WooCommerce: Checkout Anti-Spam Honeypot

Here’s my second attempt to fight against WooCommerce spam, without installing a captcha plugin. A few posts ago I covered the My Account user registration spam, so today I want to tackle the WooCommerce Checkout, and try to “trick” spam bots.

Of course, this is a workaround and smart bots may understand you’re tricking them. So, feel free to test this first and let me know if it stops spam orders, card testing attacks, and tons of fake user registrations.

Same as the other post, I will be adding a custom hidden checkout field with an empty value. This won’t be visible to the customer, but will be to spam bots, which will try to post a value. My validation code will, however, generate an error if the custom field posts a value, and therefore should prevent most spam bots from going through.

Let me know if it works!

Here’s the hidden field that users don’t see but spam bots do. If they fill the input with a value, the WooCommerce Checkout page will return a validation error. Fingers crossed…

PHP Snippet: (Try to) Prevent Spam Orders @ WooCommerce Checkout

/**
 * @snippet       Custom Captcha @ WooCommerce Checkout
 * @how-to        businessbloomer.com/woocommerce-customization
 * @author        Rodolfo Melogli, Business Bloomer
 * @compatible    WooCommerce 8
 * @community     https://businessbloomer.com/club/
 */

add_action( 'woocommerce_after_checkout_billing_form', 'bbloomer_checkout_honeypot', 9999 );
 
function bbloomer_checkout_honeypot() {
	echo '<p style="opacity: 0; position: absolute; top: 0; left: 0; height: 0; width: 0; z-index: -1;"><input type="text" name="bb_checkout_hp" value="" tabindex="-1" autocomplete="off"></p>';
}

add_action( 'woocommerce_after_checkout_validation', 'bbloomer_checkout_honeypot_validate' );
  
function bbloomer_checkout_honeypot_validate( $posted ) {
   if ( isset( $_POST['bb_checkout_hp'] ) && ! empty( $_POST['bb_checkout_hp'] ) ) {
      wc_add_notice( 'Sorry, our system flagged this checkout attempt as spam. Please try again', 'error' );
   }
}

Where to add custom code?

You should place custom PHP in functions.php and custom CSS in style.css of your child theme: where to place WooCommerce customization?

This code still works, unless you report otherwise. To exclude conflicts, temporarily switch to the Storefront theme, disable all plugins except WooCommerce, and test the snippet again: WooCommerce troubleshooting 101

Related content

Rodolfo Melogli

Business Bloomer Founder

Author, WooCommerce expert and WordCamp speaker, Rodolfo has worked as an independent WooCommerce freelancer since 2011. His goal is to help entrepreneurs and developers overcome their WooCommerce nightmares. Rodolfo loves travelling, chasing tennis & soccer balls and, of course, wood fired oven pizza. Follow @rmelogli

Questions? Feedback? Customization? Leave your comment now!
_____

If you are writing code, please wrap it like so: [php]code_here[/php]. Failure to complying with this, as well as going off topic or not using the English language will result in comment disapproval. You should expect a reply in about 2 weeks - this is a popular blog but I need to get paid work done first. Please consider joining the Business Bloomer Club to get quick WooCommerce support. Thank you!

Your email address will not be published. Required fields are marked *