@siriusgamez
for my card test attack i added a bit of php code using WPCode Code Snippets plug in.
It was very effective, i know only get DRAFT orders as the code blocked a payment attempt from any bot that hit the WooCommerce checkout API directly, so the attackers dont seem to use the website pages but just submit the checkout info directly via the WooCommerce API. As they have no referring webpage it is easy to identify and block them. Let me know if you want a copy of the php code (its only a few lines, i got it from chatgpt)
Rhys
