reCaptcha triggers too late on customer creation

  • Resolved ergec

    (@ergec)


    1 year, 3 months ago

    The issue lies in the order of function calls within the registration process of WooCommerce. Specifically, the check_woo_register_form function is linked to woocommerce_register_post, which in turn is connected to wc_create_new_customer for registering new customers. The problem arises because woocommerce_register_post is activated after the email_exists check, rendering the idea of using reCaptcha obsolete. This setup creates a vulnerability where the site can potentially be brute-forced to determine email existence since the system checks email existence before the captcha process.

    Is there a way to rearrange the process so that the Captcha validation occurs before the email_exists check, thereby strengthening the security of the registration system?

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘reCaptcha triggers too late on customer creation’ is closed to new replies.