Support » Plugin: WooCommerce » Failed Orders – Fake Information

  • Resolved mywebmaestro


    This morning I had several clients report they’ve been seeing “failed orders” in their stores, where the payment failed and the info was obviously fake. (See below.) I haven’t found any reference to this online yet, but wanted to know if there’s a way to determine if this is a general software spam attack against woocommerce stores overall, or something specific to sites on my server. Has anyone else here seen this? Or is there some way I can determine more information and/or protect against it?

    Order info:
    bbbbb bbbbb
    74 xxxxxxx Rd
    EX14 5HN
    United Kingdom (UK)
    xxx xxxx xxxx (another one used

Viewing 15 replies - 121 through 135 (of 159 total)
  • celsta


    Another thanks here @wigster

    But could you please tell us how to add more emails or order names if we want to block more fake orders from different email addresses ?

    thanks again for your help !



    Yes, thanks mywebmaestro for the post with the detail, I’ve had multiple such “failed” transactions with the same bogus info. Thanks also to the folks who have posted suggestions.



    @celsta Currently there’s no extra functionality in my plugin for that kind of thing.
    I will try and update it manually for the moment if the spam orders change. When the WordPress team have accepted my plugin into their official plugin network I will begin adding further dynamic functionality.

    @mvenkadesan those settings will allow account creation, some of us here have all those options unchecked and still got user accounts created.




    Thanks for the Link on how to find the logs… I got it but don’t want to make it public here. Is there a way to PM or e-mail you the relevant part?


    @wpstack92 you can email me here – – and send a link to Dropbox, google drive – whatever to download.







    @madjax : Thank you for the clarification. One question: how do I find logs for an AWS LightSail Bitnami instance of WordPress?



    @wigster : I would suggest the following modified code of your plugin so that it can block domains in a case-insensitive manner and also allow the easy addition of multiple domains as an array.

    if ( ! defined( 'ABSPATH' ) ) {
        exit; // Exit if accessed directly
     * Check if WooCommerce is active
    if ( in_array( 'woocommerce/woocommerce.php', apply_filters( 'active_plugins', get_option( 'active_plugins' ) ) ) ) {
        add_action( 'woocommerce_after_checkout_validation', 'block_spam_checkout', 10, 2 );
        function block_spam_checkout( $fields , $errors) {
            $blacklisted_domains = array (
            $is_bad = !(empty(
                array_filter($blacklisted_domains, function($list) use ($fields) {
                return stripos($fields[ 'billing_email' ] , $list);
            if ($is_bad ) {
                $errors->add( 'validation', 'Spam attempt.' );

    @wpstack92 got it thanks – it looks like they were hitting /my-account/ – but you’re saying you had all these settings unchecked at the time?

    WP Settings > General
    “Anyone can register” ?

    WooCommerce Settings > Accounts & Privacy
    “Allow customers to create an account during checkout” ?
    “Allow customers to create an account on the “My account” page” ?




    I have all those settings unchecked, but they successfully managed to create the fake order and the fake user.



    I have read about half of the pages on this thread, so I may have missed things.
    I suspect that reCAPTCHA may not protect against this issue.
    Until the source of the issue is found, I would recommend restricting shipping addresses to places that the websites actually ship to. Of course, this would not help people who ship world-wide, or who want to sell digital goods anywhere, but it should help a significant percentage of sites.

    @carike I agree, wish I was able to recreate it



    Just FYI, I posted a bit of an analysis further back here:

    it was initially held for moderation, but seems to have been approved now.



    Does anyone know the IP#(s) that is being used?

Viewing 15 replies - 121 through 135 (of 159 total)
  • The topic ‘Failed Orders – Fake Information’ is closed to new replies.