So continuing my questions..
It appears Recaptcha is not implemented at all in the checkout process. I'm using 4.40.4
I allow Guest Checkout as most of my customers will walk away if forced to register. Becuase of this our site has become a victim of card testing. I have had to remove credit card payments for now.
I use Cypherclean theme slightly modified and one page checkout (looks to be a single cshtml that calls individual cshtml files to make up the steps - based on my very novice look)
Can anyone advise how recaptcha is added to the one page checkout so that I can keep guest orders. Seems to me a gaping hole.. NOP allows guest checkouts but no security is present..
Steve
Recaptcha - One page Checkout - How do I do it?
MVP
- 11473
- 102187
- 5/22/2011
- United States
There have been similar requests, but no replies. E.g.
https://www.nopcommerce.com/en/boards/topic/46776/recaptcha
https://www.nopcommerce.com/en/boards/topic/35658/any-tips-for-implementing-no-captcha-recaptcha-in-nop#182428
(It may be best to create an issue in GitHub)
https://www.nopcommerce.com/en/boards/topic/46776/recaptcha
https://www.nopcommerce.com/en/boards/topic/35658/any-tips-for-implementing-no-captcha-recaptcha-in-nop#182428
(It may be best to create an issue in GitHub)
- 3
- 15
- 6/6/2017
- United States
This is a HUGE problem right now. Over 1 MILLION cards tested on our nopCommerce store using the One Page Checkout method on 4.50.2. No option for recaptcha is crazy. Hacker is using every step of the API and even including the antiforgery tokens/cookies with valid values. Checkout is currently disabled as a result. Please help!
- 42
- 220
- 9/3/2021
- Australia
Wow - We got off lightly then, how many did they get through successfully?
We have enabled honeypot and also put a plugin to reduce bots (nopantibot) we have also changed card processor (not that thats up and running yet - another issue) but essentially for a while we were running paypal only as a payment option. That in itself has lost us business as people thing you have to have a paypal account.
Steve
We have enabled honeypot and also put a plugin to reduce bots (nopantibot) we have also changed card processor (not that thats up and running yet - another issue) but essentially for a while we were running paypal only as a payment option. That in itself has lost us business as people thing you have to have a paypal account.
Steve
- 117
- 1016
- 9/6/2014
- Australia
Here are some things you could do to minimize the issue:
- Under Configuraiton->Payment Restrictions. Check all countries that you do not bill/ship to.
- Switch to using a hosted payment solution such as stripe, delegate the security to the payment platform away from your own website. There are plenty of plugins for hosted solutions, maybe use this solution until you can work out what you want to do with direct creditcard payments on onepagecheckout.
- Find out if your website host has regional/country blocking. In the future you could use cloudflare.
- Under Configuraiton->Payment Restrictions. Check all countries that you do not bill/ship to.
- Switch to using a hosted payment solution such as stripe, delegate the security to the payment platform away from your own website. There are plenty of plugins for hosted solutions, maybe use this solution until you can work out what you want to do with direct creditcard payments on onepagecheckout.
- Find out if your website host has regional/country blocking. In the future you could use cloudflare.
Team Member
- 906
- 9621
- 1/11/2016
5teve wrote:
Yep, it was done for 4.60, see details here. But you can adapt these changes for 4.50 as well.
Also to note it looks like its almost implemented - but not sure what version it will hit - it was scheduled for 4.6.... but maybe they will bring it in to 4.5?
Yep, it was done for 4.60, see details here. But you can adapt these changes for 4.50 as well.
- 117
- 1016
- 9/6/2014
- Australia
RomanovM wrote:
I just had a brief review of the recaptcha solution for 4.6 but I'm not sure if it will work if the recaptcha was placed on confirm order page. The checkout workflow needs to be reviewed.
For multiple page checkout, the work flow is paymentinfo->confirm order. Creditcard entry and validation is on paymentinfo and won't proceed to confirm order until the numbers are valid. Its too late if recaptcha is placed on confirm order form.
I'm not even sure if the solution will work on one page chechout for all themes, not all themes are purely data entry on just 'one page'. You can test OPC with the default theme and manual creditcard plugin, it'll validate at paymentinfo and won't proceed to confirm order until it is valid making the recaptcha redundant.
I maybe wrong as I only looked at the solution briefly but please review.
Also to note it looks like its almost implemented - but not sure what version it will hit - it was scheduled for 4.6.... but maybe they will bring it in to 4.5?
Yep, it was done for 4.60, see details here. But you can adapt these changes for 4.50 as well.
Yep, it was done for 4.60, see details here. But you can adapt these changes for 4.50 as well.
I just had a brief review of the recaptcha solution for 4.6 but I'm not sure if it will work if the recaptcha was placed on confirm order page. The checkout workflow needs to be reviewed.
For multiple page checkout, the work flow is paymentinfo->confirm order. Creditcard entry and validation is on paymentinfo and won't proceed to confirm order until the numbers are valid. Its too late if recaptcha is placed on confirm order form.
I'm not even sure if the solution will work on one page chechout for all themes, not all themes are purely data entry on just 'one page'. You can test OPC with the default theme and manual creditcard plugin, it'll validate at paymentinfo and won't proceed to confirm order until it is valid making the recaptcha redundant.
I maybe wrong as I only looked at the solution briefly but please review.