Braintree for WooCommerce Payment Gateway

I’ve never even really thought about this plugin, which is exactly what you want. And when I had a question about carding attacks, their support team was very responsive and had good ideas that helped me out.

Three years ago, @patrickhs reported that this plugin has “non-existent fraud protection”, and apparently this hasn’t changed.

I manage over 100 WordPress sites, and only three of them get hit with velocity attacks, where scammers will use your site to test stolen credit cards, generating hundreds of failed orders (last attack was over 5,000 attempts). I spent countless hours trying various anti-spam plugins and writing various scripts, until I finally discovered a pattern: These are the only sites using Braintree for WooCommerce Payment Gateway. Clearly this plugin suffers from an unpatched vulnerability because somehow a Guest user had five charges approved for the same order, all different card numbers, preceded by hundreds of failed attempts (each attempt generating an order note, about one second apart). Another order showed a failed attempt after the successful payment. That’s not how WooCommerce works, especially when your Checkout page has a reCAPTCHA. You can’t pass reCAPTCHAs that quickly, and you can’t (successfully) pay for the same order twice; that’d be a new order. So essentially this plugin is an invitation for hackers to bypass the Checkout interface and make order attempts programmatically.

Also, the latest update (3.1.7) destroys the credit card field styling (and, in turn, customers’ trust). I’m glad I noticed that right away.

Combining that with the fact that I reported a bug (“sv-wc-payment-gateway-payment-form.min.css.map error”) over a year ago that could be resolved by adding a single space to a file—and they still haven’t fixed it—I no longer trust Braintree and have begun switching everyone to WooPayments. First impressions of WooPayments are great, setup is a breeze, and my Checkout pages are now more user-friendly in multiple ways.

The plugin seems fine. Support–especially here on wordpress.org–can be pretty terrible. This rating is for plugin support.

The plugin still uses the Godaddy Plugin Framework and ends up throwing deprecated warnings on subscription renewals.

We’ve raised a bug on the support forums regarding a deprecated warning, which they closed as “resolved” to make their stats look good and via woocommerce.com (where you can’t see the number of open tickets) and this is still pending 3 months later and “At this time, there is no ETA for the fix.”.

Furthermore, contrary to the Stripe plugin, they keep this in a private repo, so we can’t send a PR either, so we have to rely solely on their goodwill to resolve this 10-minute bug. There’s no reason to keep a free plugin in a private repo…

p.s. to the support moderator who rejected my previous review saying “I have removed your review. Please do not use the review section for support.”. Your comment is completely invalid. This IS a REVIEW and NOT a support request – I’ve already requested support via the appropriate channels. Here, I am REVIEWING the support we receive from this plugin and the way the dev team of this plugin handles bug requests. I get that nobody likes negative reviews, but others have the right to read genuine reviews and decide accordingly before deciding which plugin to use. This REWIEW is within the guidelines and there’s no genuine reason for removal.

• This topic was modified 2 years, 7 months ago by George.

The plugin is very easy to use, and they have a great support team.