There’s a Hacker Placing Fake Orders on WooCommerce Stores as Part of an Attack

An unidentified hacker has spent the past week wreaking havoc on WooCommerce ecommerce websites all over the world creating fake accounts, placing fake orders, and in some cases successfully hacking the website. The hack appears to be related to an exploit found in the plugin TI WooCommerce Wishlist which has yet to be patched.

The fake orders are all typically placed by a UK based user with a fake name that is all B’s using a random email address at the website abbuzz.com

Here’s what the fake order info looks like:
bbbbb bbbbb
bbbbb
74 Eastbourne Rd
ROBOROUGH
EX14 5HN
United Kingdom (UK)
078 1369 7987
wuclcqqglsdg@abbuzz.com

The fake orders themselves are not likely to cause any issues, but are probably part of the attacker probing the site to attempt the hack. If you see these fake orders you should take a few steps to make sure your site is not being hacked.

  1. Immediately disable and remove the plugin “TI WooCommerce Wishlist” and make sure the folder on your server is deleted. This may cause interruptions with your users, so make an announcement letting them know you are temporarily disabling the wishlist feature.
  2. Check your website for usernames that match the known fake names used in this attack and delete them.
  3. Place all of the fake orders in to the Trash.
  4. Make sure your WordPress core is up to date.
  5. Make sure all of your plugins are up to date.
  6. Make sure your theme is up to date.

If you haven’t seen any fake orders similar to those shown above yet and you have the plugin “TI WooCommerce Wishlist” installed then you may want to be proactive and delete that plugin before your site is hacked. We also recommend taking other security measures for general website security including; Install a Web Application Firewall, Require a reCaptcha on purchase, use a Fraudulent Purchase Prevention plugin, and always keep your WordPress core / WordPress theme / and WordPress plugins up to date.

Here is what the fake order failure alert emails look like:
failed woocommerce order email example

Read about the issues other WooCommerce stores are having on the WordPress Support Forums “Failed Orders – Fake Information”