Spam Orders (2023)

  • Resolved littlecrookedhouse2023

    (@littlecrookedhouse2023)


    1 year ago

    Hi, I have read through some forum topics on this subject but they all are kind of old, so I wanted to check if anyone has some insight on what I need to do (a newby WordPress user). I have been receiving ORDER FAILED emails stating that the payment failed. These are obviously spam orders and they are using all kinds of billing and shipping addresses. I suppose the saving grace is that the orders haven’t processed. I am at a loss to know what is being done and how to protect my website. I have done the following things to get rid of the info:

    1. I have gone to the WordPress dashboard -> Users -> All Users and deleted the customers from there (it appears everyone who has tried to order is in there regardless of whether they tried to register or buy as a guest is in there, is that right?

    2. I have gone to Woocommerce -> Orders and deleted the orders from there (they showed a 0 order amount). It appears that there is only one ‘registered date’ for the spam orders, the rest have no registered date.

    3. I am also trying to remove the ‘Customers’ from Woocommerce -> Customers but there doesn’t seem to be a delete option which is totally stupid. How do you get rid of them?

    I still want people to be able to place an order without setting up an account so that is not a ‘fix’ for me. I have gone to WordPress ->Settings -> General and ‘Anyone can register’ is unchecked which I know is seperate to Woocommerce but I read in a forum to make sure it was.

    So now the big question. What do I need to do to stop this crap from happening? I don’t want to get plugins that do the same thing so is it an anti-spam, firewall or security thing I need? I am so confused.. ?? Any help would be much appreciated. I never had this issue with my Weebly/Square site so maybe something is wrong with WordPress/Woocommerce?

    kind regards Robyn

Viewing 3 replies - 1 through 3 (of 3 total)
  • magefix

    (@magefix)

    Hi! Dealing with fake orders is tricky, you could get the IP info & block the entire network. https://ipinfo.io/

    Download IP address lists grouped by network provider (ASN) https://github.com/ipverse/asn-ip or https://www.maxmind.com/en/accounts/current/geoip/downloads

    How to Block IP Address with .htaccess https://htaccessbook.com/block-ip-address/

    Thread Starter littlecrookedhouse2023

    (@littlecrookedhouse2023)

    Thanks magefix. I thought I would call my host provider and they advised to put a recaptcha on my website as it appears bots are just fishing for a response. They said that, while its annoying its not of a dangerous type. I said that I read on some forums to get firewalls and security and they said that they will pick up anything malicious like trying to get into my website, so not to worry about that at this time. I got another failed order overnight and have put a recaptcha now on my login, register and checkout page, so we’ll see if that helps. FYI for anyone else reading this, I did some searching and went with a free only reCAPTCHA for Woocommerce by Elliot Sowersby. It had reasonable reviews and found that most have unhappy customers whether paid or free, so I thought I would give it a go.

    Thread Starter littlecrookedhouse2023

    (@littlecrookedhouse2023)

    OMG, I can’t believe I found how to delete customers from Woocommerce -> Customers. I was nearly there.

    1. Delete the spam customers from WordPress Dashboard -> Users -> All Users
    2. Take a look at Woocommerce -> Customers from the side menu and all the spam customers will be in there, so…..
    3. Delete the Orders from Woocommerce -> Orders which will put them in the Trash. And here is the most important bit – EMPTY THE TRASH!
    4. Check Woocommerce -> Customers and they should all be gone – no code, no plugin, no nothin’ …BYE BYE SPAMMY PEOPLE ??
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Spam Orders (2023)’ is closed to new replies.