Carding attacks and charges on the free version
-
Hi,
I installed and set up this plugin on a website. Unfortunately not much later the form was used for a carding attack – a huge number of card credentials were tried in an apparently automated attack. The site owner then had to go through refunding all those that worked (and accept the financial losses since Stripe no longer refund fees on successful payments).
Please can you add some protection to the plugin against automated attacks? E-commerce websites have a lot of different approaches to this…
… though now that I look further, I see that you have some in your “Professional” version. I certainly have no problem with Premium plugins (one has to make money to be able to invest in keeping plugins alive), but please would you reconsider this? Essentially “close the wide open door in the free version for bots to cause havoc on your website and Stripe account” makes for a poor Premium feature. The free version isn’t really usable for anyone if installing it opens that door – anyone who installs it is a sitting target, just waiting for bots to find and exploit their site.
I’m not complaining – nobody has to give me anything for free (pay nothing, you’re owed nothing!). But as I say, “free version opens you up to havoc, but there’s a paid version to fix that” is an unpleasant experience, in practice even when that’s not what anyone intended.
David
- You must be logged in to reply to this topic.