An unidentified hacker has spent the past week wreaking havoc on WooCommerce ecommerce websites all over the world creating fake accounts, placing fake orders, and in some cases successfully hacking the website. The hack appears to be related to an exploit found in the plugin TI WooCommerce Wishlist which has yet to be patched.
The fake orders are all typically placed by a UK based user with a fake name that is all B’s using a random email address at the website abbuzz.com
Here’s what the fake order info looks like:
74 Eastbourne Rd
United Kingdom (UK)
078 1369 7987
The fake orders themselves are not likely to cause any issues, but are probably part of the attacker probing the site to attempt the hack. If you see these fake orders you should take a few steps to make sure your site is not being hacked.
- Immediately disable and remove the plugin “TI WooCommerce Wishlist” and make sure the folder on your server is deleted. This may cause interruptions with your users, so make an announcement letting them know you are temporarily disabling the wishlist feature.
- Check your website for usernames that match the known fake names used in this attack and delete them.
- Place all of the fake orders in to the Trash.
- Make sure your WordPress core is up to date.
- Make sure all of your plugins are up to date.
- Make sure your theme is up to date.
If you haven’t seen any fake orders similar to those shown above yet and you have the plugin “TI WooCommerce Wishlist” installed then you may want to be proactive and delete that plugin before your site is hacked. We also recommend taking other security measures for general website security including; Install a Web Application Firewall, Require a reCaptcha on purchase, use a Fraudulent Purchase Prevention plugin, and always keep your WordPress core / WordPress theme / and WordPress plugins up to date.
Read about the issues other WooCommerce stores are having on the WordPress Support Forums “Failed Orders – Fake Information”