Bot Attack Advice

  • Resolved elkrat

    (@elkrat)


    3 months, 3 weeks ago

    I have a multisite installation with new registrations disabled network wide. WooCommerce is set to allow registrations during checkout. Malicious users are beginning the checkout process to create an account, then adding 50 or so new credit cards to validate the numbers.

    I am thinking I should hook wc_payment_gateway_[gateway_id]_payment_method_added to check if the user at hand already has another payment token, then further check for any orders associated with that ID. If I get a second (or third?) token with no orders, their IP goes into the firewall.

    Is there a better trick? I don’t have constant signups. It’s a low volume signup with all subscription products. I could check the user registration date and be extremely harsh with the newest users, e.g. no second token without an order, period.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter elkrat

    (@elkrat)

    3 months, 3 weeks ago

    Here is how I tracked the user ID, from the WC log file:

    2026-02-16T08:46:11+00:00 Notice Could not save payment token jhx7jkw6 for user 4253. Invalid or missing payment token fields.  
    Additional context
    {
        "plugin_version": "3.7.0",
        "gateway": "braintree"
    }

    And that gave a PHP error:

    Uncaught Exception: Invalid payment token. in /usr/share/nginx/example/wp-content/plugins/woocommerce/includes/data-stores/class-wc-payment-token-data-store.php:183
    Plugin Author Clayton R

    (@mrclayton)

    3 months, 3 weeks ago

    Hi @elkrat

    Thank you for contacting Payment Plugins. The action wc_payment_gateway_[gateway_id]_payment_method_added that you mentioned is from a different Braintree plugin, not this plugin.

    Are you perhaps confusing our plugin with another plugin that you’re using on your site?

    Kind Regards

    Thread Starter elkrat

    (@elkrat)

    3 months, 3 weeks ago

    Yes, sorry I apologize!

    Plugin Author Clayton R

    (@mrclayton)

    3 months, 3 weeks ago

    Hi @elkrat

    No worries. If you decided to try our Braintree plugin, which is the highest rated for WooCommerce, feel free to ask any questions you have.

    Kind Regards

Viewing 4 replies - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.