Here’s my second attempt to fight against WooCommerce spam, without installing a captcha plugin. A few posts ago I covered the My Account user registration spam, so today I want to tackle the WooCommerce Checkout, and try to “trick” spam bots.
Of course, this is a workaround and smart bots may understand you’re tricking them. So, feel free to test this first and let me know if it stops spam orders, card testing attacks, and tons of fake user registrations.
Same as the other post, I will be adding a custom hidden checkout field with an empty value. This won’t be visible to the customer, but will be to spam bots, which will try to post a value. My validation code will, however, generate an error if the custom field posts a value, and therefore should prevent most spam bots from going through.
Let me know if it works!
PHP Snippet: (Try to) Prevent Spam Orders @ WooCommerce Checkout
/**
* @snippet Custom Captcha @ WooCommerce Checkout
* @how-to businessbloomer.com/woocommerce-customization
* @author Rodolfo Melogli, Business Bloomer
* @compatible WooCommerce 8
* @community https://businessbloomer.com/club/
*/
add_action( 'woocommerce_after_checkout_billing_form', 'bbloomer_checkout_honeypot', 9999 );
function bbloomer_checkout_honeypot() {
echo '<p style="opacity: 0; position: absolute; top: 0; left: 0; height: 0; width: 0; z-index: -1;"><input type="text" name="bb_checkout_hp" value="" tabindex="-1" autocomplete="off"></p>';
}
add_action( 'woocommerce_after_checkout_validation', 'bbloomer_checkout_honeypot_validate' );
function bbloomer_checkout_honeypot_validate( $posted ) {
if ( isset( $_POST['bb_checkout_hp'] ) && ! empty( $_POST['bb_checkout_hp'] ) ) {
wc_add_notice( 'Sorry, our system flagged this checkout attempt as spam. Please try again', 'error' );
}
}