same chart as before, wider window, plus a red dashed line for over-quota events when they exist. Helps you see month-over-month attack patterns.
- Shopify Flow trigger toggle. Settings โ Bot Shield โ "Enable Shopify Flow trigger on bot block" sends a
soptim-bot-blockedevent to your Flow workspace on every block decision. Use it to tag orders, notify staff, or cancel fulfilment automatically. - Industry-aware quick-protection step in onboarding. Right after you enable the theme embed, we suggest 5 high-risk countries based on your industry (digital/electronics, fashion/beauty, etc.). One checkbox per country, all opt-in. Skip the step if you want to configure manually.
- Auto-Pilot onboarding step. The setup checklist now nudges you to pick a mode (Relaxed / Balanced / Strict) and industry so behaviour rules pre-fill correctly. Defaults to Balanced + Other if you skip.
- Behaviour + heavy fingerprint signals at checkout. The theme extension now scores mouse-angle variance, keystroke cadence, paste detection, form-fill time, and scroll velocity into a 0-100 behaviour score, plus a stable heavy-fingerprint hash (connection + screen + timezone + platform). Both feed the Validation Function at every cart eval.
- Real-time block beacon (Channel B). When the Validation Function blocks at checkout, the theme extension echoes the event to the dashboard live-activity pill within ~1 second โ no more 5-minute lag waiting for the Function-logs poller.
- Order ร block cross-reference (Channel C). When a real Shopify order lands within 5 minutes of a passed-through (over-quota) block on the same email domain, we annotate the block event with the order reference. Shows up in the activity log so you can see which letslip orders likely came from the same buyer the shield wanted to stop.
- Visitor Analytics gains ISP + TOR + detection type. Each visit now records the human-readable ISP name (Cloudflare, DigitalOcean, etc.), the TOR flag, and the derived category (vpn / proxy / tor / hosting / icloud_relay / clean). Powers the upcoming filter dropdown on Grow+.
- Dashboard duplicate CTA fix. Brand-new shops no longer see two identical "Run your first audit" buttons stacked on top of each other.
- Settings โ Integrations tab. Klaviyo configuration moved out of its own page into a unified Integrations tab on the Settings screen, alongside cards for Shopify Flow and Slack. Adding the next integration (Mailchimp, Postmark, etc.) drops into the same place โ no nav fragmentation.
- Billing comparison row renamed. "Cross-shop network intel" relabelled to "Defense Network intelligence" with "Participate" for Free/Grow and "Full access" for Scale/Max โ every plan participates in the network from day one, paid tiers see the active-campaign view.
- Visitor Analytics counts no longer stuck at zero on shops with geo blocking off. The theme extension now logs every storefront visit via a fire-and-forget ping, instead of short-circuiting when geo rules weren't enabled. "Last 24 hours" on
/app/bot-shield/storefront/visitorswill start populating on the next page view. - Built-in Bot Shield rules: per-shop kill switch. Hardcoded UA + rate-limit patterns (curl/wget/headless browsers, form / signup throttles) occasionally false-positive on real customers' user-agents. New toggle on
/app/bot-shield/rulesturns the whole set off without disabling Bot Shield โ your custom rules keep firing, the defaults go inert until you flip it back. Cart-time Validation Function (checkout block) is unaffected; that's governed by Auto-Pilot mode separately. - Audit PDF download fixed. Reports were occasionally landing as "damaged" because the audit service was wrapping the PDF buffer in a way that lost Content-Length. Now writes a proper binary response with magic-byte validation upstream โ broken generation surfaces as a clear 502 instead of a corrupted file.
- Defense Network "Stores defending together" tile now reflects actual install count. Was reading zero because the count filter was hiding dev-mode stores.
- Auto-Pilot "Current state" stops lying. Brand-new shops that had never opened the Auto-Pilot form used to see "Mode: balanced, Industry: other" as if they'd chosen those values. Now shows "Not configured yet" with a nudge to save the form once.
- Bot Shield activity widget tightened. Recent activity table on the dashboard now shows 10 latest events instead of 20 โ paired with KPI cards above the fold, full log lives on the visitors page.
- Settings โ Integrations deep links scroll into view. Clicking "Open Auto-Pilot settings" or "Open Notifications settings" from the Integrations tab now lands on the right section instead of the page top.
- Network overview tiles no longer collapse together. The three metric labels on
/app/bot-shield/network(Signals in network / Shops protected / Campaigns this week) now render as a responsive grid of bordered cards. - Order Rules: 6 fraud templates (new). New page Bot Shield โ Order Rules. Enable templates with one click โ no regex needed. Phase A ships disposable email blocking, BIN-country mismatch flagging, shipping-to-high-risk-country blocking, large-orders-from-new-customers flagging, same-IP-multiple-emails velocity blocking, and missing/invalid phone number flagging. Review queue surfaces flagged orders for merchant approve/reject.
2026-05 โ Bot Shield consolidation
- Pricing alignment with Sprint 2-E. Free now includes 50 bot blocks/mo (up from 10). Grow now includes 500 bot blocks/mo (up from 100). Dispute evidence is now a Scale feature (was Max-only).
- Bot Shield Hub. The six Bot Shield modules (Access Control, Visitor Analytics, Custom Rules, Fraud Orders, Disputes, Network Intelligence) now live under a single Bot Shield nav entry with a hub page. Replaces the previous flat 12-item nav.
- Custom block page editor. Wired the existing block-page editor to
/apps/soptim/blockedโ your branded message now actually shows to blocked visitors. - iCloud Private Relay detection. Apple's relay egress IPs are synced weekly; geo-blocked visitors are no longer accidentally blocked because of Apple's privacy feature.
- Admin bypass cookie. 24h HMAC-signed cookie lets you unblock yourself without disabling protection.
- Visitor Analytics CSV export. Per-tier row caps, hashed IPs.
- Setup checklist v2. New steps (first block rule, daily digest, invite teammate) and a "dismiss after 14 days" auto-hide.
- ROI calculator + testimonials + FAQ on the in-app billing page. Helps merchants understand the value before upgrading.
2026-04 โ Sprint 3-C (VPN + brand)
- VPN detection via ip-api.com, plus TOR via Cloudflare threat-score โฅ 8.
- Branded block page. Title, message, contact email, logo URL, colors. All HTML-escaped.
- Source telemetry on upgrade links. Helps us see which features drive the most upgrades.
2026-03 โ Sprint 2-E (Geo)
- Geo blocking. Country blocklist with ~30s propagation. Uses Cloudflare
cf-ipcountry.
2026-02 โ Sprint 2-D (Disputes)
- Disputes & evidence packets (Max plan). PDF + JSON, signed timestamps, GDPR-safe redaction.
2026-01 โ Sprint 2-C (Network)
- Network Intelligence. Cross-shop reputation. Hashed IPs, anonymous ASN/BIN sharing, 30-day decay.
2025-12 โ Sprint 2-B (Rules)
- Custom Rules. ASN, user-agent, headers, rate.requests, score. Up to 25 (Scale) or 100 (Max).
2025-11 โ Sprint 2-A (Fraud Orders + Visitor Analytics)
- Fraud Orders. Score
orders/createwebhook with BIN/velocity/billing-shipping signals. - Visitor Analytics. Hashed IPs, per-tier retention.
2025-10 โ Sprint 1 (MVP)
- Bot Shield v1. Score-based pipeline. Allow / challenge / block.
- Access Control. Country blocking, IP allowlist.
- Audit. Free, unlimited, PDF report.
- Plans. Free / Grow $19 / Scale $49 / Max $99. Monthly + annual.
Subscribe to changelog updates by emailing [email protected] with "subscribe changelog" in the subject. We send one update per month, max.