WordPress store customers info getting compromised help


I have a woocommerce store and i sell digital items there, few days ago i was just working on my computer and saw a person ( in tawk.to) logging in to different customer accounts every few seconds and accessing the my-account/orders and most probably stealing information, how come is he able to get customers login data? He was able to login into 40-50 accounts in and out in few minutes and same IP address

How can I protect my website from this?

I already have captcha enabled on my login page still he’s able to to this

Any help will be appreciated

Thank you

  1. Were they actually logging into, or just attempting to? What were you actually seeing? What plugin/product were you using to identify the login process?

  2. Disable xml-rtc.

    And use loginizer to limit login attempts to 5 before locking out the IP address.


This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer