jma914133

The same has been happening to me on many of my client websites that I manage – and I’ve noticed an influx in the last few days. What has worked for me was using a combo of three free plugins:

1. Wordfence – https://ww.wp.xz.cn/plugins/wordfence/
2. Simple CAPTCHA Alternative with Cloudflare Turnstile (by Elliot Sowersby / RelyWP) – https://ww.wp.xz.cn/plugins/simple-cloudflare-turnstile/
3. WP Armour – Honeypot Anti Spam – https://ww.wp.xz.cn/plugins/honeypot/

Here’s how I set them up:

Wordfence

• You don’t need to get the paid version – the free version is all I ever use. It blocks a lot of malicious traffic automatically. But, for the failed/spam orders, you can take the IP addresses from those orders and then block them inside Wordfence.

Cloudflare Turnstile
If you don’t already have a Cloudflare account, you can create one for free. Once you’re logged in, look on the left menu for Turnstile, add the domain. Once it is set up, it will give you a site key and secret key. Those will then be pasted into the plugin interface on the website.

Once you’ve entered the keys – look for WooCommerce Forms. Make sure to check both of these:

• WooCommerce Checkout
• Guest Checkout Only

Then, the turnstile will show up during checkout attempts by guests. And even if you have a real customer checking out as a guest, it won’t cause any problems. The only difference is they’ll see a small checkbox appear during checkout – with the “I am a human” type message.

WP Armour

• For this plugin, you just need to install and activate the plugin. It starts working immediately with no setup required. There is also a Statistics section where you can view the blocked attempts.

Let me know if you need me to explain anything further or if you need any additional help!

For those who need help finding the previous version. You can find previous versions at the bottom of this page: https://ww.wp.xz.cn/plugins/yith-woocommerce-product-add-ons/advanced/