Client site is getting some fake orders BUT not successfully paid with paypal

  • Resolved kristinubute

    (@kristinubute)


    2 weeks, 4 days ago

    HI

    Client site has recently been getting some fake orders BUT not successfully paid with paypal or stripe. The orders says Payment failed, didn’t complete order in time or something like that.

    Unpaid order cancelled – time limit reached. Order status changed from Pending payment to Cancelled.

    But I can tell it is a FAKE order, same person different address in different states.

    Haven’t come across this issue before. HOW can I avoid this?

    I am going to install your plugin for this client site. BUT wanted to know HOW to reduce this issue?
    Can I block their IP address through your system ? Will I actually see the IP address for that fake person who ordered in the Orders section?

    What methods would you take to fix this issue as we don’t want too many of these in the Orders section.

    Thanks

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @kristinubute, thanks for your question.

    You should be able to see the IP that attempted to make the order in the store or payment gateway’s backend if you wish to make a manual block in Wordfence > Blocking. That may be ineffective if false order attempts are always from different IPs. Unless they’re a known bad IP on our global blocklist or hitting the site so often your Rate Limiting or Brute Force settings are catching them, you may need to look at blocking the attempts with the e-commerce plugin.

    Although Wordfence works on sites running WooCommerce (for example), and a couple of our features such as 2FA are specifically compatible with it, taking orders is specific to the e-commerce platforms rather than WordPress. There are add-ons for WooCommerce I’ve seen such as “WooCommerce Fraud Prevention” (and there are likely others) that has advanced blocking features for the purpose you describe. There are also CAPTCHA solutions for the checkout page to filter out bots trying to checkout as “Guest”, as that is not currently available through Wordfence but we have noted it as a possible area of development in the future.

    Many thanks,
    Peter.

Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.