How to prevent spam and fake orders in WooCommerce in 2020

Spam can do a lot of damage to your website, especially to e-commerces. Regardless of the security mechanisms you use (software, scripts, tools), fake orders can cost a lot of money to your business and also affect your SEO ranking and credibility. Today, we’ll show you how to prevent spam and fake orders in WooCommerce and we’ll have a look at the best security tools you should be using.

How to prevent spam in WooCommerce?

Basic anti-spam settings

First, let’s have a quick look at the basic anti-spam settings:

  • Switch off the Anyone can register option from the General settings section. Please note that this only affects the admin side, not the WooCommerce registration forms.
  • Uncheck the option Allow link notifications from other blogs (pingbacks and trackbacks) on new articles.
  • Make sure you have to approve the comments before they’re published. You can use plugins like Disqus or enable the Comment author must have a previously approved comment option to avoid spammy comments.

After you make sure you have those basic anti-spam settings in place, you can set other security measures.

Create a custom registration page that spam can’t recognize

The common target for spammers is the “” page. If you create a different page for registration, it will be harder for spammers to find it.

Admin new user approval

With a plugin like Profile Press, you can manually approve new users from the dashboard or directly from your mail. Even though this adds another task to your process, if you have a small business and you want to have more control over your users, it may make sense to do it.


Nowadays, many stores use CAPTCHA to prevent spam in WooCommerce. Completely Automated Public Turing test to tell Computers and Humans Apart, also known as CAPTCHA, is software that requires the user to take certain action to get to the next step. This way, it protects websites against bots and makes sure that the visitor is a human being.

The most common example of this is when you have to select images that have certain figures, type an alphanumerical code, or perform a mathematical operation. This makes the process slightly slower for the visitor but it’s a very good way to verify that there is a human behind the operation.

Install an anti-spam plugin

Some of the best security plugins out there to avoid spam in your WooCommerce store are:


This tool helps you prevent fake orders and keep fraudulent customers out of your shop. Blocker allows you to refuse orders from a specific IP address, state, and zip code, and add them to a blacklist. When this happens, it will interrupt the checkout or account and the user will get a notification explaining why the operation was blocked.


Akismet is one of the most famous anti-spam plugins. It automatically filters the spam comments and checks it against a global database, protecting your website from malicious content. Once you activate it, you’ll be prompted to get an API key to use. There are free keys for personal blogs and paid subscriptions for businesses and commercial sites.

Honeypot Contact Form 7

With this addition to Contact Form 7, users won’t have to put a CAPTCHA but it still maintains the anti-spam functions against bots in forms and shopping carts. This way, it avoids false orders in your store.


With No CAPTCHA reCAPTCHA, visitors will only need to click the checkbox in the reCAPTCHA tool that Google creates to make sure they’re not robots. The main difference with a CAPTCHA is that it doesn’t require typing numbers, answering questions, or solving math problems.


NS8 protects WooCommerce sites from advertising fraud, order fraud, and performance issues. It scores every user, traffic and order, detects patterns, and identifies the potential risk of fraud and spam.

It also monitors if:

  • SSL certificate is set to expire
  • Domain has been added to a spam list
  • Website is flagged for malware concerns
  • The site fails to load or your load performance drops against the global average.

Fake customer blocker

This is a security add-on for WooCommerce that helps you block emails, domains, new orders with errors or notices, and fake orders. It also lets you inform the users why they can’t continue with their orders and customize every message.

Limit attempts

This IP Address blocker is very effective to prevent spam in WooCommerce. It helps you avoid brute force attacks, which are repeated attempts of access directed by some software that can damage your website. You can add and block IP addresses; hide login, register lost password forms for blocked or blacklisted IPs, and customize the error messages.


This plugin automatically blocks spam in the comments section and needs no CAPTCHA. You can also convert spam comments in regular comments. Additionally, it’s GDPR compliant so it doesn’t store unnecessary information about the visitors.

The anti-spam plugin uses an invisible js-captcha method based on the fact that bots don’t have javascript on their user-agents.

Gravity Forms Users

If you’re a user of Gravity Forms, we recommend you go to the Options section and activate Enable anti-spam honeypot because it’s disabled by default.

Call the customer

It may sound a bit invasive but if your products are services like assessments, ebooks, or online courses, for example, calling the customer and talking to them before the purchase can be a smart option. This way, you’ll get to know their expectations and even give them tips or extra information about the product or service they’re interested in.

Some e-learnings like Open English use this method. Platforms like UpWork also call their candidates and interview them before accepting their profiles to prevent spam.

Verify the CVV code of the credit card

The CVV code is the 3 number code at the back of credit cards and it must match with the registered card. If it doesn’t, it can be a fraud. This is a very extended verification method because it’s simple and effective.

User email confirmation

Another way to prevent spam in WooCommerce is to use some plugins so that the user must confirm their registration by clicking on a link sent to their email. Users who haven’t activated their accounts are pending and you can manually review and approve them. This is one of the safest methods because spammers don’t always get to that point.

Confirm before shipping

You can confirm all the order details via mail, text message, or phone call with the client. This will help you prevent fake orders in WooCommerce and you can use it as a gesture of responsibility with your customers.

Verify the address

You can also hire an Address Verification System (AVS). An AVS compares the billing address the user registered in the transaction with the address provided to the bank from the cardholder. Even though this isn’t a bulletproof measure, it helps a lot to collate the data and avoid losses.

Conclusion: Prevent spam and fake orders in WooCommerce

If you prevent spam in WooCommerce, it will help you keep your website clean of irrelevant or potentially harmful content for both you and your users. Besides, if you avoid fake orders, emails, and registrations you can concentrate on what matters the most: growing your business. Need some help with that? Here you can have a look at some tips to optimize your online store!