Home Forums Basel support forum URGENT: Woocommerce registration SPAM even with AIOS Captcha enabled

URGENT: Woocommerce registration SPAM even with AIOS Captcha enabled

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • January 13, 2025 at 8:38 pm #629425

    admin-7729
    Participant

    Hi there

    Seems like we have the same issue now on Basel theme as you had in the past with Woodmart:
    https://xtemos.com/forums/topic/woocommerce-registration-form-can-be-submitted-without-recaptcha-validation/

    We got like 100 or 200 spam registrations in Woocommerce. So we setup honeypot and reCaptcha by using All in One WP Security (AIOS) Plugin.
    Then we still got even more spam registrations (> 1000 registrations) and m365 blocked our account.

    So I tested the registration form without clicking “im not a robot” and it was still possible to register.

    Can you please ship a fix / patch asap?

    How are you going to make sure, that in the future this security hole does not appear again?

    Many thanks Tobias

    January 14, 2025 at 11:17 am #629534

    Artem Temos
    Keymaster

    Hello,

    To better assist you, could you kindly test the functionality with default WordPress themes such as TwentyTwenty or WooCommerce Storefront? This will help us determine whether the issue stems from our theme or elsewhere.

    Regards

    January 16, 2025 at 10:45 pm #630410

    admin-7729
    Participant

    Hi Artem

    Yes I tested with other theme and its 100% your theme issue.

    You also had this issue in the past.

    How are you going to make sure this never happens in the future again? I mean now you know about it the 2nd time and you can add it to your security checklist.

    Here a small video explaining it:
    https://www.loom.com/share/b35fb6d8c420446db15f4bf36770d85a?sid=1f475f4f-8bf8-4b68-b356-014fef8eecb5

    Thanks Tobias

    January 17, 2025 at 3:19 pm #630581

    Artem Temos
    Keymaster

    Hello,

    Thank you for the video. Please disable any plugins not directly related to our theme and provide us with your admin access details. We will log in to your dashboard and investigate the issue.

    Thank you in advance.

    January 18, 2025 at 8:31 am #630730

    admin-7729
    Participant

    Hello Artem

    Disabled all these plugins and tried both child and main theme.
    As expected it still allows to submit registration form without “Im not a robot” checkbox.
    So its related to your theme 100%.

    Did you check this link already?
    https://xtemos.com/forums/topic/woocommerce-registration-form-can-be-submitted-without-recaptcha-validation/

    Thanks Tobias

    January 18, 2025 at 8:34 am #630731

    admin-7729
    Participant

    Please find attached the login details

    I disabled “On the My Account page” for creating accounts, in order to prevent SPAM.
    You can enable it here but after testing please fix it again. Only let it enabled when you fixed it.
    https://tuzyjygo.cyon.site/wp-admin/admin.php?page=wc-settings&tab=account

    January 20, 2025 at 3:10 pm #631158

    Artem Temos
    Keymaster

    Try to apply a patch 631156 which should fix the issue. Let us know if it works.

    Kind Regards

    January 20, 2025 at 3:24 pm #631163

    admin-7729
    Participant

    Thank you. This fixed our issue.

    It will be also part of next theme release, right?

    IF yes you can close this ticket, thank you.

    January 20, 2025 at 5:43 pm #631222

    Artem Temos
    Keymaster

    You are welcome. Yes, it will be included in our next theme update.

    Kind Regards

  • Author
    Posts
Viewing 9 posts - 1 through 9 (of 9 total)

The topic ‘URGENT: Woocommerce registration SPAM even with AIOS Captcha enabled’ is closed to new replies.