BUG: Wordfence causes some Woocommerce customer registration to fail

  • Resolved Brave Michael

    (@brave-michael)


    5 years ago

    There is a bug in the wooRegistrationFilter() function in \lib\wordfenceClass.php

    This function looks for usernames like “admin” and then changes them to be something else based on the user’s email address. The issue is that Wordfence never checks if the new username it creates is unique or not.

    In my case I have a few customers registering with auto-generated usernames and emails with the pattern “[email protected]”. because Wordfence doesnt take into account email addresses with more than one dot, it picks the “co” as the thing to append onto the username so we end up with multiple users with usernames of “adminco” and then the registration fails with “Sorry, that username already exists!”

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter Brave Michael

    (@brave-michael)

    I added a fix for this issue myself in my theme:

    
	function ensure_unique_username($username)
	{
		if (\username_exists($username))
		{
			$username = ensure_unique_username($username. zeroise(wp_rand(0, 99), 2));
		}

		return $username;
	}

	add_filter('woocommerce_new_customer_data', function($data){

		//Fix for Wordfence tampering with usernames and then not checking if they are still unique afterwards.
		$data['user_login'] = ensure_unique_username($data['user_login']);

		return $data;
	}, 100, 1);
    WFGerroald

    (@wfgerald)

    Hey @brave-michael,

    Thanks for sharing this!

    I’ve shared this with the developers and they’ll take a look into it. Though the root of the issue may be the way WooCommerce customizes their login/registration flow. This is the first time I’ve seen this. Either way, hopefully, your fix will help others that run into this.

    Please let us know if anything else comes up.

    Thanks,

    Gerroald

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘BUG: Wordfence causes some Woocommerce customer registration to fail’ is closed to new replies.