WooCommerce: Limit Daily Sales For Cheap Products (Anti-Spam)

We could call this the “WooCommerce Anti-Spam Without a Plugin” series, while I attempt to fight against bad humans and very bad bots who love attacking the Business Bloomer checkout page with spam orders and fake user registrations.

My first attempts were (1) My Account registration anti-spam honeypot, (2) Checkout anti-carding-attack honeypot, and (3) Reducing the number of admin emails, but I can tell that (2) didn’t work, and I got another carding attack on a $9 product last weekend. Bots are smart.

Today, I’d like to share another anti-spam snippet that I’m currently testing on Business Bloomer. Most carding attacks, in fact, end up with the purchase of a single product in the $1-$9 range – which means that limiting the daily sales for specific, inexpensive, products may do the trick.

My code counts the times each product has been purchased during the day – and if a carding attack occurs, the product won’t be purchasable any longer until the end of the day. Because we’re talking about cheap products, it’s no problem for me to disallow legit sales as well for 24 hours. Use at your own risk, of course.

We already covered how to “Limit Sales Of A Product Per Day“, but this time I’d like to apply that to an array of products – and specifically all those that are under $10. Enjoy!

Sorry, humans! Unfortunately bots decided to purchase this product 3 times already today, so it’s not available any longer to anyone, stupid bots included! As you can see, the “Add to Cart” button is gone. Good bye, carding attacks.

PHP Snippet: Limit Daily Sales For Products $1-$9 @ WooCommerce Checkout

Note: feel free to change the product price range (in the first line of the function I exclude products outside the $1-$9 price value), and the daily sales threshold (in the second-last line of the function I set this to max 3 sales).

/**
 * @snippet       Limit Sales To Avoid Carding Attacks @ WooCommerce
 * @how-to        Get CustomizeWoo.com FREE
 * @author        Rodolfo Melogli
 * @compatible    WooCommerce 8
 * @community     https://businessbloomer.com/club/
 */

add_filter( 'woocommerce_is_purchasable', 'bbloomer_not_purchasable_after_daily_limit', 9999, 2 );

function bbloomer_not_purchasable_after_daily_limit( $is_purchasable, $product ) {
	
   // CONSIDER ONLY PRODUCTS IN THE $1-$9 RANGE
	if ( $product->get_price() > 9 || $product->get_price() < 1 ) return $is_purchasable;
	
	// GET TODAYS ORDERS AND COUNT PRODUCT SALES
	$all_orders = wc_get_orders(
		array(
			'limit' => -1,
			'date_created' => date( 'Y-m-d' ),
			'return' => 'ids',
		)
	);
	$count = array();
	foreach ( $all_orders as $all_order ) {
		$order = wc_get_order( $all_order );
		$items = $order->get_items();
		foreach ( $items as $item ) {
			$product_id = $item->get_product_id();
			if ( $product_id ) {
				$count[$product_id] = isset( $count[$product_id] ) ? $count[$product_id] + absint( $item['qty'] ) : absint( $item['qty'] );
			}
		}
	}
	
	// LIMIT 3 DAILY SALES
	if ( $count[$product->get_id()] >= 3 ) return false;
	
	return $is_purchasable;
	
}

Where to add custom code?

You should place custom PHP in functions.php and custom CSS in style.css of your child theme: where to place WooCommerce customization?

This code still works, unless you report otherwise. To exclude conflicts, temporarily switch to the Storefront theme, disable all plugins except WooCommerce, and test the snippet again: WooCommerce troubleshooting 101

Related content

  • WooCommerce: Display All Products Purchased by User
    When a WooCommerce customer is logged in, you might want to show them the list of previously purchased products (maybe in a custom “My Account” tab). This is helpful when customers tend to buy the same products over and over again, and therefore you can help them “order again” without having them to search the […]
  • WooCommerce: How to Add a Custom Checkout Field
    Let’s imagine you want to add a custom checkout field (and not an additional billing or shipping field) on the WooCommerce Checkout page. For example, it might be a customer licence number – this has got nothing to do with billing and nothing to do with shipping. Ideally, this custom field could show above the […]
  • WooCommerce: Get Order Data (total, items, etc) From $order Object
    As a WooCommerce development freelancer, every day I repeat many coding operations that make me waste time. One of them is: “How to get ____ if I have the $order variable/object?“. For example, “How can I get the order total“? Or “How can I get the order items“? Or maybe the order dates, customer ID, […]
  • WooCommerce: Allow Users to Edit Processing Orders
    How can WooCommerce customers edit an order they just placed and paid for? I swear I looked on search engine results and other places before coming to the conclusion I needed to code this myself. For example, a user might want to change the delivery date (if you provide this on the checkout page). Or […]
  • WooCommerce: How to Add a Custom Order Status
    All WooCommerce orders go to either “processing“, “completed“, “on-hold” and other default order statuses based on the payment method and product type. Sometimes these statuses are not enough. For example, you might need to mark certain orders in a different way for tracking, filtering, exporting purposes. Or you might want to disable default emails by […]

Rodolfo Melogli

Business Bloomer Founder

Author, WooCommerce expert and WordCamp speaker, Rodolfo has worked as an independent WooCommerce freelancer since 2011. His goal is to help entrepreneurs and developers overcome their WooCommerce nightmares. Rodolfo loves travelling, chasing tennis & soccer balls and, of course, wood fired oven pizza. Follow @rmelogli

2 thoughts on “WooCommerce: Limit Daily Sales For Cheap Products (Anti-Spam)

  1. Hi Rodolfo,
    We have been fighting Bot Orders as well lately, and I like this idea, but it does not work for our business case. We have over 11,000 sku’s with many varying price ranges. And for example we sale Fuel Line that most customers are going to purchase a quantity of 10 to 100 ft. at a time. And possibly several customers a day might make that purchase. So this would block these sales. Would their be a way instead of using the get order of Date created, utilizing a Time Created, so say orders in the last 5 minutes. And we wouldn’t have to set a dollar amount. That way the bot orders would atleast stop after 5 minutes and would have to attempt another item. They may get tired of this game and move onto easier pray. We realized the only way to stop these card testing hacks is to hide the item temporarily, but then they just move onto the next one. So aggravating and we are trying everything to avoid installing Recaptcha.

    1. Hello Brooke, thanks so much for your comment! Yes, this is definitely possible, but I’m afraid it’s custom work. If you’d like to get a quote, feel free to contact me here. Thanks a lot for your understanding!

Questions? Feedback? Customization? Leave your comment now!
_____

If you are writing code, please wrap it like so: [php]code_here[/php]. Failure to complying with this, as well as going off topic or not using the English language will result in comment disapproval. You should expect a reply in about 2 weeks - this is a popular blog but I need to get paid work done first. Please consider joining the Business Bloomer Club to get quick WooCommerce support. Thank you!

Your email address will not be published. Required fields are marked *