Orders with no billing or shipping information

Screenshot of some orders: https://snipboard.io/g7zULI.jpg

Hey there, @thetraininglady! Thanks for contacting us. I’m happy to help you.

When an order shows as created by Web Admin, it means it was created directly at the back end. This is why it has no shipping or billing information, because when the admin creates an order on the back end, those fields are not required.

How often are these orders showing?

It is possible a plugin is causing a conflict, can you please run a conflict test?

To test, you’ll first want to change the theme on your site to Storefront, then you’ll want to deactivate all plugins except for WooCommerce and take a look. If that fixes the problem, re-enable the other plugins one by one (gradually), checking after each, to see where the issue is coming from.

— Be sure you have a good backup in place of your full site and database. You can ask your host for backup functionality or you can consider using a service like Jetpack. If something goes wrong, you will be able to restore it.

— Also, you can consider using a plugin like Health Check & Troubleshooting. This is a plugin developed by the WordPress community and it is helpful to disable plugins without affecting your current site visitors.

— It is important to consider as well a staging functionality in case you would not like to touch your production site (you can ask your host if they offer this service), or you can use WP Staging for quickly spinning up a new test site.

You can find more about this in this guide.

Please let us know about your findings.

Looking forward to your reply.

Have a wonderful day!

There are only 2 x users on this site and I’m one and the other is the owner who didn’t create these orders.

The first spam order came in on 31 January which is also the date of the last plugin updates installed. I’ve gone ahead and installed the last updates today to take the site up to WC v8.6.0. WC Paypal Payments v2.5.3. WooPayments v7.2.0.

When I run these updates today, i got a “Your Site is Experiencing a Technical Issue” email. Content is below.

G'day!

Since WordPress 5.2 there is a built-in feature that detects when a plugin or theme causes a fatal error on your site, and notifies you with this automated email.

In this case, WordPress caught an error with one of your plugins, WooCommerce.

First, visit your website (URL) and check for any visible issues. Next, visit the page where the error was caught (https://www.url.com.au/wp-admin/update.php?action=update-selected&plugins=woocommerce%2Fwoocommerce.php%2Cwoocommerce-paypal-payments%2Fwoocommerce-paypal-payments.php%2Cwoocommerce-payments%2Fwoocommerce-payments.php%2Cwordpress-seo%2Fwp-seo.php&_wpnonce=5c6404cd60) and check for any visible issues.

Please contact your host for assistance with investigating this issue further.

If your site appears broken and you can't access your dashboard normally, WordPress now has a special "recovery mode". This lets you safely login to your dashboard and investigate further.

https://www.url.com.au/loguinurl/?action=enter_recovery_mode&rm_token=BXDX9d9UXj1uTjVAQKvJeH&rm_key=Uk5N3FEkShGe0iNR9IrVrl

To keep your site safe, this link will expire in 1 day. Don't worry about that, though: a new link will be emailed to you if the error occurs again after it expires.

When seeking help with this issue, you may be asked for some of the following information:

WordPress version 6.4.3

Active theme: Foodie World Pro (version 2.4.1) Current plugin: WooCommerce (version 8.6.0) PHP version 7.4.33

Error Details

=============

An error of type E_ERROR was caused in line 20 of the file /home/user/public_html/wp-content/plugins/woocommerce/includes/wccom-site/rest-api/endpoints/class-wc-rest-wccom-site-installer-controller.php. Error message: Uncaught Error: Class 'WC_REST_WCCOM_Site_Controller' not found in /home/user/public_html/wp-content/plugins/woocommerce/includes/wccom-site/rest-api/endpoints/class-wc-rest-wccom-site-installer-controller.php:20

Stack trace:

#0 /home/user/public_html/wp-content/plugins/woocommerce/includes/wccom-site/class-wc-wccom-site.php(224): require_once()

#1 /home/user/public_html/wp-includes/class-wp-hook.php(324): WC_WCCOM_Site::register_rest_namespace(Array)

#2 /home/user/public_html/wp-includes/plugin.php(205): WP_Hook->apply_filters(Array, Array)

#3 /home/user/public_html/wp-content/plugins/woocommerce/includes/rest-api/Server.php(60): apply_filters('woocommerce_res...', Array)

#4 /home/user/public_html/wp-content/plugins/woocommerce/includes/rest-api/Server.php(40): Automattic\WooCommerce\RestApi\Server->get_rest_namespaces()

#5 /home/user/public_html/wp-includes/class-wp-hook.php(324): Automattic\WooCommerce\RestApi\Server->register_rest_routes(Object(WP_REST_Server))

#6 /home/user

Further to the last message, There were incomplete orders coming through with the Web admin origin but then the very next legitimate order which was paid for, and has now been completed, it for the exact PRICE and the exact same range of products that the previous 4 x “web admin” orders were. This seems to say to me that this person tried 4 times to complete this order until finally on the 5th try it worked. The payment method on the 5th successful attempt was Afterpay.

Hey, @thetraininglady!

Thank you for the information.

• Just to confirm, the orders you mentioned, were they on the drafts section?

• Since then, have you had other successful orders apart from the one you mentioned?

• You mentioned the successful order was made with Afterpay. The other 4 orders, did they have a payment method? If so, which one?

• You mentioned the first batch was on 31 January. And then the second batch was this week? Or were there more batches?

• Lastly, the error you mentioned might happen because of a corrupt file or a plugin conflict. Can you please remove WooCommerce and install it again to see if the issue persists? If it does, please run a conflict test as I mentioned above to see if it is a plugin conflict that is causing the issue.

Looking forward to your reply.

Have a wonderful day!

• Just to confirm, the orders you mentioned, were they on the drafts section? No, they are in the Cancelled section.
• Since then, have you had other successful orders apart from the one you mentioned? Yes have had successful orders as well.
• You mentioned the successful order was made with Afterpay. The other 4 orders, did they have a payment method? If so, which one? None of the spam orders have a payment method listed.
• You mentioned the first batch was on 31 January. And then the second batch was this week? Or were there more batches? There are 17 in total. Usually in batches of 2-4 with the same sale total. The last one was 19 February. None since updating the plugins to the most recent version. There were 4 x spam orders with a total of $457.94, then the very next successful order with billing info & a payment method displayed, was for the exact same amount and the same products.
• Lastly, the error you mentioned might happen because of a corrupt file or a plugin conflict. Can you please remove WooCommerce and install it again to see if the issue persists? If it does, please run a conflict test as I mentioned above to see if it is a plugin conflict that is causing the issue. I don’t really want to have to do this unless absolutely necessary as the site is a live production site. If I remove WC will it also remove all the products and therefore require me to export the products list first and then reinstall and import back??

Hi @thetraininglady,

If I remove WC will it also remove all the products and therefore require me to export the products list first and then reinstall and import back??

Uninstalling WooCommerce will not delete your products or settings. However, it is always recommended to have a complete backup of your site before making any changes. This way, you can restore your site to its previous state if anything goes wrong.

If you are uncomfortable with this process, consider creating a staging site. A staging site is a clone of your live website that allows you to test any changes or major new features without the risk of breaking your live site. More info: https://woo.com/posts/what-is-staging-site-wordpress-how-to-set-one-up/

Additionally, head over to WooCommerce → Status → Tools, and do the following:

• WooCommerce transients – Clear
• Expired transients – Clear
• Clear template cache – Clear
• Capabilities – Reset Capabilities
• Clear customer sessions -Clear

None of the spam orders have a payment method listed.

This clarifies that an admin user access was created, and cancelled the order. If a user placed the order, it would either be in drafts or cancelled with a selected payment method.

Also, if you’re worried about spam or fraudulent orders, I recommend using a plugin, like the WooCommerce Anti-Fraud or Security for WooCommerce.

I hope this provides some clarity. Please let us know if you have any other questions!

None of the spam orders have a payment method listed.

This clarifies that an admin user access was created, and cancelled the order. If a user placed the order, it would either be in drafts or cancelled with a selected payment method.

In relation to this, I’m not 100% convinced of this. The orders say cancelled but when you hover over the Cancelled label it says “Unpaid order cancelled – time limit reached. Order status changed from pending payment to cancelled“. As stated, there is only myself & the owner of the business who have access to the website dashboard. The owner bought these to my attention and neither of us changed them to cancelled and neither of us created these orders or were playing with anything on the site to cause this to happen.

Either way, after updating to the most recent plugin versions earlier this week, we’ve had no further spam orders coming through.

Hello beltanconsultancy

Thank you for your reply.

The origin Web admin indicates that the order was created at the backend of WooCommerce by a user. Is it possible that your client has another person working on the site? They might have created test orders.

To verify which user created these orders, you can check the Order Notes.
Here is an example from my test site:

As a security precaution, I will recommend changing your WP Admin passwords.

Please let me know if this issue appears again.
I will be happy to assist you again. ??

Best regards.

As you can see in the screenshot, there is no user listed.

https://snipboard.io/hd5BZk.jpg

P.S. There are no other users working on the site. Only myself and the business owner.