WooCommerce: Delete Customer After a Failed (Spam) Order

Once again, I’m trying to find WooCommerce anti-spam workarounds to avoid manual admin work like receiving hundreds of emails, deleting hundreds of fake orders and fake WordPress users.

In today’s “episode” I will try to clean the WordPress User database table after a failed order, because I’m really angry when “17PmU3MmKZS9ZAy7 17PmU3MmKZS9ZAy7” manages to register an account on Business Bloomer after a carding attack!

Please test this snippet on a dev/staging environment and not directly on the live site. Deleting a WordPress user is never a good idea, so you need to make sure everything is working as it should. Enjoy!

Ah, carding attacks! Here is a series of fake orders placed by fake users. My goal is to destroy these users and remove them from the WordPress database, so that it remains clean.

PHP Snippet: Delete Customer After a Failed Order @ WooCommerce Checkout

Note 1: this snippet runs on the WooCommerce Thank You page, so make sure your credit card orders are redirected there.

Note 2: this function only works for non-guest orders, because it then uses the logged in user to check if they have previous legit orders.

Note 3: to me, a legit order is when a customer has previous Processing, Completed, Pending or On-hold orders in their name. Feel free to remove or add order statuses to the array.

Note 4: as of now, if this is a first-time customer (so, no previous orders), they will be deleted. It may be a problem for legit customers who end up with a failed order due to a failed payment… Still not sure how to exclude these humans.

Note 5: how can you test this? Because you really don’t want to place a fake order with a real credit card and make it fail… My workaround: from the WP admin I create a new user – then I create a manual WooCommerce order in their name – then set the order status to failed. At this point, I go to the thank you page and the code triggers. User should be deleted, UNLESS the same user has a previous legit order.

/**
 * @snippet       Destroy Failed Order Customer @ WooCommerce Checkout
 * @how-to        Get CustomizeWoo.com FREE
 * @author        Rodolfo Melogli
 * @compatible    WooCommerce 8
 * @community     https://businessbloomer.com/club/
 */

add_action( 'woocommerce_thankyou', 'bbloomer_destroy_failed_order_customer' );

function bbloomer_destroy_failed_order_customer( $order_id ) {
	$order = wc_get_order( $order_id );
	if ( $order->has_status( 'failed' ) ) {				
		$customer_id = is_callable( array( $order, 'get_customer_id' ) ) ? $order->get_customer_id() : 0;
		if ( $customer_id == 0 ) return;
		$legit_orders = wc_get_orders( [ 
			'customer' => $customer_id,
			'status' => array( 'wc-processing', 'wc-completed', 'wc-pending' ),
         'return' => 'ids',
		] );
		if ( count( $legit_orders ) > 0 ) return; 
		require_once( ABSPATH.'wp-admin/includes/user.php' );
		wp_delete_user( $customer_id );
	}
}

Where to add custom code?

You should place custom PHP in functions.php and custom CSS in style.css of your child theme: where to place WooCommerce customization?

This code still works, unless you report otherwise. To exclude conflicts, temporarily switch to the Storefront theme, disable all plugins except WooCommerce, and test the snippet again: WooCommerce troubleshooting 101

Related content

  • WooCommerce: Separate Login, Registration, My Account Pages
    There are times when you need to send logged out customers to a Login page and unregistered customers to a standalone Register page. As you know, the WooCommerce My Account page, which contains the Login Username or email address * Password * Remember me Log in Lost your password? shortcode, has both Login and Registration forms when […]
  • WooCommerce: File Upload @ My Account Registration Form
    You can add first and last name to the WooCommerce registration form (easy, no?). Or maybe a custom radio field. And why not, a file upload input – which is able to load an image from the user’s browser, assign it to the form, and add the image to “Media” in your WordPress install. And […]
  • WooCommerce: Deny Automatic Login Upon Registration @ My Account
    If you’ve enabled customer registration on the My Account page, you will know that a new user is automatically logged in as soon as they successfully register. This is great – however in certain cases it could be “dangerous” (for example, if you need to manually approve each user). As I was searching through the […]
  • WooCommerce B2B: How to Set Up a Wholesale Store
    The ecommerce sector is seeing incredible growth, year after year, with no foreseeable end in sight. The same is true for B2B ecommerce, yet there aren’t many good platform choices available for small-to-medium businesses that want to sell wholesale. There are several SaaS solutions on the market, but these are costly, closed-source, and mostly oriented […]
  • WooCommerce: Change User Role for New Customers
    If you don’t want to assign the WooCommerce user role “customer” to new… customers, there is simple PHP that can be added to your functions.php to achieve this. Enjoy!

Rodolfo Melogli

Business Bloomer Founder

Author, WooCommerce expert and WordCamp speaker, Rodolfo has worked as an independent WooCommerce freelancer since 2011. His goal is to help entrepreneurs and developers overcome their WooCommerce nightmares. Rodolfo loves travelling, chasing tennis & soccer balls and, of course, wood fired oven pizza. Follow @rmelogli

2 thoughts on “WooCommerce: Delete Customer After a Failed (Spam) Order

  1. Hi Rodolfo, first of all thank you for the help you offer, you’ve saved me on many occasions!
    That said, this snippet would be really useful, but as you said, you can’t rule out a customer who places a failed order in good faith…
    I thought that a solution could be to create a count of failed orders and only after a few attempts delete the user ,for example:

    – first failed order > count 1 + do nothing
    – second failed order > delete user account and orders + send info email just in case is human

    Do you think it is possible? Thanks again for everything and good work!

    1. Ciao Alessio! Sure, you could count the “wc-failed” orders instead of processing + completed, and only trigger this if there is no previous failed order

Questions? Feedback? Customization? Leave your comment now!
_____

If you are writing code, please wrap it like so: [php]code_here[/php]. Failure to complying with this, as well as going off topic or not using the English language will result in comment disapproval. You should expect a reply in about 2 weeks - this is a popular blog but I need to get paid work done first. Please consider joining the Business Bloomer Club to get quick WooCommerce support. Thank you!

Your email address will not be published. Required fields are marked *