Chazie Baniquid

Technical Content Marketer

5 minutes to read

Mar 06, 2025

How to Stop Failed Orders with Unknown Origin in WooCommerce

WooCommerce block-based checkout with express payment options.

Failed orders with an “Unknown” origin in WooCommerce are a growing problem, mainly caused by automated card testing attacks. These attacks flood your store with thousands of failed transactions, clogging up your orders, damaging your email reputation, and even affecting payment processing. Fortunately, there’s a quick way to stop them.

Why WooCommerce Stores Get Failed Orders with Unknown Origin

WooCommerce order list showing multiple failed transactions.

The Problem: Card Testing Attacks on WooCommerce

Card testing is when fraudsters use automated bots to test stolen credit cards on checkout pages. They attempt thousands of transactions in a short time, looking for valid card details.

With WooCommerce, this can happen when:

Checkout security is bypassed. Traditional security tools might not catch API-based attacks.
Bots exploit block-based and classic checkouts. Attackers target multiple checkout methods, including REST and legacy APIs.
WooCommerce processes the order attempt before verifying fraud. This results in a flood of failed transactions.

How to Identify This Attack

If you’re seeing a sudden spike in failed transactions marked “Unknown” under the order origin, your store is likely under attack. These failed orders typically:

Appear in bulk, sometimes in the thousands within a short period.
Have no valid customer details, often using fake, auto-generated email addresses and addresses.
Use PayPal as the preferred payment method, but can also target credit cards.
Use small, random transaction amounts.

Quick Fix: Enable OOPSpam Protection in WooCommerce

The fastest way to stop these failed orders is by enabling two key settings in theOOPSpam WordPress plugin.

OOPSpam Anti-Spam plugin banner with tagline "Automate your Spam and Abuse Detection."

1. Enable Spam Protection for WooCommerce

This setting automatically blocks spam orders before they enter your system, filtering transactions across classic checkout, block checkout, the REST API, and legacy API.

How to enable it:

WooCommerce spam protection settings enabled.

Go to WordPress Dashboard → OOPSpam Settings.
Navigate to WooCommerce Spam Protection.
Toggle Activate Spam Protection for WooCommerce.

2. Block Orders from Unknown Origin

This setting blocks suspicious transactions before they reach your WooCommerce order list.

How to enable it:

In OOPSpam Settings, locate Block Orders from Unknown Origin.
Toggle it ON to prevent bot-generated orders.

Additional Security Steps to Strengthen WooCommerce Protection

While OOPSpam will handle most spam orders, adding extra security layers can further reduce risks and protect your checkout page.

Limit Checkout Attempts

Rate limiting settings with options for max submissions and block duration.

Restrict the number of failed transactions from the same IP address to prevent automated bots from repeatedly trying stolen card details. OOPSpam’s Rate Limiting feature helps prevent bulk spam attempts by setting a limit on checkout requests.

Enable CAPTCHA on Checkout

Adding CAPTCHA verification prevents bots from making automated checkout attempts. The Simple Cloudflare Turnstile plugin is a quick and easy way to integrate CAPTCHA into your WooCommerce store.

Restrict Checkout by Country

Country and language filter settings for message restrictions.

If your store receives repeated spam orders from specific locations, country-based blocking can be an effective measure. You can use Cloudflare or OOPSpam’s built-in country blocking to restrict high-risk regions.

Block Cloud Providers and VPNs

Spammers often use data centers and cloud providers to run automated attacks. Enabling Block Cloud Providers in OOPSpam helps prevent spam originating from these sources.

WooCommerce spam protection settings with options enabled.

If spam is coming from anonymous networks, the Block VPNs setting can also be activated to block submissions from VPN users. However, be cautious, as this may affect legitimate customers using VPNs for privacy.

A WooCommerce Store with No Failed Orders After Using OOPSpam

After enabling OOPSpam’s Spam Protection for WooCommerce and Blocking Orders from Unknown Origin, store owners have reported a complete stop to failed transactions from Unknown origin. The following image shows a store that successfully eliminated spam orders after activating these settings:

Order list showing status, total amount, and processing details.

Moving Forward

Card testing attacks aren’t just frustrating—they can harm your store’s reputation and operations. But stopping them is easy:

Enable Spam Protection for WooCommerce in OOPSpam.
Block Orders from Unknown Origin to prevent bot-generated spam.
Add extra security like rate limiting, CAPTCHA, and country restrictions.

With these steps, your WooCommerce store stays secure and spam-free—no more dealing with thousands of failed orders. Enable OOPSpam protection now before your store gets hit again.

Spam Protection for WordPress, Zapier, Make and more.

Since our launch in 2017 we’ve been perfecting our API to be the trusted option for small businesses to enterprise— and continue to stick to our values of being the accessibility and privacy-friendly option. Give us a shot!

Try OOPSpam for free → Try our WordPress plugin for free →

✓ No credit card required ✓ Cancel anytime

Enjoy Reading This Article?

Here are some more articles you might like to read next:

→ Topꜛ