Is WooCommerce Guest Checkout Protected?

  • Resolved linux4me2

    (@linux4me2)


    2 years, 1 month ago

    I’m running a site with the latest versions of WooCommerce and WF Login Security installed. In WooCommerce, “Allow customers to place orders without an account” (guest checkout) is enabled. I have WooCommerce integration enabled in WF Login Security, and the reCAPTCHCA logo is appearing on the checkout page; however, I got over one thousand orders in less than an hour from a single IP address before we caught it and were able to block the IP. All the orders were via guest checkout.

    If I look at the reCAPTCHA score history, it shows that only 79 orders scored a 0.7, and 42 scored a 0.0. All the other orders scored a 0.9, so if it’s up-to-date, it doesn’t look like WF Login Security was identifying the orders as ‘bots.

    Is WF Login Security active with WooCommerce guest checkout?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfphil

    (@wfphil)

    Hi @linux4me2

    Our login security features only apply to the custom WooCommerce login and registration page.

    Thread Starter linux4me2

    (@linux4me2)

    Hi @wfphil

    Thanks for letting me know.

    If you’re looking for a way to improve the plugin, adding support for WooCommerce guest checkout would be a great improvement. Card-testing attacks are a real problem for WooCommerce, and difficult to block without hurting the checkout experience for real customers.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Is WooCommerce Guest Checkout Protected?’ is closed to new replies.