In a recent Business Bloomer Club Slack thread, a member mentioned encountering a surge of failed orders, possibly from spam, after a recent WooCommerce update. This issue was observed across three different sites, and the member wondered if anyone else had experienced similar problems.
The issue could be a “carding attack,” which is often random and can happen at any time. The member confirmed the orders ranged between £50 and lower-value items, but they had security measures like a firewall and a limit on orders from the same location.
Possible Solutions
One potential solution is to impose a sales limit on cheap items, something that I’ve found effective. By restricting the number of sales for inexpensive items, it may reduce the volume of these fraudulent transactions. For example, limiting sales to a maximum of three items per hour from a single location can help reduce the frequency of spam.
Also, rate-limiting is another possible measure. WooCommerce has a guide on this, which can be found on GitHub. Rate limiting restricts the number of requests a user can make in a given time period, making it harder for bots to overload the system.
Additional Tools
A helpful tool that was shared is the Simple Cloudflare Turnstile plugin, which integrates Turnstile’s captcha into WooCommerce to fight spam without significantly affecting conversion rates. This plugin is available for free on the WordPress repository and could be a great addition to any store experiencing a spike in fraudulent orders:
