Assistance with securing Stripe payment portal

We have a payment page on our site that uses the Stripe payment plugin from Yuzool.

This is very simple and works well but as there is no security requirements (recaptcha, etc.) we have been “hacked” a couple of times by someone attempting to run thousands of fraudulent charges to test card numbers. Stripe has now told us to implement some kind of security in order to continue to use their service. I’ve reached out to Yuzool many times but have never received a response.

I would appreciate any suggestions from this group as to some possible options. There doesn’t appear to be a way to include a recaptcha IN the plugin as the submit button is part of the plugin itself. Possibly a recaptcha, etc. that would be required to “unhide” the payment portal?

Thank you.

Another option might be to use the Joe Workman Peekaboo stack to hide the form, and then integrate a reCaptcha “form” that doesn’t send an email, but instead “goes” to a link that triggers the Peekaboo.

However, I haven’t had any luck getting reCaptcha to work for me. Must be above my abillity.

A reCaptcha “stack” would be incredibly useful. I can’t believe no one has developed one yet.

I’ve not received any information on this issue either here or on the Foundry forums. While I’ve enjoyed working with Rapidweaver for many years, I think I’ve finally run up against it’s limitations. I think it’s time I start seriously considering Wordpress. I know all of the negatives, but I need a tool that offers these kinds of features.

I don’t know what the answer is to your situation but Yuzool has been missing in action for many folks. In fact, he’s put off people so much probably everyone has given up on him: thus no responses.

I don’t need to do payment “stuff” on my websites but I suggest creating a new post asking about best Stripe savvy options with Recaptcha. I believe thare are some RW stacks that will do this for you.

Yes, I’ve seen that. I would imagine he’d have a lot of reputation repair to do if he wishes to continue in this space.

Unfortunately, he really has the only Stripe “plug in” that isn’t an ecommerce solution. I am looking at PaySnap, but again, it does a lot more than what I need and might be confusing to the people who need to make a payment.

Same here. Calling all RW developers to look into creating the next big Stripe stack!

Whilst I dont have an answer for you, im interested in the outcome, as we had the same issue last year, 300 hits at $1/time testing cards.
We used a payment terminal, that I had to hide, and take our keys offline due to this, our s/w came from Envanto market, and was good for what it did…

Had you thought about using Joe Workmans sitelock, and securing that part for payment… thats the avenue I was thinking of.

Kevin -

Joe Workman’s Sitelock stack is designed to work WITH Vibralogix’s Sitelok software . . . it doesn’t protect the site on it’s own. I do have Sitelok and I am working with the developer to see if we can figure out a way to “lock” the payment page with a hidden form but a visible recaptcha that would allow a one time “unlock” of the payment page and then close the session. This wouldn’t be too much of a hassle for legitimate customers would enough to make it unattractive to “hackers”. I’ll post the results here . . . even Adrian at Sitelok wasn’t sure it would work.

Minor error, its pagesafe:

would that work?

Kevin -

I looked at that too. It seems to require a passcode, not a recaptcha, so once that is “figured out” (and you can’t make it too hard or no one will be able to get in, then it wouldn’t be hard to abuse. At least with Sitelok, there is a “session”. Adrian says it’s possible to “kill” the session immediately after unlock so the next time that page is accessed, the recaptcha must be performed again. Users can’t just go back into their browser history, etc.

Excellent, thank you.

Could I ask, even though he’s not flavour of the month, what Stripe stack you bought, it looks like it will fit my needs.


It’s just called “Stripe” (version 1.7.5) from Yuzoolthemes. I don’t know if he even still sells it as a standalone item. It DOES actually work well . . . just not at all secure.

1 Like

Thank you

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.