Once again, I’m trying to find WooCommerce anti-spam workarounds to avoid manual admin work like receiving hundreds of emails, deleting hundreds of fake orders and fake WordPress users.
In today’s “episode” I will try to clean the WordPress User database table after a failed order, because I’m really angry when “17PmU3MmKZS9ZAy7 17PmU3MmKZS9ZAy7” manages to register an account on Business Bloomer after a carding attack!
Please test this snippet on a dev/staging environment and not directly on the live site. Deleting a WordPress user is never a good idea, so you need to make sure everything is working as it should. Enjoy!
PHP Snippet: Delete Customer After a Failed Order @ WooCommerce Checkout
Note 1: this snippet runs on the WooCommerce Thank You page, so make sure your credit card orders are redirected there.
Note 2: this function only works for non-guest orders, because it then uses the logged in user to check if they have previous legit orders.
Note 3: to me, a legit order is when a customer has previous Processing, Completed, Pending or On-hold orders in their name. Feel free to remove or add order statuses to the array.
Note 4: as of now, if this is a first-time customer (so, no previous orders), they will be deleted. It may be a problem for legit customers who end up with a failed order due to a failed payment… Still not sure how to exclude these humans.
Note 5: how can you test this? Because you really don’t want to place a fake order with a real credit card and make it fail… My workaround: from the WP admin I create a new user – then I create a manual WooCommerce order in their name – then set the order status to failed. At this point, I go to the thank you page and the code triggers. User should be deleted, UNLESS the same user has a previous legit order.
/**
* @snippet Destroy Failed Order Customer @ WooCommerce Checkout
* @how-to Get CustomizeWoo.com FREE
* @author Rodolfo Melogli
* @compatible WooCommerce 8
* @community https://businessbloomer.com/club/
*/
add_action( 'woocommerce_thankyou', 'bbloomer_destroy_failed_order_customer' );
function bbloomer_destroy_failed_order_customer( $order_id ) {
$order = wc_get_order( $order_id );
if ( $order->has_status( 'failed' ) ) {
$customer_id = is_callable( array( $order, 'get_customer_id' ) ) ? $order->get_customer_id() : 0;
if ( $customer_id == 0 ) return;
$legit_orders = wc_get_orders( [
'customer' => $customer_id,
'status' => array( 'wc-processing', 'wc-completed', 'wc-pending' ),
'return' => 'ids',
] );
if ( count( $legit_orders ) > 0 ) return;
require_once( ABSPATH.'wp-admin/includes/user.php' );
wp_delete_user( $customer_id );
}
}
Hi Rodolfo, first of all thank you for the help you offer, you’ve saved me on many occasions!
That said, this snippet would be really useful, but as you said, you can’t rule out a customer who places a failed order in good faith…
I thought that a solution could be to create a count of failed orders and only after a few attempts delete the user ,for example:
– first failed order > count 1 + do nothing
– second failed order > delete user account and orders + send info email just in case is human
Do you think it is possible? Thanks again for everything and good work!
Ciao Alessio! Sure, you could count the “wc-failed” orders instead of processing + completed, and only trigger this if there is no previous failed order