Title: Bot Attack Advice Last modified: February 16, 2026 --- # Bot Attack Advice * Resolved [elkrat](https://wordpress.org/support/users/elkrat/) * (@elkrat) * [3 months, 3 weeks ago](https://wordpress.org/support/topic/bot-attack-advice/) * I have a multisite installation with new registrations disabled network wide. WooCommerce is set to allow registrations during checkout. Malicious users are beginning the checkout process to create an account, then adding 50 or so new credit cards to validate the numbers. * I am thinking I should hook `wc_payment_gateway_[gateway_id]_payment_method_added` to check if the user at hand already has another payment token, then further check for any orders associated with that ID. If I get a second (or third?) token with no orders, their IP goes into the firewall. * Is there a better trick? I don’t have constant signups. It’s a low volume signup with all subscription products. I could check the user registration date and be extremely harsh with the newest users, e.g. no second token without an order, period. Viewing 4 replies - 1 through 4 (of 4 total) * Thread Starter [elkrat](https://wordpress.org/support/users/elkrat/) * (@elkrat) * [3 months, 3 weeks ago](https://wordpress.org/support/topic/bot-attack-advice/#post-18823561) * Here is how I tracked the user ID, from the WC log file: * ```wp-block-code 2026-02-16T08:46:11+00:00 Notice Could not save payment token jhx7jkw6 for user 4253. Invalid or missing payment token fields. Additional context{ "plugin_version": "3.7.0", "gateway": "braintree"} ``` * And that gave a PHP error: * ```wp-block-code Uncaught Exception: Invalid payment token. in /usr/share/nginx/example/wp-content/plugins/woocommerce/includes/data-stores/class-wc-payment-token-data-store.php:183 ``` * Plugin Author [Clayton R](https://wordpress.org/support/users/mrclayton/) * (@mrclayton) * [3 months, 3 weeks ago](https://wordpress.org/support/topic/bot-attack-advice/#post-18823562) * Hi [@elkrat](https://wordpress.org/support/users/elkrat/) * Thank you for contacting Payment Plugins. The action `wc_payment_gateway_[gateway_id] _payment_method_added` that you mentioned is from a different Braintree plugin, not this plugin. * Are you perhaps confusing our plugin with another plugin that you’re using on your site? * Kind Regards * Thread Starter [elkrat](https://wordpress.org/support/users/elkrat/) * (@elkrat) * [3 months, 3 weeks ago](https://wordpress.org/support/topic/bot-attack-advice/#post-18823576) * Yes, sorry I apologize! * Plugin Author [Clayton R](https://wordpress.org/support/users/mrclayton/) * (@mrclayton) * [3 months, 3 weeks ago](https://wordpress.org/support/topic/bot-attack-advice/#post-18823580) * Hi [@elkrat](https://wordpress.org/support/users/elkrat/) * No worries. If you decided to try our Braintree plugin, which is the highest rated for WooCommerce, feel free to ask any questions you have. * Kind Regards Viewing 4 replies - 1 through 4 (of 4 total) You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fbot-attack-advice%2F%3Foutput_format%3Dmd&locale=en_US) to reply to this topic. * ![](https://ps.w.org/woo-payment-gateway/assets/icon-256x256.png?rev=2142799) * [Payment Plugins Braintree For WooCommerce](https://wordpress.org/plugins/woo-payment-gateway/) * [Frequently Asked Questions](https://wordpress.org/plugins/woo-payment-gateway/#faq) * [Support Threads](https://wordpress.org/support/plugin/woo-payment-gateway/) * [Active Topics](https://wordpress.org/support/plugin/woo-payment-gateway/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/woo-payment-gateway/unresolved/) * [Reviews](https://wordpress.org/support/plugin/woo-payment-gateway/reviews/) * 4 replies * 2 participants * Last reply from: [Clayton R](https://wordpress.org/support/users/mrclayton/) * Last activity: [3 months, 3 weeks ago](https://wordpress.org/support/topic/bot-attack-advice/#post-18823580) * Status: resolved