If you are a Woocommerce store owner, then as the popularity (traffic) of your site grows, you will definitely face the problem of unwanted registrations (spam/bot) that make it difficult to keep your user database clean and up-to-date. In this article, I will describe all the methods to fight spam registrations on the WooCommerce platform. I will describe the pros and cons of known traditional methods and give you a ready and effective solution.
When it comes to fighting spam registrations in WooCommerce, it’s important to use effective methods to ensure a clean user database. Here are some popular strategies you can use:
- CAPTCHA/reCAPTCHA. Integrate CAPTCHA or reCAPTCHA into the registration process. This helps separate human users from automated bots, making it harder for spammers to create fake accounts.
- Email Confirmation/Moderation for new users. Implement moderation and email confirmation for new registrations. Users should receive a confirmation link to their email, and their accounts should only be activated after clicking this link and being approved by the site administrator. This ensures that only valid email addresses are used for registrations.
- Bot Traps (Honeypot). Enable hidden fields in the registration form that are invisible to users but detectable to bots. Legitimate users will not fill in these fields, while bots can interact with them, which helps identify and block spam registrations.
- Update and Support. Keep your WooCommerce store and all related plugins up to date. The developers regularly release updates to address security issues, including those related to spam and fake registrations.
Pros and cons of each method
Captcha
I don’t like to use Captcha on client sites as it significantly affects the loading speed of the site. Yes, you can add reCaptcha to delayed loading, but this method doesn’t work for Captcha V3. You can use Captcha V2 with delayed loading, but it’s a pain in the ass for regular users.
That’s why I recommend using the CleanTalk plugin. It costs $8 a year, it is absolutely no annoying for regular users, and it doesn’t slow down the loading speed of the site. The developers of this service guarantee 100% protection in the fight against spam. I don’t quite believe in these values, but 99.99% they can definitely provide.
Email Confirmation/Moderation
This is a working method, but if you have a lot of fake registrations, emails, verifications and confirmations take a lot of nerve and time. That’s why I don’t use this option.
Bot Traps or Honeypot
My favorite method that I use on almost every client site. It is very simple and blocks 99% of automatic registrations on your Woocommerce site.
To apply it, you need to add the code to your site’s functions.php (child):
/**
* Honeypot WooCommerce My Account Registration
*/
add_action( 'woocommerce_register_form', 'bs_register_form_honeypot', 9999 );
function bs_register_form_honeypot() {
echo '<p style="opacity: 0; position: absolute; top: 0; left: 0; height: 0; width: 20px; z-index: -1;"><input type="text" name="bb_reg_hp" value="" tabindex="-1" autocomplete="off"></p>';
}
add_filter( 'woocommerce_registration_errors', 'bs_register_form_honeypot_check', 9999, 3 );
function bs_register_form_honeypot_check( $errors, $username, $email ) {
if ( isset( $_POST['bb_reg_hp'] ) && ! empty( $_POST['bb_reg_hp'] ) ) {
$errors->add( 'registration-error-invalid-honeypot', 'Error. Sorry, our system flagged this registration attempt as non-human.' );
}
return $errors;
}How the honeypot spam blocking technique works. Explanation of the code.
add_action( ‘woocommerce_register_form’, ‘bs_register_form_honeypot’, 9999 );
This line of code adds a field to the WooCommerce registration form. The bs_register_form_honeypot function will be called when the form is rendered, and it inserts a hidden field intended to detect bots.
function bs_register_form_honeypot() {…}
This function creates a “honeypot” field that is invisible to users but can be filled in by bots. This field is called bb_reg_hp, and it is added to the registration form. This is one strategy to detect automated registration attempts.
add_filter( ‘woocommerce_registration_errors’, ‘bs_register_form_honeypot_check’, 9999, 3 );
This line adds a filter to check for errors in the registration process. The bs_register_form_honeypot_check function will be called to check if there is data in the bb_reg_hp field and, if found, add a registration error.
function bs_register_form_honeypot_check( $errors, $username, $email ) {…}
This function checks if there is data in the bb_reg_hp field. If the honeypot field is filled, it adds an error with the text ‘Error. Sorry, our system flagged this registration attempt as non-human.’ to the error array.
Conclusion:
Remember that no single protection method guarantees absolute protection. Effective protection against spam registrations in WooCommerce is achieved through a combination of different methods that provide complex and reliable protection for your online store. I recommend using a combination of CleanTalk and Honeypot methods.
Write in the comments your methods of fighting unwanted subscriptions in WordPress sites. Thanks for your attention.
Recommended email address blacklist verification services with up-to-date databases:
https://cleantalk.org/blacklists
https://dnschecker.org/ip-blacklist-checker.php
https://www.mailgenius.com/blacklist-checker/
Leave a Reply