Fake orders creating WordPress User accounts

Resolved bobwey1
(@bobwey1)

1 year, 8 months ago

I am using Woocommerce 4.6.1, along with a few additional Woocommerce plugins. Yesterday I found that over the past week I have received 3 fake orders. I found that they are the same as have been reported by others to be a prelude to a hack. (https://wordpress.org/support/topic/failed-orders-fake-information/). What I also found is that, along with the fake orders, 3 new WordPress user accounts were created with a Customer role. Subsequent to the last fake order, customer account creation, Wordfence blocked a rankmath attempt ( was blocked by firewall for WAF-RULE-233 at https://blackwatercreatures.com/wp-json/rankmath/v1/updateMeta). Try as I may, I cannot get the right Google search to address the WordPress User/customer account creation. Any help/suggestions would be greatly appreciated.

Bob

Viewing 15 replies - 1 through 15 (of 15 total)

Plugin Support RK a11n
(@riaanknoetze)

1 year, 8 months ago
Hi there,

To mitigate that, you could try the following:
- Setting up IP region based blocks in your hosting panel setup (or asking your hosting provider to do that)
- At Captcha or Honeypots on the account creation/checkout pages (there are 3rd party plugins that can help with that;
- If you’re using Stripe, you could also enable Radar in your payment settings at https://dashboard.stripe.com/
- Consider using a plugin like https://woocommerce.com/products/woocommerce-anti-fraud/
Thread Starter bobwey1
(@bobwey1)

1 year, 8 months ago

Thanks, but none of suggestions seem to address HOW WordPress user accounts are being created. The site has 2 administrative user accounts and these fake orders created 3 additional accounts. In the past 24 hours I’ve been hit with 50 rankmath attempts, which I assume are trying to elevate the bogus user accounts. In all of the entries in the Failed Orders – Fake Information thread, most of the fake orders have timed out and auto-cancelled. Nobody else mentioned the added user accounts, which I think is the real reason behind the fake orders. So my question remains: How can an (fake) order be used to create a new WordPress user account?

madriverweb
(@madriverweb)

1 year, 8 months ago

I am having a similar problem on one site, the creation of three customer users. This site does not take orders yet, however. We simply use WooCommerce for the product custom post at this time. How are the users being created?

madriverweb
(@madriverweb)

1 year, 8 months ago

@bobwey1 see relevant post https://wordpress.org/support/topic/customer-users-mysteriously-being-created/. I don’t have the Wordfence info that you have, but agree that I’d like to get to the bottom of this rather than try to prevent with another plugin.

Jackson Whelan
(@madjax)

1 year, 8 months ago

hey @madriverweb we are seeing this issue on multiple sites with user registration disabled. do you have access logs for the site in question? I am trying to pull some info together to start an issue at Woo’s github repo to get attention of devs.

PS – We met in VT

Plugin Support Con a11n
(@conschneider)

Automattic Happiness Engineer

1 year, 8 months ago

Hi everyone,

> I am having a similar problem on one site, the creation of three customer users. This site does not take orders yet, however. We simply use WooCommerce for the product custom post at this time. How are the users being created?

Our development is aware of the problem and will be releasing a fix release in the next 1-2 days. I cannot disclose more details at the moment. But I’ll update the post once the WooCommerce fix release is publicly available.

Kind regards,

Plugin Support Con a11n
(@conschneider)

Automattic Happiness Engineer

1 year, 8 months ago

Here you go:

https://developer.woocommerce.com/2020/11/05/woocommerce-4-6-2-fix-release/

Plugin Support Ena P (a11n)
(@drwpcom)

1 year, 7 months ago

Hi @madjax. The issue should be resolved now. If you have any other questions, please start a new thread.

catdec
(@catdec)

1 year, 6 months ago

Today fake orders again…

Jackson Whelan
(@madjax)

1 year, 6 months ago

@catdec got any details? Eg: what version of Woo are you running, what other plugins are in play?

catdec
(@catdec)

1 year, 6 months ago

all latest versions, everything updated, only 3 shops got fake orders.
I have now re-enabled the Stop fake orders plugin and everything is ok.

georgiedavies
(@georgiedavies)

1 year, 5 months ago

I also had one today and have the latest version of Woocommerce. Have now installed the Block Specific Spam Woo Orders plugin but wanted to report that I am still having these fake orders and have had three user accounts created which I have now deleted

cacabe
(@cacabe)

1 year, 5 months ago

lie !
I installed the plugin on 40 shops and none got any more fake order after installing !
I think you just need to learn to ACTIVATE a plugin after installing it…
ridiculous !

coprob
(@coprob)

1 year, 5 months ago

I also had one today and have the latest version of Woocommerce. Have now installed the Block Specific Spam Woo Orders plugin but wanted to report that I am still having these fake orders and have had three user accounts created which I have now deleted

Did you delete the fake user accounts using

A) Delete all content ???
or
B) Attribute all content ( to me)???

cacabe
(@cacabe)

1 year, 5 months ago

not sure what you are talking about.
Delete the user and delete the fake order, that’s all.

Viewing 15 replies - 1 through 15 (of 15 total)

The topic ‘Fake orders creating WordPress User accounts’ is closed to new replies.

Views