DropLock enforces lifetime per-customer purchase limits on WooCommerce drops — not just the cart they’re checking out with right now.
Built for limited editions, collector drops, memberships, preorders, and event exclusives. One toggle per product. HPOS and Block Checkout supported.
FROM $49/YR / 14-DAY REFUND / WORDPRESS 6.5+
A customer who already bought the limited tee buys another with a second account.
A guest checks out three times in five minutes with the same email and three cards.
Resellers clean out inventory before your real customers even see the product page.
You spend Monday refunding orders and apologizing to the customers who got nothing.
A new DropLock section appears in the General tab.
Check the box. Type how many a customer can buy across their lifetime.
Optional — custom message + badge text with variables.
Live. The badge renders. The check fires. Done.
The free edition is GPL and open source — install it, read the code, self-host it, no strings. It protects one product so you can prove DropLock works on a real drop.
DropLock Pro is the commercial build, delivered privately to customers — it isn’t published publicly. Your purchase unlocks unlimited products, full customization, the complete log, and every Pro feature, plus official updates, email support, and the roadmap.
| Capability | Free | Pro |
|---|---|---|
| The headline difference | ||
| Products you can protect | 1 | Unlimited |
| The engine — identical in both | ||
| Lifetime per-customer purchase limit | ✓ | ✓ |
| Validates at add-to-cart, cart, and checkout | ✓ | ✓ |
| Guest customers matched by billing email | ✓ | ✓ |
| Variations roll up to the parent product | ✓ | ✓ |
| HPOS & Block Checkout compatible | ✓ | ✓ |
| Admin / shop-manager bypass | ✓ | ✓ |
| Customize & scale — Pro | ||
| Custom limit message with variables | Default | Editable |
| Custom product badge text | Default | Editable |
| Choose which order statuses count | Fixed | Per product |
| Blocked-attempt log | Count + last 5 | Full + CSV |
| Priority email support | — | ✓ |
| New in Pro 1.1 — shipping now | ||
| Per-variation limits (separate cap per Red / Blue / …) | — | ✓ |
| Category-level drop rules (cap across a whole category) | — | ✓ |
| Sale-only limits (enforce only while discounted) | — | ✓ |
| Disposable / burner-email blocking at checkout | — | ✓ |
| On the Pro roadmap — planned, not yet shipped | ||
| Launch date/time window + countdown badge | — | Planned |
| Waitlist email capture | — | Planned |
» The free version is the real engine — scoped to a single product so you can prove it works on a live drop. The moment you need to protect more than one product, customize the message and badge, or unlock the full log, Pro is the upgrade. Free is heading to the WordPress.org plugin directory; Pro is available now above.
WooCommerce’s built-in “Sold individually” setting only limits one per order (really, one per cart) — the same customer can place a second order and buy again. DropLock adds the missing piece: a true one per customer limit that counts across every order a customer has ever placed. Set the limit to 1 for one-per-customer, or any number for N-per-customer.
Yes. Guests are matched by their billing email at checkout, before the order is created. The block fires before any charge or stock decrement.
Yes. By default the parent product limit applies across every variation — so a customer can’t buy “Red” and then “Blue” of the same limited shirt. Need a separate cap per variation? Pro 1.1 adds per-variation limits.
Yes. DropLock declares HPOS compatibility and uses wc_get_orders() end-to-end. It also works with the new Block Checkout and classic checkout.
No. The order lookup only runs when a DropLock-enabled product is in the cart, and results cache for 60 seconds per customer. No impact on browsing or shop archive pages.
A determined attacker with a fresh email, a new account, and a different card can bypass any email-based check — no plugin can stop that, and we don’t claim to. What DropLock reliably stops is the common case: repeat purchases through the same customer account or the same billing email. That covers most accidental and casual duplicate orders. For bot-driven or fraud-level abuse, pair DropLock with a tool like Cloudflare Bot Management or a CAPTCHA at checkout.
14 days, no questions asked. Reply to your purchase receipt and we refund. The plugin you downloaded keeps working (GPL); you just stop receiving updates after a refund.