Hello @usat009,
Which version of WooCommerce are you using? There is a fix to address this in version 4.7+. If you’re running a version lower than that, go on and update and that should take care of the bot orders.
If you still have trouble after updating, please paste a copy of your System Status Report here in this thread.
Thanks
It’s fine, i just put a rate limiter on checkout that blocks access if anyone tries to submit orders at various intervals that aren’t indicative of human behavior. But i’m always running the most current version of WC.
Hi @usat009,
Just to highlight, there’s an open bug about the fake orders from bots here: https://github.com/woocommerce/woocommerce/issues/28711
Feel free to add your case in the discussion for our developers to see.
Great to hear that you’ve put in place some preventative measures, you can also check the advisory here for more info: https://developer.woocommerce.com/2020/11/05/developer-advisory-spam-orders-and-accounts-from-bots/
Thanks.
For the time being i added a javascript challenge to checkouts from various countries, ASNs, and IP address ranges. I was also forced to disable guest checkout and force account creation with a manual approval. Needless to say, conversions are way down, though the fraudulent orders have stopped. Fraudulent attempts to create an account come in once or twice a day, which i’m certain if they didn’t have to get manually approved it would start a bot order barrage. All in all, Woocommerce needs to add security into their plugin out of the box, because this is getting stupid.
Hi @usat009,
Glad to hear that you have taken some measures on your end. Thanks for your feedback as well.
I’ll go ahead and mark this thread as resolved now. Kindly keep updated with GitHub issue #28711 for developments regarding the fake orders.
If you have any further questions, I recommend creating a new thread.
