I have a woocommerce store and i sell digital items there, few days ago i was just working on my computer and saw a person ( in tawk.to) logging in to different customer accounts every few seconds and accessing the my-account/orders and most probably stealing information, how come is he able to get customers login data? He was able to login into 40-50 accounts in and out in few minutes and same IP address
How can I protect my website from this?
I already have captcha enabled on my login page still he’s able to to this
Any help will be appreciated
Were they actually logging into, or just attempting to? What were you actually seeing? What plugin/product were you using to identify the login process?
And use loginizer to limit login attempts to 5 before locking out the IP address.