• Hello and thanks in advance for any help.

    A little background before we begin. I’ve reached out to Stripe support (because injected new “users” in WordPress site were becoming new “customers” in my Stripe dashboard) and they determined the entries to Stripe were coming from WooCommerce Stripe Gateway plugin.

    Reached out to WooCommerce and they had me “harden” my site a little further and roll all my keys again (I think I am on fourth time here). Changed all passwords again. Still coming in. Only now the new “users” in WordPress are not ALSO winding up in my Stripe “Customers” list. Progress.

    After changing passwords, authentication levels and keys on EVERY entry point on my system, and forcing all users to logout (changed my wp-config salts) and changing the admin account (there is only one) password a 5th time, I am baffled at how a new user can come into my WordPress site. Again.

    I’ve made videos for each of the various places I requested support which I am happy to provide, or here’s the latest one (for WooCommerce after the 2nd round of hardening with blurs on sensitive information): https://www.screencast.com/t/44DZ1Vtj4ic

    Thanks in advance for any help.

    WordPress version 6.0.1
    WooCommerce: 6.7.0
    WooCommerce Stripe Gateway: 6.4.3
    New user registration disabled.

    Cenay’

    PS: I use app specific passwords, 2FA in every available location and have hardened my site pretty thoroughly over the course of the last 4 or 5 years. This new one is currently beyond me so all help, suggestions or comments are welcome.

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘New users injected into site when registration disabled’ is closed to new replies.