Someone Hacking Stripe Pro Form

#1

Ok, after updating to the new stripe pro form I have a real issue. Someone is creating user accounts at the free level.

My form is set up to collect someone’s registration information, they complete the stripe credit card information, then submit. If the card is declined the form does not complete. If the card is accepted then they become either a level 2, 3 or 4 member.

I do not see how someone is generating the free subscriber.

I did see that I had open registration open. I opened it thinking I would need that in order to demote someone. Is that how they were able to create a free account? I just turned open registration off assuming EOT will still demote someone to free, just not allow someone to create a free account. Any insight is appreciated.

#2

Hi James.

I do not see how someone is generating the free subscriber.
I did see that I had open registration open.

Right. With Open Registration enabled, they can just to go your wp-login.php?action=register form and create a free account.

I just turned open registration off assuming EOT will still demote someone to free, just not allow someone to create a free account.

Disabling Open Registration will prevent free registrations from wp-login, it will not affect the EOT demotions. If you have demotions enabled, the user’s role will be changed to Level 0 (i.e. WP’s Subscriber).

I hope that helps. :slight_smile: