Remember to Enable Recaptcha Protection
-
The plug-in itself worked fine. It’s not amazing but does work and it did not cost anything for our non-profit to set up a donation page to our Stripe account. However, at some point our donation page was targeted by a script-kiddie out there that hammered the page with credit card attempts. In this scenario, someone with a list of credit card numbers would just try them on your site until one went through to figure which were usable and then go use that one. We did not want our site used that way though so we removed the donation button from the page. I was surprised half a day later when the attempts resumed even though the page no longer had the donation button. Somehow the form I had created in the plugin settings was still able to be posted to even though the button had been removed from the donation page. I’m not sure how that was possible. I’m not sure if it’s a flaw in the plug-in or deeper in WordPress. But to stop this misuse of our site I had to remove the plug-in completely. All in all there were close to 2,000 credit card attempts made on our site that day in just a few minutes total.
Edit: The developer reached out and pointed out their built-in recaptcha support. I re-enabled the plugin and turned that on. Kudos for their prompt help!
- The topic ‘Remember to Enable Recaptcha Protection’ is closed to new replies.
