Panic Button
5 min read
The Panic Freeze button is TrustLens’s emergency stop for card-testing attacks. One click halts every checkout in your store for 15 minutes, giving you breathing room to investigate, tune, and decide on a response while the attack stops costing you money. This page covers when to use it, what happens when you do, and how it interacts with the rest of Card-Testing Defense.
What It Does #
When Panic Freeze is active:
- Every checkout attempt is rejected at the Request Gate before reaching the payment gateway
- Both Classic and Blocks checkout are blocked
- A banner appears across the WordPress admin showing freeze status and remaining time
- The customer sees a generic checkout error — no specific message that the store is frozen
- VIP bypass still applies if enabled (VIPs can still complete checkout)
- Admin-side actions (refunds, order edits, etc.) continue normally
The freeze lasts 15 minutes by default. You can cancel it manually at any time from the same button (which becomes a “Cancel Freeze” button while active).
Where to Find It #
| Location | Notes |
|---|---|
| TrustLens → Card Testing page | Primary location — large red button at top of page |
| Dashboard Quick Actions | One-click access from the main TrustLens Dashboard |
| Card Testing dashboard widget | Inline button on the dashboard widget |
All three triggers produce the same effect — there’s only one freeze state. Clicking from any location turns the freeze on or off.
When to Use It #
Panic Freeze is the right tool when:
- Velocity rules aren’t catching the attack. An attack distributed across many fingerprints can stay below per-fingerprint thresholds while still causing damage. Freeze stops it cold.
- You need time to investigate. Tuning thresholds or adding fingerprint allowlists takes a few minutes — Panic Freeze buys you that time.
- You’re seeing rapid chargeback or decline spikes. Even if you’re not sure it’s a card-testing attack, the freeze is a safe stop.
- You’ve been notified of a breach. Your processor or a payment partner has flagged unusual activity.
It’s the wrong tool when:
- You have a legitimate flash-sale spike — that’s not an attack
- One or two customers are reporting checkout issues — investigate individually first
- You suspect an issue but haven’t checked the Card Testing page for evidence
What Happens During the 15 Minutes #
Use the freeze time productively:
- Open the Card Testing page and look at recent decline events
- If on Pro, open the Attack History tab — review the 24-hour decline trend, decline-code breakdown, and top fingerprints
- Identify whether the attack is bursty (single fingerprint, fast) or distributed (many fingerprints)
- If bursty, the per-fingerprint lockout should already be catching it. Verify the attacking fingerprint is locked.
- If distributed, tighten velocity thresholds, or add IP CIDR ranges to the block list (Pro)
- Document the attack pattern for future reference
When you’re ready, cancel the freeze and watch the next few minutes carefully. If the attack resumes, you can refreeze.
VIP Bypass During a Freeze #
The VIP customer bypass setting determines whether VIPs can check out during a freeze. By default it’s on — meaning your top customers aren’t disrupted even when the store is otherwise frozen.
If you specifically want to halt all checkouts during the freeze (e.g. you’re certain VIP fingerprints have been compromised), turn off VIP bypass before activating the freeze.
Auto-Escalation (Pro) #
Pro can trigger Panic Freeze automatically when an attack escalates beyond what per-fingerprint lockouts can handle. The default trigger:
- 3 distinct fingerprints hit velocity thresholds within a 10-minute window
- Geo-diversity safeguard confirms the pattern looks like an attack, not legitimate viral traffic
When auto-escalation fires, the freeze activates automatically and a Slack/email alert is sent. The admin banner shows the auto-escalation as the trigger so you know it wasn’t manually invoked.
See Auto-Escalation (Pro) for the full configuration.
What the Customer Sees #
During a freeze, customers attempting checkout see a generic error:
“We’re unable to process your order at this time. Please try again in a few minutes.”
The wording is deliberately non-specific — it doesn’t reveal that you’ve activated a defense mechanism. This is intentional: revealing the freeze would tell an attacker that they’ve succeeded in tripping the defense, which is information they don’t need.
The error message is customizable in Settings → Modules → Card Testing if you want a different tone.
Activation Audit Log #
Every Panic Freeze activation and deactivation is logged with:
- Timestamp
- Who triggered it (admin username or “auto-escalation”)
- Duration
- Reason (manual / auto-escalation / cancel)
The log is visible on the Card Testing page and exported in the standard automation log export. Useful for post-incident review.
Limits and Edge Cases #
- Maximum duration: 15 minutes. You can refreeze immediately after, but each freeze caps at 15 minutes to prevent an admin from accidentally leaving the store frozen indefinitely.
- Concurrent freezes: Only one freeze state exists at a time. Triggering while a freeze is active extends nothing — it’s already maxed.
- Subscription orders: Renewal orders processed via WooCommerce Subscriptions may bypass the freeze if they don’t go through the standard checkout flow. Verify your subscription plugin’s behavior if this matters.
- API orders: Orders created via REST API (custom integrations) are not subject to the freeze unless they go through the Request Gate’s checkout endpoint.
Alerting #
Pro sends a panic_button_activated alert to configured Slack channels and email recipients on activation. The alert includes:
- Who triggered it (admin or auto-escalation)
- Recent decline-count context
- Top attacking fingerprints
- Link to the Card Testing page
This is useful for distributed teams — the operations engineer who hits the button might not be the same person investigating, and the alert keeps everyone aligned.
