Managing to order while store is closed? Shopify security flaw?

4 1 0


We are just launching our Shopify store so it is closed at the moment but also we periodically close the store to catch up with order fulfillment.

We're using the "We're Open" app which disables adding to cart buttons and checkout with a message on.

Plus I've removed the Add to Cart buttons on each product page so you'd think it'd be impossible to add something and checkout with these in place.

However this morning somebody managed to make an order and go through the full checkout paying for it.

Have they somehow got in 'around the back' and bypassed the Add to Cart buttons all together?

All help appreciated and this is confusing us.


Shopify Expert
2862 117 937

Yes. One can go around cart buttons. There are cart permalinks for example, however, I guess the most possible reason why it happened is that this person had Javascript disabled or alike and App 'slipped' (it's just a guess though).

It would be much more secure to make your products unavailable by setting zero stock level or unpublishing them. This can be done using bulk product editor or CSV import-export, so should not be a huge hassle.


Want to hire me to tweak a theme? Mail me at!
My post solved your problem? Like it!
4 1 0

This is an accepted solution.

It's sorted I think.

English isn't the first language of the person who place the order and they didn't understand the messages.

They bypassed the cart button by typing a quantity and hitting enter. I've removed the quanity selector for now as a temporary fix.

Thanks for the reply.