WooCommerce: Delete Customer After a Failed (Spam) Order

Once again, I’m trying to find WooCommerce anti-spam workarounds to avoid manual admin work like receiving hundreds of emails, deleting hundreds of fake orders and fake WordPress users.

In today’s “episode” I will try to clean the WordPress User database table after a failed order, because I’m really angry when “17PmU3MmKZS9ZAy7 17PmU3MmKZS9ZAy7” manages to register an account on Business Bloomer after a carding attack!

Please test this snippet on a dev/staging environment and not directly on the live site. Deleting a WordPress user is never a good idea, so you need to make sure everything is working as it should. Enjoy!

Ah, carding attacks! Here is a series of fake orders placed by fake users. My goal is to destroy these users and remove them from the WordPress database, so that it remains clean.

PHP Snippet: Delete Customer After a Failed Order @ WooCommerce Checkout

Note 1: this snippet runs on the WooCommerce Thank You page, so make sure your credit card orders are redirected there.

Note 2: this function only works for non-guest orders, because it then uses the logged in user to check if they have previous legit orders.

Note 3: to me, a legit order is when a customer has previous Processing, Completed, Pending or On-hold orders in their name. Feel free to remove or add order statuses to the array.

Note 4: as of now, if this is a first-time customer (so, no previous orders), they will be deleted. It may be a problem for legit customers who end up with a failed order due to a failed payment… Still not sure how to exclude these humans.

Note 5: how can you test this? Because you really don’t want to place a fake order with a real credit card and make it fail… My workaround: from the WP admin I create a new user – then I create a manual WooCommerce order in their name – then set the order status to failed. At this point, I go to the thank you page and the code triggers. User should be deleted, UNLESS the same user has a previous legit order.

/**
 * @snippet       Destroy Failed Order Customer @ WooCommerce Checkout
 * @how-to        businessbloomer.com/woocommerce-customization
 * @author        Rodolfo Melogli, Business Bloomer
 * @compatible    WooCommerce 8
 * @community     https://businessbloomer.com/club/
 */

add_action( 'woocommerce_thankyou', 'bbloomer_destroy_failed_order_customer' );

function bbloomer_destroy_failed_order_customer( $order_id ) {
	$order = wc_get_order( $order_id );
	if ( $order->has_status( 'failed' ) ) {				
		$customer_id = is_callable( array( $order, 'get_customer_id' ) ) ? $order->get_customer_id() : 0;
		if ( $customer_id == 0 ) return;
		$legit_orders = wc_get_orders( [ 
			'customer' => $customer_id,
			'status' => array( 'wc-processing', 'wc-completed', 'wc-pending' ),
         'return' => 'ids',
		] );
		if ( count( $legit_orders ) > 0 ) return; 
		require_once( ABSPATH.'wp-admin/includes/user.php' );
		wp_delete_user( $customer_id );
	}
}

Where to add custom code?

You should place custom PHP in functions.php and custom CSS in style.css of your child theme: where to place WooCommerce customization?

This code still works, unless you report otherwise. To exclude conflicts, temporarily switch to the Storefront theme, disable all plugins except WooCommerce, and test the snippet again: WooCommerce troubleshooting 101

Related content

Rodolfo Melogli

Business Bloomer Founder

Author, WooCommerce expert and WordCamp speaker, Rodolfo has worked as an independent WooCommerce freelancer since 2011. His goal is to help entrepreneurs and developers overcome their WooCommerce nightmares. Rodolfo loves travelling, chasing tennis & soccer balls and, of course, wood fired oven pizza. Follow @rmelogli

2 thoughts on “WooCommerce: Delete Customer After a Failed (Spam) Order

  1. Hi Rodolfo, first of all thank you for the help you offer, you’ve saved me on many occasions!
    That said, this snippet would be really useful, but as you said, you can’t rule out a customer who places a failed order in good faith…
    I thought that a solution could be to create a count of failed orders and only after a few attempts delete the user ,for example:

    – first failed order > count 1 + do nothing
    – second failed order > delete user account and orders + send info email just in case is human

    Do you think it is possible? Thanks again for everything and good work!

    1. Ciao Alessio! Sure, you could count the “wc-failed” orders instead of processing + completed, and only trigger this if there is no previous failed order

Questions? Feedback? Customization? Leave your comment now!
_____

If you are writing code, please wrap it like so: [php]code_here[/php]. Failure to complying with this, as well as going off topic or not using the English language will result in comment disapproval. You should expect a reply in about 2 weeks - this is a popular blog but I need to get paid work done first. Please consider joining the Business Bloomer Club to get quick WooCommerce support. Thank you!

Your email address will not be published. Required fields are marked *