In a Business Bloomer Club Slack thread, a developer ran into a puzzling WooCommerce issue: orders were appearing in the system with no customer information and a total value of zero.
Even stranger, they were not being spammed in bulk—only one appeared roughly every two weeks, at different times of day. The concern?
These phantom orders were affecting stock levels in a physical store, and the shop owner feared customers might show up with “completed” orders that were never paid for.
Investigating the Cause
The first step was to rule out the usual suspects. Security settings were in place, IP restrictions active, and firewalls configured. The legacy REST API was also disabled, closing off a common route for third-party order injection.
That left a few options:
- Third-party software: The store uses EPOS Now and a plugin called Slynk to sync stock between the online store and a physical location. However, the developer confirmed with the vendor that neither tool should be creating orders, especially not ones without customer data or value.
- Security plugin quirks: While some plugins like Sucuri have been known to cause duplicate orders due to bugs, Sucuri wasn’t in use on this site.
- REST API access: Even with the legacy REST API disabled, modern applications could still authenticate and create orders via the WooCommerce API if they had credentials. But again, there was no evidence of any integration doing this.
How to Trace the Source of Phantom Orders
If you’re facing a similar situation, here are a few suggestions to track down how the orders were created:
- Check order metadata
Useget_post_meta()or inspect the order from the admin to see if there’s any custom metadata, unusual user agent data, or hints about the origin of the request. - Enable logging
Temporarily activate WP_DEBUG and WooCommerce logs to capture what happens when a new order is created. You can also enable logging for REST API requests. - Audit WooCommerce hooks
Use a plugin like Query Monitor to track actions that hook intowoocommerce_new_orderor similar. You might catch an unknown plugin or background job responsible. - Set up database triggers
If you’re comfortable with MySQL, a trigger on thewp_poststable forshop_orderpost types could log timestamp and request IP into a custom table. - Monitor access logs
Your hosting access logs may help correlate order creation timestamps with incoming HTTP requests.
A Known Bug with Security Plugins?
It’s worth noting that in past WooCommerce sites using Sucuri, a known bug has caused random order duplications. If a security plugin proxies or modifies requests improperly, it could interact with WooCommerce in strange ways.
Even if Sucuri isn’t installed, it’s a reminder to double-check how firewalls and security layers interact with WooCommerce endpoints.
Conclusion
Three mystery orders in six weeks might seem minor, but for a shop managing real-time stock and dealing with walk-in customers, the implications are serious.
The good news is: if this is happening, there’s a digital trail somewhere. By digging into logs, metadata, and API access, you should eventually uncover what’s triggering these ghost orders—and ensure your store (and your inventory) stays under control.
I’m having this exact issue on my WooCommerce website, with Stripe as the payment gateway.
I have to agree with Bob, the article isn’t helpful at all (sorry!).
Did the developer pinpoint the problem or find a solution?
Hi Johnny, appreciate your comment and feedback. The developer never found the actual reason, the problem just went away. Did you do any troubleshooting as per the “How to Trace the Source of Phantom Orders” section?
What a completely useless article. You didn’t even mention if or how the customer fixed it, what was the point of this article then?
Appreciate your feedback, but in the article I shared how to check for the logs and investigate further. Client did not find the cause after all, it just stopped.