Spam orders despite maintenance mode on

Hi @cshinkin ,

I’m sorry to hear about your experience with spam orders, even while using Cloudflare and Maintenance Mode. To investigate this further, could you please provide answers to the following questions?

1. When did the issue start? Was it after a plugin update or any changes made to your site?
2. Have you noticed any patterns, such as orders originating from a specific country, IP address, or payment method?
3. Could you share a screenshot of the order notes for these spam orders? If you don’t have a screenshot tool, you can use Snipboard.io to easily share screenshots.

Additionally, it would help us to review your current System Status Report for more insight into your setup. You can find this report in your WooCommerce dashboard by going to:
WooCommerce > Status. From there, click Get System Report and then select Copy for Support to share it with us.

If there are any fatal error logs, please share those as well. These can be accessed under:
WooCommerce > Status > Logs

Once you’ve gathered this information, please paste it into a Code block in your reply or use Pastebin to share the link with us.

Thank you for your cooperation! We’ll do our best to assist you further.

After WooCommerce update but may well be coincidence. Majority UK addresses and email address name includes like a 6 number set.

https://drive.google.com/drive/folders/1qHYUhS2PC3gsxLRkRCkn6E7YYG5H6T7u?usp=drive_link

Hi @cshinkin ,

Thank you for sharing the screenshot, logs, and System Status Report. This information is very helpful.

After reviewing the logs, I didn’t find anything suspicious that could directly contribute to the issue. However, I noticed that you have 68 active plugins, which might increase the likelihood of conflicts or vulnerabilities. Since you mentioned that orders are coming through even when visibility mode is off, this suggests there might be an exception or internal issue.

Additionally, as your website is in maintenance mode and not visible in other browsers, some activities may be happening internally. Automated bots can exploit vulnerabilities to place spam orders, and while Cloudflare provides protection, sophisticated bots may still bypass basic defenses. Any chance If your site has been compromised, attackers may have found a way to bypass standard protections.

Here are some recommendations to address the issue:

1. Ensure all plugins, themes, and the WordPress core are updated to their latest versions. With so many plugins active, it’s crucial to rule out any outdated or vulnerable ones.
2. Add CAPTCHA to your checkout and registration forms to deter bots. You can use the Google reCAPTCHA for WooCommerce plugin.
3. Consider using an anti-fraud plugin, such as WooCommerce Anti-Fraud, to detect and block fraudulent orders.
4. Disable guest checkout and require customers to create an account before placing orders. This can significantly reduce spam orders.
5. Use Cloudflare’s firewall settings to block suspicious IP addresses or specific countries from which spam orders originate.
6. Additionally, you can require customers to verify their email addresses before completing orders. You can use the steps outlined here: Customer Email Verification.

Let us know once you’ve had a chance to review and implement these steps.