Once again, I’m trying to find WooCommerce anti-spam workarounds to avoid manual admin work like receiving hundreds of emails, deleting hundreds of fake orders and fake WordPress users.
In today’s “episode” I will try to clean the WordPress User database table after a failed order, because I’m really angry when “17PmU3MmKZS9ZAy7 17PmU3MmKZS9ZAy7” manages to register an account on Business Bloomer after a carding attack!
Please test this snippet on a dev/staging environment and not directly on the live site. Deleting a WordPress user is never a good idea, so you need to make sure everything is working as it should. Enjoy!
Continue reading WooCommerce: Delete Customer After a Failed (Spam) Order
We could call this the “WooCommerce Anti-Spam Without a Plugin” series, while I attempt to fight against bad humans and very bad bots who love attacking the Business Bloomer checkout page with spam orders and fake user registrations.
My first attempts were (1) My Account registration anti-spam honeypot, (2) Checkout anti-carding-attack honeypot, and (3) Reducing the number of admin emails, but I can tell that (2) didn’t work, and I got another carding attack on a $9 product last weekend. Bots are smart.
Today, I’d like to share another anti-spam snippet that I’m currently testing on Business Bloomer. Most carding attacks, in fact, end up with the purchase of a single product in the $1-$9 range – which means that limiting the daily sales for specific, inexpensive, products may do the trick.
My code counts the times each product has been purchased during the day – and if a carding attack occurs, the product won’t be purchasable any longer until the end of the day. Because we’re talking about cheap products, it’s no problem for me to disallow legit sales as well for 24 hours. Use at your own risk, of course.
We already covered how to “Limit Sales Of A Product Per Day“, but this time I’d like to apply that to an array of products – and specifically all those that are under $10. Enjoy!
Continue reading WooCommerce: Limit Daily Sales For Cheap Products (Anti-Spam)
Here’s my second attempt to fight against WooCommerce spam, without installing a captcha plugin. A few posts ago I covered the My Account user registration spam, so today I want to tackle the WooCommerce Checkout, and try to “trick” spam bots.
Of course, this is a workaround and smart bots may understand you’re tricking them. So, feel free to test this first and let me know if it stops spam orders, card testing attacks, and tons of fake user registrations.
Same as the other post, I will be adding a custom hidden checkout field with an empty value. This won’t be visible to the customer, but will be to spam bots, which will try to post a value. My validation code will, however, generate an error if the custom field posts a value, and therefore should prevent most spam bots from going through.
Let me know if it works!
Continue reading WooCommerce: Checkout Anti-Spam Honeypot
Here’s my personal attempt to fight against the WooCommerce My Account Page registration spam, without installing yet another captcha plugin.
I’m pretty sure this solution is not perfect, because spam bots are very “smart”, but it can help prevent most fake registrations.
The way I built it, is by adding a custom input field to the My Account Register form with an empty value. Hidden via CSS, this is not visible to the user – but it is visible to spam bots, which will try to post a value. The trick here is the validation check; an error will be generated if the input has a value, and therefore should prevent most fake registration to go through.
Take a look at the code, test it, and enjoy!
Continue reading WooCommerce: My Account Registration Anti-Spam Honeypot