PHPackages freento/module-disable-carts-endpoint - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. freento/module-disable-carts-endpoint ActiveMagento2-module[Security](/categories/security) freento/module-disable-carts-endpoint ===================================== Magento 2 module that blocks the PUT /V1/guest-carts/:cartId/order REST API endpoint to prevent card testing (carding) attacks via guest checkout. 00PHP Since Mar 26Pushed 3mo agoCompare [ Source](https://github.com/Freento/DisableCartsEndpoint)[ Packagist](https://packagist.org/packages/freento/module-disable-carts-endpoint)[ RSS](/packages/freento-module-disable-carts-endpoint/feed)WikiDiscussions master Synced 3w ago READMEChangelogDependenciesVersions (1)Used By (0) Freento\_DisableCartsEndpoint ============================= [](#freento_disablecartsendpoint) Magento 2 module that blocks the `PUT /V1/guest-carts/:cartId/order` REST API endpoint to prevent card testing (carding) attacks via guest checkout. Problem ------- [](#problem) Magento's core exposes `PUT /V1/guest-carts/:cartId/order` as an anonymous endpoint (`ref="anonymous"`). It is not used by the default frontend checkout but is fully functional. Bots exploit it to test stolen credit cards — they can place orders with minimal API calls and no authentication. How it works ------------ [](#how-it-works) The module intercepts requests at the WebAPI validation layer via a plugin on `RequestValidatorInterface`. When enabled, any `PUT` request matching `/V1/guest-carts/:cartId/order` is rejected with a 404 response, making the endpoint appear non-existent. The standard checkout endpoint `POST /V1/guest-carts/:cartId/payment-information` is **not affected**. Installation ------------ [](#installation) ``` composer require freento/module-disable-carts-endpoint bin/magento module:enable Freento_DisableCartsEndpoint bin/magento setup:upgrade ``` Configuration ------------- [](#configuration) The module is **disabled by default**. Enable it in the admin panel: **Stores → Configuration → Freento → Disable Carts Endpoint → General Settings → Disable PUT /V1/guest-carts/:cartId/order endpoint → Yes** Compatibility ------------- [](#compatibility) - Magento 2.4.x - Adobe Commerce / Magento Open Source ### Health Score 18 — LowBetter than 8% of packages Maintenance55 Moderate activity, may be stable Popularity0 Limited adoption so far Community2 Small or concentrated contributor base Maturity12 Early-stage or recently created project How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/98f431f566f9a6d2cbe0e346430548851a8aba22f9bdf8efef8429a549b84513?d=identicon)[Freento](/maintainers/Freento) ### Embed Badge ![Health badge](/badges/freento-module-disable-carts-endpoint/health.svg) ``` [![Health](https://phpackages.com/badges/freento-module-disable-carts-endpoint/health.svg)](https://phpackages.com/packages/freento-module-disable-carts-endpoint) ``` ### Alternatives [mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k18.0M137](/packages/mews-purifier)[paragonie/ecc PHP Elliptic Curve Cryptography library 24772.0k35](/packages/paragonie-ecc) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)