Woocommerce thousands of failed payment attempts

  • Resolved batcom

    (@batcom)


    2 years, 10 months ago

    Hi, last night I had someone try over 4000 failed orders through Woocommerce. It looks like an account was created and then 2 or 3 failed purchases (through Stripe) were attempted and then another user account gets created that’s slightly different and a couple more failed attempts were made. No orders were successful and besides removing over 4000 failed orders and 1300 users I don’t think there’s any damage done. I’m just wondering if there’s anything I can do to stop this sort of thing? I have Wordfence premium and I’ve had a look at the settings but can’t find anything since he creates new user accounts all the time. It looks like it’s scripted considering the amount of orders in 1 night. I have recaptcha v3 on and set at .5, should I change this setting to see if it stops them from being able to create accounts automatically?

Viewing 1 replies (of 1 total)

  • Thanks for reaching out.

    Since you are a Premium customer you can reach out to us by opening a Premium support ticket. We have a video that shows how (Premium starts at the 2 minute mark I believe):
    https://youtu.be/NLswn9SkNY0

    I’d look at the reCaptcha score settings to see what users are usually recorded as (bot or human). You may have to adjust the settings more towards 0.0 so it picks it up easier. It definitely seems like a bot attacking. Move a tick at a time to see what setting works best.

    The Rate Limiting Rules might help too. Try setting them lower for bots and see if that helps.

    Tim

Viewing 1 replies (of 1 total)
  • The topic ‘Woocommerce thousands of failed payment attempts’ is closed to new replies.