Don’t create users for failed payments?

  • Resolved Rene Morozowich

    (@renemorozowich)


    1 year, 11 months ago

    I have one membership level that’s protected with a v2 Recaptcha. It seems like what’s happening (and I’ve tested this) is that fake users are signing up with a bogus credit card number. The payment fails, but the user is still created and people can log in. It’s been a lot of spam to deal with.

    Is there a way to NOT create the user if the payment fails?

    The page I need help with: [log in to see the link]

Viewing 6 replies - 16 through 21 (of 21 total)
  • Thread Starter Rene Morozowich

    (@renemorozowich)

    I am using Wordfence, that’s how I know new users are being registered.

    You mention the “User’s table” – do you mean in the Dashboard under Users, or somewhere in PMPro? I am running 2.11.1 and don’t see anything under Users on the Dashboard.

    I was still receiving spam signups, I think due to credit card testing. In addition to everything I’ve mentioned in previous threads and tried, I also changed the slug of the sign up page and haven’t had any since (about two weeks). Fingers crossed. The last time I dealt with this, there were over 400 fake users that I had to remove.

    Plugin Author Andrew Lima

    (@andrewza)

    Thanks for letting me know Rene, I was hoping that WordFence Firewall would catch card testers/spammers.

    I do mean under the Users table within the WordPress admin, here’s a link to the documentation regarding this – https://www.paidmembershipspro.com/users-created-at-checkout/#:~:text=If%20PMPro%20detects%20there%20as,other%20action%20on%20your%20site.

    If you are using Stripe, I recommend to look at using Stripe Checkout and configuring Stripe Radar rules to be more aggressive to card testing. Please let us know if this returns as we are working in combatting spammers as best we can.

    Thread Starter Rene Morozowich

    (@renemorozowich)

    It seems to finally have calmed down. I will continue to keep an eye on it and also check out Stripe if needed.

    A screenshot would be helpful regarding what to look for on the Users table. I checked the link but still didn’t really see or understand how my Users table would look different if spam users were identified.

    Thanks!

    Plugin Support Kim White

    (@kimwhite)

    Hello Rene,

    Here is a shot of what your User List will look like when a suspected, see the new link for “Potential Spam Checkouts”
    https://ibb.co/W2PTd3z

    You can then bulk delete or edit users as you see fit.

    https://ibb.co/gtXnYbY

    Let me know if this helps!

    Kim W

    Thread Starter Rene Morozowich

    (@renemorozowich)

    Excellent, thank you!!

    Having similar issue here – I’m getting swarms of about 200 sign ups within 5 minutes. I have Wordfence, reCaptcha 3 and Akismet Integration plugin installed. I’ll increase the failed payments (‘PMPRO_SPAM_ACTION_NUM_LIMIT’), but looking at the failed payments in Stripe, they seem to be coming from different locations / IP addresses, so that might improve but not solve it. From this pattern, there needs to be something like: if more than 3 sign ups in the same 60 second period, then additional level of spam checking (subject-specific question related to the site) for the next 10 minutes.

Viewing 6 replies - 16 through 21 (of 21 total)
  • The topic ‘Don’t create users for failed payments?’ is closed to new replies.