How to Stop Card Testing Attacks on Your WooCommerce Store
Heads up: This page may include affiliate links. Read the full disclaimer.
If you are running the WooCommerce plugin for ecommerce functionality on your WordPress site but have noticed an uptick in origin-unknown failed orders. These fraud orders can be a pain to deal with, and you have to manually review and clear out 60 to 80 orders per week or even more frequently, depending on how much of an issue it ends up being on the site.
A card testing attack in WooCommerce occurs when fraudsters use an online store’s payment system to test stolen or randomly generated credit card details. These attackers make small, low-value purchases or attempt transactions to verify which card details are valid before using them for more extensive fraudulent activities.
You can use this code snippet to disable your site’s WC REST API endpoint to stop carding attacks from happening in WooCommerce.
MainWP offers a solid extension to save and execute code snippets on all connected child sites. This extension is helpful to be able to use for dealing with code snippets over multiple connected child sites.
WooCommerce does not have a native built-in feature or method to stop or prevent these types of card-testing attacks on your site. But using the code snippet should help stop those types of orders from being created on your site if you are not using the WooCommerce REST API on that site.
Useful Links
https://wordpress.org/support/topic/attcked-by-card-testing-decline-orders-with-origin-unknown
https://docs.stripe.com/disputes/prevention/card-testing
Share
Manage Unlimited WordPress Sites from One Dashboard!
- Privacy-first, Open Source, Self-hosted
- Easy Client Management
- 15+ & 30 + Premium Add-ons
- Bulk Plugins & Themes Management