Support » Plugin: WooCommerce » Fake orders creating WordPress User accounts

  • Resolved bobwey1

    (@bobwey1)


    I am using Woocommerce 4.6.1, along with a few additional Woocommerce plugins. Yesterday I found that over the past week I have received 3 fake orders. I found that they are the same as have been reported by others to be a prelude to a hack. (https://wordpress.org/support/topic/failed-orders-fake-information/). What I also found is that, along with the fake orders, 3 new WordPress user accounts were created with a Customer role. Subsequent to the last fake order, customer account creation, Wordfence blocked a rankmath attempt ( was blocked by firewall for WAF-RULE-233 at https://blackwatercreatures.com/wp-json/rankmath/v1/updateMeta). Try as I may, I cannot get the right Google search to address the WordPress User/customer account creation. Any help/suggestions would be greatly appreciated.

    Bob

Viewing 15 replies - 1 through 15 (of 15 total)
  • Plugin Support RK a11n

    (@riaanknoetze)

    Hi there,

    To mitigate that, you could try the following:

    Thread Starter bobwey1

    (@bobwey1)

    Thanks, but none of suggestions seem to address HOW WordPress user accounts are being created. The site has 2 administrative user accounts and these fake orders created 3 additional accounts. In the past 24 hours I’ve been hit with 50 rankmath attempts, which I assume are trying to elevate the bogus user accounts. In all of the entries in the Failed Orders – Fake Information thread, most of the fake orders have timed out and auto-cancelled. Nobody else mentioned the added user accounts, which I think is the real reason behind the fake orders. So my question remains: How can an (fake) order be used to create a new WordPress user account?

    I am having a similar problem on one site, the creation of three customer users. This site does not take orders yet, however. We simply use WooCommerce for the product custom post at this time. How are the users being created?

    @bobwey1 see relevant post https://wordpress.org/support/topic/customer-users-mysteriously-being-created/. I don’t have the Wordfence info that you have, but agree that I’d like to get to the bottom of this rather than try to prevent with another plugin.

    hey @madriverweb we are seeing this issue on multiple sites with user registration disabled. do you have access logs for the site in question? I am trying to pull some info together to start an issue at Woo’s github repo to get attention of devs.

    PS – We met in VT

    Plugin Support Con a11n

    (@conschneider)

    Automattic Happiness Engineer

    Hi everyone,

    > I am having a similar problem on one site, the creation of three customer users. This site does not take orders yet, however. We simply use WooCommerce for the product custom post at this time. How are the users being created?

    Our development is aware of the problem and will be releasing a fix release in the next 1-2 days. I cannot disclose more details at the moment. But I’ll update the post once the WooCommerce fix release is publicly available.

    Kind regards,

    Plugin Support Con a11n

    (@conschneider)

    Automattic Happiness Engineer

    Plugin Support Ena P (a11n)

    (@drwpcom)

    Hi @madjax. The issue should be resolved now. If you have any other questions, please start a new thread.

    Today fake orders again…

    @catdec got any details? Eg: what version of Woo are you running, what other plugins are in play?

    all latest versions, everything updated, only 3 shops got fake orders.
    I have now re-enabled the Stop fake orders plugin and everything is ok.

    I also had one today and have the latest version of Woocommerce. Have now installed the Block Specific Spam Woo Orders plugin but wanted to report that I am still having these fake orders and have had three user accounts created which I have now deleted

    lie !
    I installed the plugin on 40 shops and none got any more fake order after installing !
    I think you just need to learn to ACTIVATE a plugin after installing it…
    ridiculous !

    I also had one today and have the latest version of Woocommerce. Have now installed the Block Specific Spam Woo Orders plugin but wanted to report that I am still having these fake orders and have had three user accounts created which I have now deleted

    Did you delete the fake user accounts using

    A) Delete all content ???
    or
    B) Attribute all content ( to me)???

    not sure what you are talking about.
    Delete the user and delete the fake order, that’s all.

Viewing 15 replies - 1 through 15 (of 15 total)
  • The topic ‘Fake orders creating WordPress User accounts’ is closed to new replies.