Replies: 1
After an incident with a card tester hitting our checkout and causing our payment processor to lock our account several years ago, I installed reCaptcha for WooCommerce which seemed to solve the issue. But really don’t like the idea of having a reCaptcha on the checkout (we used the invisible v3 but still, you never know if/when it’s going to block a legitimate order). I’ve read Woo’s recent documentation on this topic (https://developer.woocommerce.com/2024/12/18/card-testing-attacks-and-the-store-api/) and I now have Woo’s rate-limiting feature enabled. We also block many countries at our firewall.
A few days ago I tried replacing reCaptcha with Cloudflare Turnstile, using the Simple CF Turnstile plugin, and noticed a big drop in page load speed (with some 401 errors that CloudFlare strangely says are “normal”), followed by a customer getting totally blocked at checkout last night. I had CF set to the most lenient settings possible.
So…back to reCaptcha? Are there any other solutions?
Thanks for any advice here.