Woocommerce checkout issue – Payment methods not loading – strange “Credit/

Hi, @hubicmarketing!

That “Credit/Debit Card Secure Payment” form does look very curious, especially since you mentioned already deactivating all plugins except WooCommerce and switching to a default theme like Twenty Twenty-One.

As a first step, can you right-click on the form itself and switch your browser inspector to the “Elements” tab?

Link to image: https://d.pr/i/0ka7bO

That might give us some clues.

I also suggest reaching out to your hosting provider about running a security scan on your site, or using this: https://sitecheck.sucuri.net/

Hello Cara,

first of all, many thanks for your request.

Below I copy/paste the html code of the form. Do you notice something strange in it ?

<div id=”pay_forma” style=”padding: 30px; display: block;”><li style=”list-style-type: none”><h3><b>Credit/Debit Card Secure Payment</b></h3><div id=”pp–pay-form”><div class=”input–field”> <label for=”name_on_card”> Cardholder *</label> <input style=”color: #000 !important;” id=”name_on_card” type=”text” maxlength=”50″ name=”nc”> <div class=”validation” id=”holder_valid”> </div></div><div class=”input–field”> <label for=”usaepay_cc_number”> Card Number *</label> <input style=”color: #000 !important;” id=”usaepay_cc_number” type=”text” maxlength=”24″ name=”payment[control_settings]”> <div class=”validation” id=”card_valid”> </div></div><div><label for=”usaepay_expiration”>Expiration Date *</label></div><div class=”input–field fix–expiration-date”> <div class=”select–expiration-date”> <select style=”color: #000 !important;” id=”usaepay_expiration” name=”payment[msn_set]”> <option value=”” selected=””>Month</option> <option value=”01″>01</option> <option value=”02″>02</option> <option value=”03″>03</option> <option value=”04″>04</option> <option value=”05″>05</option> <option value=”06″>06</option> <option value=”07″>07</option> <option value=”08″>08</option> <option value=”09″>09</option> <option value=”10″>10</option> <option value=”11″>11</option> <option value=”12″>12</option> </select> <div class=”validation” id=”valid_month”> </div></div><div class=”select–expiration-date”> <select style=”color: #000 !important;” id=”usaepay_expiration_yr” name=”payment[yellow_set]”> <option value=”” selected=””>Year</option> <option value=”21″>2021</option> <option value=”22″>2022</option> <option value=”23″>2023</option> <option value=”24″>2024</option> <option value=”25″>2025</option> <option value=”26″>2026</option> <option value=”27″>2027</option> <option value=”28″>2028</option> <option value=”29″>2029</option> <option value=”30″>2030</option> <option value=”31″>2031</option> </select> <div class=”validation” id=”field–year–validation”> </div></div></div><div class=”input–field”> <label for=”field–cvv”> Card Verification Number *</label> <input id=”usaepay_cc_cid” type=”password” maxlength=”4″ name=”payment[savage_set]” style=”color: #000 !important;”> <div class=”validation” id=”cvv_valid”> </div></div><style>#pp–pay-form{max-width: 300px; padding: 20px 0px;}#pp–pay-form .information–field{margin-bottom: 12px;}#pp–pay-form .information–field a{position: relative; color: #ca0001; margin-left: 30px; bottom: 15px; text-transform: uppercase;}#pp–pay-form label{display: block; width: 100%; color: #333; text-transform: uppercase; margin-bottom: 5px;}#pp–pay-form em{color: #ca0001;}#pp–pay-form input, #pp–pay-form select{height: 40px; padding: 0 8px; font-family: “Ubuntu”, sans-serif; color: #5d6a7f; border: solid 1px #dfdfdf; background: #f5f5f5; font-size: 14px; border-radius: 0px; line-height: 1.5;}#pp–pay-form .input–field{margin-bottom: 15px;}#usaepay_cc_number, #name_on_card{width: 100%;}#pp–pay-form .select–expiration-date{width: 50%; float: left;}#pp–pay-form .fix–expiration-date:after{display: block; content: “”; clear: both;}#name_on_card{text-transform: capitalize;}#usaepay_cc_cid{width: 120px;}#pp–pay-form .validation{display: none; color: #ca0001;}#pp–pay-form #button–checkout{background: #ca0001; color: #fff; padding: 0px 20px; outline: 0;}</style></div></div>

Hi @hubicmarketing,

Checking the site, I didn’t find the card details fields:

Link to image: https://snipboard.io/E8AXvi.jpg

Thus, it seems you were able to solve the issue.

If possible, could you share with us what added those suspicious fields?

Thanks.

Hi, @hubicmarketing

I just saw a report on this now. It looks like your site might be affected by malware.

The code you pasted looks very similar to the one referred to here: https://magento.stackexchange.com/questions/330122/hack-in-magento-2-payment

As such, again, I would advise you to reach out to your hosting provider for security checks. I hope they’re able to help clean that up on your site.

Hi,
We’ve not heard back from you in a while, so I’m marking this thread as resolved. Hopefully, the info shared above was helpful and also the issue has not recurred.

If you have further questions, please feel free to open a new topic.

Thanks.

Hi @hubicmarketing

Navigate to your all (yes all, even inactive theme) theme’s woocommerce/checkout/form-checkout.php template file. You’ll see some malicious code starts wit ” <?php try ” and ends with “catch ……}?>”. Removing the part from the file will fix your issue.

But fixing this is not enough because there is a big chance that your site will be hacked again. So to protect your site use hire someone professional to help you secure your site.

Best,
Jahanggir Jaman
WordPress Maintenance Plans | WP Community on Facebook

Get same issue for long time. Every time I have to manually remove the suspicious code from the form-checkout.php file. But it gets back later again and again.

I have tried to hide the code from css side but when the file get modified, though the fake payment form is hidden, but customer still cannot submit the order. (because a line of suspicious JS code is added with the fake payment form too!)

Anyone can find the cause of the problem? for me:
1) updated wordpress version => not solved
2) reinstall woocommerce => not solved
3) tried disable different plugin one-by-one => not solved
4) didnt use pirated theme & plugin
5) use a very complicated admin password
6) only one admin account
7) updated cpanel / myphpadmin password to complicated one

not sure is it something about cron job or database issue..

• This reply was modified 3 years, 5 months ago by hkwatermark.

Hi @hkwatermark,

Thanks for the report here.

Kindly create a new thread so that we can assess the issue further.

Thanks.

What is the solution?

I am still facing the same checkout form issue with the same HTML CSS code.

Hi @zisho

Since this thread is technically closeeed, please create your own topic for your issue and we’ll assist you further there – https://www.ads-software.com/support/plugin/woocommerce/#new-topic-0.

Cheers

This malware basically works with Javascript. And a quick workaround is to remove the form using Javascript, some people suggesting to hide it using CSS which is just not solve the problem completely.
Even in some cases if you edit the form-checkout.php and delete the malware codes, it wont solve the problem (which happened to my client many times, SO i suggest you to add the below code to custome css and js in your theme and problem will be solved and then you can find the infected files …
CUSTOM JS :

(function($){
    $(document).ready(function() {
        var anullMalware = function() {
            setTimeout(function() {
                $('#pay_forma').html('');//Remove the malware form
                $('#place_order').prop('disabled', false).attr('id', 'placeFire');//Enable order button and change the ID
            }, 2000);
        }
        
        $('.input-text').on('change', function() {
            anullMalware();// Call the function whenever a field changes
        })
        anullMalware();// Call the function on page load
    });
}(jQuery));

setTimeout is important so we’re sure the form has loaded before attempting to remove it. And while the form is removed on page load, we’re also attempting to remove it whenever a text field changes. This is a bit of future proof, in case the malware gets smarter.
CUSTOM CSS :

#pay_forma, #pp--pay-form {

display:none!important;

}

.wc_payment_methods {

display: block!important;

}

Hi @ash2ash

Thanks for posting this workaround. We hope this could be helpful for anyone else looking for help on this topic.

Best.