Something wired happened, someone from India bought an item from me and downloaded it even though my website cart is disabled and I am in sandbox?
How?
This sounds weird, but it doesn’t really sound like a hack…
In my opinion, most likely WooCommerce still allowed an order in the background. As far as I know, sandbox doesn’t block orders and disabling the cart doesn’t fully stop direct checkout or even API calls.
Check if it’s a real order, its status and your payment logs. I assume you should see in logs more details about this.
If you have details, you can also share them here further and I can also think on this and investigate a bit.
Yes I think this is what happened but still this was done by some Indian guy that wanted probably payed with a fake card or something.
My question is where did themoney go since this is a sandbox it only works with the user created for the sandbox I am so confused but it is a real order… with a registerd user.
1 Like
You can also try using a plugin which blocks the site from the public, maybe like: Coming Soon Page & Maintenance Mode Coming Soon Page & Maintenance Mode – WordPress plugin | WordPress.org
For now I disabled the WooCommerce payments competely until I go live with the site, but I did not expect this, Indian are the wors when it comes to scams and hacking, is a job for them, they go to office to do th is kind of things almost legal 
1 Like
Or maybe your product is just that good 
1 Like