We could call this the “WooCommerce Anti-Spam Without a Plugin” series, while I attempt to fight against bad humans and very bad bots who love attacking the Business Bloomer checkout page with spam orders and fake user registrations.
My first attempts were (1) My Account registration anti-spam honeypot, (2) Checkout anti-carding-attack honeypot, and (3) Reducing the number of admin emails, but I can tell that (2) didn’t work, and I got another carding attack on a $9 product last weekend. Bots are smart.
Today, I’d like to share another anti-spam snippet that I’m currently testing on Business Bloomer. Most carding attacks, in fact, end up with the purchase of a single product in the $1-$9 range – which means that limiting the daily sales for specific, inexpensive, products may do the trick.
My code counts the times each product has been purchased during the day – and if a carding attack occurs, the product won’t be purchasable any longer until the end of the day. Because we’re talking about cheap products, it’s no problem for me to disallow legit sales as well for 24 hours. Use at your own risk, of course.
We already covered how to “Limit Sales Of A Product Per Day“, but this time I’d like to apply that to an array of products – and specifically all those that are under $10. Enjoy!
PHP Snippet: Limit Daily Sales For Products $1-$9 @ WooCommerce Checkout
Note: feel free to change the product price range (in the first line of the function I exclude products outside the $1-$9 price value), and the daily sales threshold (in the second-last line of the function I set this to max 3 sales).
/**
* @snippet Limit Sales To Avoid Carding Attacks @ WooCommerce
* @how-to Get CustomizeWoo.com FREE
* @author Rodolfo Melogli
* @compatible WooCommerce 8
* @community https://businessbloomer.com/club/
*/
add_filter( 'woocommerce_is_purchasable', 'bbloomer_not_purchasable_after_daily_limit', 9999, 2 );
function bbloomer_not_purchasable_after_daily_limit( $is_purchasable, $product ) {
// CONSIDER ONLY PRODUCTS IN THE $1-$9 RANGE
if ( $product->get_price() > 9 || $product->get_price() < 1 ) return $is_purchasable;
// GET TODAYS ORDERS AND COUNT PRODUCT SALES
$all_orders = wc_get_orders(
array(
'limit' => -1,
'date_created' => date( 'Y-m-d' ),
'return' => 'ids',
)
);
$count = array();
foreach ( $all_orders as $all_order ) {
$order = wc_get_order( $all_order );
$items = $order->get_items();
foreach ( $items as $item ) {
$product_id = $item->get_product_id();
if ( $product_id ) {
$count[$product_id] = isset( $count[$product_id] ) ? $count[$product_id] + absint( $item['qty'] ) : absint( $item['qty'] );
}
}
}
// LIMIT 3 DAILY SALES
if ( $count[$product->get_id()] >= 3 ) return false;
return $is_purchasable;
}
Hi Rodolfo,
We have been fighting Bot Orders as well lately, and I like this idea, but it does not work for our business case. We have over 11,000 sku’s with many varying price ranges. And for example we sale Fuel Line that most customers are going to purchase a quantity of 10 to 100 ft. at a time. And possibly several customers a day might make that purchase. So this would block these sales. Would their be a way instead of using the get order of Date created, utilizing a Time Created, so say orders in the last 5 minutes. And we wouldn’t have to set a dollar amount. That way the bot orders would atleast stop after 5 minutes and would have to attempt another item. They may get tired of this game and move onto easier pray. We realized the only way to stop these card testing hacks is to hide the item temporarily, but then they just move onto the next one. So aggravating and we are trying everything to avoid installing Recaptcha.
Hello Brooke, thanks so much for your comment! Yes, this is definitely possible, but I’m afraid it’s custom work. If you’d like to get a quote, feel free to contact me here. Thanks a lot for your understanding!