With the security of WordPress plugins, those that extend the functionality of the ecommerce plugin WooCommerce would seem like they would be more secure than the average plugin, seeing as security should be important for software on websites handling money and customer data. But that continues to not be the case. Earlier this week the WP Tavern, which is barely disclosed to be owned by the head of the owner of WooCommerce, Matt Mullenweg, covered problems WooCommerce based websites are having with fraudulent charges through the Stripe payment service from those testing stole credit card numbers. The story mentioned one partial solution for that issue:

Many other developers in the conversation have been hit with similar attacks, some with honeypots in place that didn’t prevent anything. One recommended using the WooCommerce Fraud Prevention plugin. It allows store owners to block orders from specific IP addresses, emails, address, state, and zip codes. This might help once attacks have started but doesn’t fully prevent them. [Read more]