How to prevent spam and fake orders in WooCommerce

Spam can do a lot of damage to your website, especially to e-commerces. Regardless of the mechanism they use (software, scripts, tools), fake orders can cost a lot of money to your business and also affect your SEO ranking and credibility. Today we’re going to learn how to prevent spam in WooCommerce and we’ll have a look at the best security tools you should be using.

How to prevent spam in WooCommerce?

Basic anti-spam settings

First, let’s have a quick look at the basic anti-spam settings:

  • Switch off the “Anyone can register” option from the General settings section. This only affects the admin side, not the WooCommerce registration forms so you don’t have to worry about it.
  • Uncheck the option “Allow link notifications from other blogs (pingbacks and trackbacks) on new articles”.
  • Make sure you have to approve the comments before they’re published. You can use plugins like Disqus or enable the “Comment author must have a previously approved comment” option to avoid spammy comments.

Create a custom registration page that spam can’t recognize

The common target for spammers is the “https://yoursite.com/wp-login.php?action=register” page. If you create a different page for registration, it will be harder for spammers to get there.

Admin new user approval

With a plugin like Profile Press, you can manually approve new users from the dashboard or directly from your mail. It’s true that this adds another task to your process but if you have a niche business, it may make sense to do this anyway.

Use CAPTCHA

Nowadays, many stores use CAPTCHA to prevent spam in WooCommerce. Completely Automated Public Turing test to tell Computers and Humans Apart, also known as CAPTCHA, is software that requires the user to take certain action to get to the next step. This way, it protects websites against bots and makes sure that the visitor is a human being.

The most common example of this is when you have to select images that have certain figures, type a code or perform a mathematical operation. This makes the process slightly slower for the visitor but it’s a very good way to verify that there is a human behind the operation.

Install an anti-spam plugin

Some of the best security plugins out there to avoid spam in your store are:

Blocker

This plugin helps you prevent fake orders and keep fraudulent customers out of your website. Blocker allows you to refuse orders from a specific IP address, state, and zip code, and add them to a blacklist. When this happens, it will interrupt the checkout or account and the user will get a notification explaining why it has blocked the operation.

Akismet

Akismet is one of the most famous anti-spam plugins. It automatically filters the spam comments and checks it against a global database, protecting your website from malicious content. Once you activate this plugin, you’ll be prompted to get an Akismet.com API key to use. There are free keys for personal blogs and paid subscriptions for businesses and commercial sites.

Honeypot Contact Form 7

With this addition to Contact Form 7 users won’t have to put a Captcha but it still maintains the anti-spam functions against bots in forms and shopping carts. This way, it avoids false orders in your store.

No CAPTCHA reCAPTCHA

With No CAPTCHA reCAPTCHA, visitors will only need to click the checkbox in the reCAPTCHA tool that Google creates. The main difference with a CAPTCHA is that it doesn’t require typing numbers, answering questions or solving math problems.

NS8

NS8 protects WooCommerce from advertising fraud, order fraud, and performance issues. It scores every user, traffic and order, detects patterns and identifies the potential risk of fraud and spam.

It also monitors if:

  • SSL certificate is set to expire
  • Domain has been added to a spam list
  • Website is flagged for malware concerns
  • The site fails to load or your load performance drops against the global average.

Fake customer blocker

This is a security add-on for WooCommerce that helps you block emails, domains, new orders with errors or notices, and fake orders. It also lets you show the users why they can’t continue with their order customizing every message.

Limit attempts

This IP Address blocker is very effective to prevent spam in WooCommerce, helping you avoid brute force attacks, which are repeated attempts of access directed by some software that can damage your website. You can add and block IP addresses; hide login, register, lost password forms for blocked or blacklisted IPs and customize the error messages.

Anti-spam

This plugin automatically blocks spam in the comments section and needs no captcha. You can also convert spam comments in regular comments and it’s GDPR compliant so it doesn’t store unnecessary information about the visitors.

The anti-spam plugin uses an invisible js-captcha method based on the fact that bots don’t have javascript on their user-agents.

Gravity Forms Users

Users of Gravity Forms can go to Options and check “Enable anti-spam honeypot” because it’s disabled by default.

Call the customer

It may sound a bit invasive but if your products are services like assessments, ebooks, online courses, etc, you can call the customer and talk to them before the purchase to get to know their expectations and even give them tip or extra information about the product or service they’re interested in.

Some e-learnings like Open English use this method. Platforms like UpWork also call their candidates and interview them before accepting their profiles to prevent spam.

Verify the CVV code of the credit card

The CVV code is the 3 number code at the back of credit cards and it must match with the registered card. If it doesn’t, it can be a fraud. This is a very extended verification method because it’s simple and effective.

User email confirmation

You can use some tools or plugins so that the user must confirm their registration by clicking on a link sent to their email. Users who haven’t activated the account are pending and you can manually review and approve them. This is one of the safest methods because spammers don’t always get to that point.

Confirm before shipping

You can confirm via mail, text message or phone call with the client. It will be useful for you to prevent fake orders and you can use it as a gesture of responsibility with your customers.

Verify the address

You can also hire an Address Verification System (AVS). An AVS compares the billing address the user registered in the transaction with the address provided to the bank from the cardholder. Even though this isn’t a bulletproof measure, it helps a lot to collate the data and avoid losses.

If you prevent spam in WooCommerce, it will help you keep your website clean of irrelevant or potentially harmful content for both you and your users. Besides, if you avoid fake orders, emails, and registrations you can concentrate on what matters the most: growing your business. Need some help with that? Here you can have a look at some tips to optimize your online store!