Skip to content

Why WooCommerce Subscriptions payments got double-charged?

  • by

I stumbled a very nice case study where a WooCommerce developer investigating the case of WooCommerce Subscriptions payments were double charged.

The story is very interesting.

Some interesting parts are:

Woocommerce Subscriptions utilises WP-Cron to initiate its scheduled payments. Cron is an automated task scheduler which runs in the background on servers at fixed times. WP-Cron is WordPress’ own implementation of Cron, written in PHP.

The main drawback to WP-Cron is that it’s written in PHP, and unlike conventional Cron Jobs, scheduled jobs in WP-Cron can only execute once the PHP code is run by the browser. In simplified terms, WP-Cron can only execute once a customer visits the site, whereas conventional Cron can run regardless.

This means that if you schedule a task for 3pm every day – in conventional Cron, this task will run at 3pm regardless. In WP, it will only run when the PHP executes, so if your site gets a visitor at 3:15pm, your WP-Cron Job will run at 3:15pm, not the automated 3pm.Click here to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

And:

The site was being aggressively cached between the two Nameservers. User A would visit the site via Nameserver 1, which triggered WP-Cron/Action Scheduler, initiating a charge and moving the renewal order to a processing status.

Some time later, User B would visit the site via Nameserver 2 – also triggering WP-Cron. Due to the aggressive caching, Nameserver 2 wouldn’t see that this order was already in the processing state and think it hasn’t begun to be processed yet, so it will run that renewal order and initiate a charge to Stripe.Click here to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

The conclusion?

Find out more here: https://ashcroft.dev/blog/case-of-woocommerce-double-charge/

Leave a Reply

Your email address will not be published. Required fields are marked *