Title: Bot attack
Last modified: November 22, 2024

---

# Bot attack

 *  Resolved [mattdss](https://wordpress.org/support/users/mattdss/)
 * (@mattdss)
 * [1 year, 6 months ago](https://wordpress.org/support/topic/bot-attack-2/)
 * Hi, I have a Woocommerce site which is currently undergoing a bot attack which
   I need some advice on.
 * This is an Australian store but sells internationally and it is having multiple
   failed orders an hour. The IP addresses from the orders have a wide range between
   them, but all use the same format email address – [name.numbers@gmail.com](https://wordpress.org/support/topic/bot-attack-2/name.numbers@gmail.com?output_format=md)
 * There is Wordfence installed to block traffic from the usual bot countries such
   as China, Russia, India etc and the Analytics is showing that traffic is coming
   from Australia.
 * I have installed reCapture at checkout and set this to the strongest setting 
   but having no effect.
 * I am not sure how to proceed further with this so any suggestions would be really
   appreciated.
 * Many thanks
    -  This topic was modified 1 year, 6 months ago by [mattdss](https://wordpress.org/support/users/mattdss/).
 * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fbot-attack-2%2F%3Foutput_format%3Dmd&locale=en_US)
   to see the link]_

Viewing 12 replies - 1 through 12 (of 12 total)

 *  [ckadenge (woo-hc)](https://wordpress.org/support/users/ckadenge/)
 * (@ckadenge)
 * [1 year, 6 months ago](https://wordpress.org/support/topic/bot-attack-2/#post-18156031)
 * Hello [@mattdss](https://wordpress.org/support/users/mattdss/),
 * Thank you for reaching out.
 * I’m sorry to hear about the bot attack you’re experiencing on your site.
 * To tackle this, you could consider using a more comprehensive security, which
   offers a website firewall that can block suspicious activities.
 * Another step could be to block the specific email format you mentioned. You can
   do this by using a plugin which allows you to block certain email formats from
   registering or placing orders.
 * Lastly, you might want to consider enabling two-factor authentication (2FA) on
   your site. This adds an extra layer of security as it requires users to verify
   their identity using a second method, in addition to their password.
 * I hope this helps.
 *  [pdagency](https://wordpress.org/support/users/pdagency/)
 * (@pdagency)
 * [1 year, 6 months ago](https://wordpress.org/support/topic/bot-attack-2/#post-18157942)
 * Hello,
 * We are also experiencing fraudulent attacks involving card testing. Despite using
   various paid plugins, such as [Google reCAPTCHA for WooCommerce](https://woocommerce.com/products/google-recaptcha-for-woocommerce/)
   and [reCAPTCHA for WooCommerce](https://woocommerce.com/products/recaptcha-for-woocommerce/),
   the bots are still able to bypass the reCAPTCHA process. This results in approximately
   8 to 10 failed orders every 15 minutes.
 * As a temporary workaround, we have disabled guest checkout and now require users
   to register or log in before proceeding with checkout.
 * We would greatly appreciate any recommendations or solutions to help us securely
   re-enable guest checkout, as it previously worked without any issues.
   Best,PDA
 *  Plugin Support [shahzeen(woo-hc)](https://wordpress.org/support/users/shahzeenfarooq/)
 * (@shahzeenfarooq)
 * [1 year, 6 months ago](https://wordpress.org/support/topic/bot-attack-2/#post-18159583)
 * Hi there!
 * I understand how frustrating this can be, especially since you’ve already tried
   using the reCAPTCHA plugin but are still receiving spam orders.
 * I recommend trying our **WooCommerce Anti-Fraud** plugin to help prevent fake
   or fraudulent orders: [WooCommerce Anti-Fraud](https://woocommerce.com/products/woocommerce-anti-fraud/).
 * Alternatively, you can try this free plugin: [Woo Blocker Lite – Prevent Fake Orders and Blacklist Fraud Customers](https://wordpress.org/plugins/woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers/).
 * I hope this helps!
 *  [denialdesign](https://wordpress.org/support/users/denialdesign/)
 * (@denialdesign)
 * [1 year, 6 months ago](https://wordpress.org/support/topic/bot-attack-2/#post-18164597)
 * I’ve been looking in to this for the last few days for clients of mine. ReCAPTCHA
   and disabling guest checkout do nothing. It appears the orders are being placed
   by the API so if you can restrict access to wp-json without harming other parts
   of your store then that might help.
 *  [freeserv](https://wordpress.org/support/users/freeserv/)
 * (@freeserv)
 * [1 year, 6 months ago](https://wordpress.org/support/topic/bot-attack-2/#post-18175558)
 * I’ve also found that recaptcha and disabling guest checkout checkout hasn’t stopped
   the multitude of failed order attacks we’ve been subject to. A call to PAYPAL
   confirmed the events that started mid November but no useful remedies have yet
   to be offered up by WordPress, WooCommerce or PAYPAL.
 *  [fidouk](https://wordpress.org/support/users/fidouk/)
 * (@fidouk)
 * [1 year, 6 months ago](https://wordpress.org/support/topic/bot-attack-2/#post-18177024)
 * We are in the same situation, We tried revoking and creating new API keys on 
   every tool we use but it is still happening. Any ideas on what’s next? we use
   [https://wordpress.org/plugins/traffic/](https://wordpress.org/plugins/traffic/)
   to monitor API traffic.
 *  [ckadenge (woo-hc)](https://wordpress.org/support/users/ckadenge/)
 * (@ckadenge)
 * [1 year, 6 months ago](https://wordpress.org/support/topic/bot-attack-2/#post-18179515)
 * Hi all,
 * Are you all able to confirm if you’re using the WooCommerce PayPal payments plugin?
   If you are, could you please temporarily disable the plugin and check if this
   stops the attacks and let us know so that we can further investigate the issue.
 * Looking forward to hearing back from you.
 *  [freeserv](https://wordpress.org/support/users/freeserv/)
 * (@freeserv)
 * [1 year, 6 months ago](https://wordpress.org/support/topic/bot-attack-2/#post-18180255)
 * I’m currently on Version 2.9.4 and disabled PayPal in my woocom settings yesterday.
   Since then I haven’t had any ‘failed orders’ but then I expected that to be the
   case. It seemed to me it was a choice to continue with the problem or take a 
   hammer to PayPal which effectively has removed my ability to transact with my
   customers in the way we are accustomed to doing.
 * We are now reevaluating our association with PayPal.
 *  [ckadenge (woo-hc)](https://wordpress.org/support/users/ckadenge/)
 * (@ckadenge)
 * [1 year, 6 months ago](https://wordpress.org/support/topic/bot-attack-2/#post-18181793)
 * Hi [@freeserv](https://wordpress.org/support/users/freeserv/),
 * Thank you for confirming this with us.
 * I’ve passed this information to our engineers, and they’re looking into the issue.
   We’ll reach out here with a possible permanent solution to this.
 * In the meantime, we’ve got a couple of payment gateways that you can choose from.
   Please do take a look at them [here](https://woocommerce.com/product-category/woocommerce-extensions/payment-gateways/?categoryIds=1023&collections=product&page=1).
 * All plugins have support forums that provide around the clock support from the
   WooCommerce team.
 * Thank you for your patience and understanding.
 *  [Mahfuzur Rahman](https://wordpress.org/support/users/mahfuzurwp/)
 * (@mahfuzurwp)
 * [1 year, 5 months ago](https://wordpress.org/support/topic/bot-attack-2/#post-18206976)
 * Hi [@mattdss](https://wordpress.org/support/users/mattdss/),
 * Card testing is on the rise globally, especially during the holiday season. Our
   team is currently working on some solutions to help reduce the disruption it 
   may cause. And we also recommend reviewing the steps in our doc on [how to respond to card testing.](https://href.li/?https://woocommerce.com/document/how-do-i-prevent-and-respond-to-card-testing-attacks/#how-to-respond)
 * Thank you!
 *  Plugin Contributor [Raluca](https://wordpress.org/support/users/ralucastn/)
 * (@ralucastn)
 * [1 year, 5 months ago](https://wordpress.org/support/topic/bot-attack-2/#post-18209233)
 * We’ve also posted [Card Testing Attacks and the Store API](https://developer.woocommerce.com/2024/12/18/card-testing-attacks-and-the-store-api/)
   on our developer oriented blog with extra details on preventing card testing.
 *  [maedusabodyjewelry](https://wordpress.org/support/users/maedusabodyjewelry/)
 * (@maedusabodyjewelry)
 * [1 year, 5 months ago](https://wordpress.org/support/topic/bot-attack-2/#post-18223572)
 * Hi everyone. I am having the same problem since middle of November. Multiple 
   card testing on my website on the rate of 20/30 every hour. Since I only allow
   orders for account user, it also create multiple fake account on my database.
   Any recpatcha plugin or Woocomerce Fraud plugin didnt work.
 * I found the solution : go to woocommerce settings > Accounts & Privacy > untick“
   Allow customers to create an account: During checkout”. It will require customers
   to go through the account page to create an account before coming back to the
   cart page to pay. So the bot dont have any form to fill in the checkout page.
 * For better user experience you can add this sentence : “New Client ? Click here
   to create an account” right at the bottom of the Checkout page (under woocommerce
   shortcode).
 * It worked well for us during all the Christmas time and I dont think we lost 
   much orders. I still hope to be able to activate again the account creation directly
   on the cart page. I have tried today but within the minute, bots came back. Lets
   hope for a solution soon.

Viewing 12 replies - 1 through 12 (of 12 total)

The topic ‘Bot attack’ is closed to new replies.

 * ![](https://ps.w.org/woocommerce/assets/icon.svg?rev=3234504)
 * [WooCommerce](https://wordpress.org/plugins/woocommerce/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/woocommerce/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/woocommerce/)
 * [Active Topics](https://wordpress.org/support/plugin/woocommerce/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/woocommerce/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/woocommerce/reviews/)

## Tags

 * [attack](https://wordpress.org/support/topic-tag/attack/)
 * [bot](https://wordpress.org/support/topic-tag/bot/)
 * [reCAPTCHA](https://wordpress.org/support/topic-tag/recaptcha/)

 * 12 replies
 * 10 participants
 * Last reply from: [maedusabodyjewelry](https://wordpress.org/support/users/maedusabodyjewelry/)
 * Last activity: [1 year, 5 months ago](https://wordpress.org/support/topic/bot-attack-2/#post-18223572)
 * Status: resolved