PHPackages                             arraypress/maxmind-minfraud - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Validation &amp; Sanitization](/categories/validation)
4. /
5. arraypress/maxmind-minfraud

ActiveLibrary[Validation &amp; Sanitization](/categories/validation)

arraypress/maxmind-minfraud
===========================

A PHP library for integrating with the MaxMind minFraud Score API in WordPress, providing fraud risk scoring (0-99), IP reputation, and email/billing/shipping risk signals. Built around WordPress's HTTP API with transient caching.

00PHP

Since May 6Pushed 1mo agoCompare

[ Source](https://github.com/arraypress/maxmind-minfraud)[ Packagist](https://packagist.org/packages/arraypress/maxmind-minfraud)[ RSS](/packages/arraypress-maxmind-minfraud/feed)WikiDiscussions main Synced 1w ago

READMEChangelogDependenciesVersions (1)Used By (0)

MaxMind minFraud (WordPress)
============================

[](#maxmind-minfraud-wordpress)

A focused PHP library for the MaxMind minFraud Score API, built for WordPress with `wp_remote_post` and transient caching. No external HTTP dependencies. Drop-in for fraud-scoring at checkout, on signup, or anywhere a 0-99 risk score is useful.

Features
--------

[](#features)

- 🎯 **One thing well** — wraps the minFraud Score endpoint (the cheapest of MaxMind's three minFraud tiers, returns the 0-99 risk score)
- 💰 **Funds-aware** — surfaces `funds_remaining` / `queries_remaining` from every successful response so you can wire up budget alerts
- 🚦 **Stable error handling** — distinguishes transport / auth / quota failures via `WP_Error` rather than coercing them into a 0 score
- 🪶 **Zero deps** — only PHP and WordPress's HTTP API
- 🔁 **Transient caching** — repeat lookups within a 10-minute window cost zero API calls
- 📦 **Predictable response shape** — getter-friendly Score wrapper that won't break when MaxMind extends the JSON

Requirements
------------

[](#requirements)

- PHP 7.4 or later
- WordPress 5.0 or later
- MaxMind account + minFraud license key

Installation
------------

[](#installation)

```
composer require arraypress/maxmind-minfraud
```

Quick start
-----------

[](#quick-start)

```
use ArrayPress\MaxMind\MinFraud\Client;

$client = new Client( '123456', 'your-license-key' );

$result = $client->check_score( [
    'device' => [ 'ip_address' => '203.0.113.42' ],
    'email'  => [ 'address' => 'alice@example.com' ],
    'billing' => [
        'country' => 'US',
        'region'  => 'CA',
        'city'    => 'Los Angeles',
        'postal'  => '90210',
    ],
] );

if ( is_wp_error( $result ) ) {
    error_log( 'minFraud failed: ' . $result->get_error_message() );
    return;
}

if ( $result->is_high_risk() ) {
    // 75+ risk score — block / hold the order
}

$score    = $result->get_risk_score();        // 42.5
$query_id = $result->get_query_id();          // for cross-referencing in MaxMind dashboard
$funds    = $result->get_funds_remaining();   // USD remaining on the account
$warnings = $result->get_warnings();          // any non-fatal warnings
```

Configuration
-------------

[](#configuration)

```
$client = new Client(
    'account-id',
    'license-key',
    [
        'cache_enabled' => true,    // default true
        'cache_ttl'     => 600,     // seconds; default 10 min
        'cache_prefix'  => 'mm_',   // transient key prefix
    ]
);
```

Request payload
---------------

[](#request-payload)

The `check_score()` payload mirrors [MaxMind's spec](https://dev.maxmind.com/minfraud/api-documentation/requests). The minimum is `device.ip_address`, but pass everything you have — minFraud's score quality scales with how much context you give it.

Useful fields beyond the basics:

```
$client->check_score( [
    'device'  => [
        'ip_address' => '203.0.113.42',
        'user_agent' => $_SERVER['HTTP_USER_AGENT'] ?? '',
    ],
    'email'   => [ 'address' => 'alice@example.com' ],
    'account' => [ 'user_id' => '42' ],
    'billing' => [ 'country' => 'US', 'postal' => '90210' ],
    'shipping' => [ 'country' => 'US', 'postal' => '90210' ],
    'payment' => [ 'processor' => 'stripe' ],
    'event'   => [ 'type' => 'purchase' ],
] );
```

Error handling
--------------

[](#error-handling)

Errors come back as `WP_Error` rather than an empty Score, so you don't accidentally treat an auth failure like a 0 score:

```
$result = $client->check_score( $payload );

if ( is_wp_error( $result ) ) {
    $code    = $result->get_error_code();    // 'minfraud_api_error', 'minfraud_bad_response', etc.
    $message = $result->get_error_message();
    $data    = $result->get_error_data();    // includes HTTP status when relevant

    // Fall back to your own rules, log, etc.
}
```

Possible error codes:

- `minfraud_missing_credentials` — account ID / license key not provided
- `minfraud_api_error` — MaxMind returned a non-2xx with an error body
- `minfraud_bad_response` — couldn't decode the JSON
- `http_request_failed` — WordPress transport error (passed through verbatim)

Why not the official SDK?
-------------------------

[](#why-not-the-official-sdk)

MaxMind ships an [official PHP SDK](https://github.com/maxmind/minfraud-api-php) that you can absolutely use. This library exists for projects that want a smaller surface area — it's framework-aware (transient cache, `wp_remote_*` transport, no Composer-level Guzzle / PSR-7 deps) and exposes only the Score endpoint, which is what most rule engines actually need.

If you need Insights or Factors (subscores for IP location, email reputation, device, etc.), use the official SDK or open an issue.

License
-------

[](#license)

GPL-2.0-or-later

###  Health Score

19

—

LowBetter than 10% of packages

Maintenance61

Regular maintenance activity

Popularity0

Limited adoption so far

Community6

Small or concentrated contributor base

Maturity11

Early-stage or recently created project

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

### Community

Maintainers

![](https://www.gravatar.com/avatar/cd6eb8aff0903d87eb674d1ba3c5f3653899c0d7661504eb0deb7798ed86b643?d=identicon)[arraypress](/maintainers/arraypress)

---

Top Contributors

[![arraypress](https://avatars.githubusercontent.com/u/22668877?v=4)](https://github.com/arraypress "arraypress (2 commits)")

### Embed Badge

![Health badge](/badges/arraypress-maxmind-minfraud/health.svg)

```
[![Health](https://phpackages.com/badges/arraypress-maxmind-minfraud/health.svg)](https://phpackages.com/packages/arraypress-maxmind-minfraud)
```

###  Alternatives

[ziming/laravel-zxcvbn

Zxcvbn Password validation rule for Laravel

3064.3k](/packages/ziming-laravel-zxcvbn)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)