4 Ways to Prevent Spam Orders in WooCommerce

If you’re using the popular WooCommerce plugin to power your e-commerce store, you’re probably familiar with spam orders in WooCommerce. As an online store owner, you need to protect your store from spam orders because it negatively affects your site’s SEO and can potentially be costly to your business.

In this article, we’ll step through some of the ways you can prevent spam orders in WooCommerce and explain what you need to do. Before we begin, let’s take a quick look at how spam orders happen in WooCommerce.

How spam orders happen in WooCommerce

Spam orders in WooCommerce are typically high-value orders placed by bots or scripts. For example, a bot might add products worth hundreds or thousands in the cart when the average price per product in your store is around $50.

Another characteristic of spam order in WooCommerce is that the orders are placed without a new user account created. This is because automated bots are designed to add products to cart and place the order in the fewest number of steps.

Spam orders are also typically placed on e-commerce stores that have the Cash on Delivery option enabled. This allows the automated bots to place the order without providing any payment information such as a credit card number or PayPal address.

Now that we know what spam orders in WooCommerce are and their main characteristics, let’s take a look at some of the different ways you can prevent spam orders in your online store.

4 ways to prevent spam orders in WooCommerce

Here, we’ll step through four different ways to prevent spam orders in WooCommerce. For the best results, we recommend implementing all four spam-prevention methods.

#1: Configure basic WordPress anti-spam settings

The first thing you need to do is to make sure your WordPress anti-spam settings are configured properly. This is useful for preventing spam orders and registrations in WooCommerce, as well.

Go to Settings > General and make sure that the checkbox next to the Membership option for Anyone can register is unticked.

Anyone can register option

Next, head over to Settings > Discussion to configure your WordPress comments and moderation settings. These settings also impact your WooCommerce store.

WordPress discussion settings

Make sure the checkbox next to the Allow link notifications from other blogs (pingbacks and trackbacks) on new posts option is unticked. This will prevent any pingback spam you receive on your site.

Comment settings in WordPress

And, finally, make sure the Comment author must have a previously approved comment option under the Before a comment appears section is ticked.

#2: Add CAPTCHA to your WooCommere store

Automated bots randomly place orders on WooCommerce stores. Since they constantly change their IP address and email, you can’t use traditional methods to block the user from accessing your store or placing an order. That said, one way to prevent spam orders in WooCommerce is by adding a CAPTCHA on the account creation page.

The easiest way to do this is by using the Passster plugin. Once you have the plugin installed and activated on your WordPress website, follow these steps to add CAPTCHA to your store:

Head over to Settings > Passster from the WordPress admin panel. Click on the Addons tab and activate the CAPTCHA option.

Activate CAPTCHA option

Click the Save Changes button at the bottom of the screen to proceed.

Next, head over to the CAPTCHA tab and configure the following settings:

CAPTCHA settings screen in Passster plugin
  • Set a Captcha Code Length. This defines the length of the generated code i.e. the number of letters and numbers in the CAPTCHA image.
  • Set a Width and Height for the CAPTCHA image that will appear on your store’s front-end.
  • Choose a Background color for the CAPTCHA.
  • Decide how difficult you’d like to make the CAPTCHA by setting the Lines in background and Lines in front value. The CAPTCHA will be more difficult to read for higher values.

Click the Save Changes button to continue.

Once that’s done, go to the Shortcode tab and set the Protection Type option to Captcha using the dropdown. Once you click the Save Changes button, a shortcode will automatically be generated for you.

Preview of CAPTCHA protection on the front-end

You can add this to the account creation page or your shop page to restrict access to it.


Protect your entire website, entire pages, or just parts of your content with one or more passwords.

#3: Change the register page URL

The most common target for automated bots and spammers is the WooCommerce registration page. So, an easy way to prevent spam is by creating a different registration page or changing the URL of the register page.

Register page URL

If you choose to create a new registration page, simply add the [woocommerce_my_account] shortcode to it. Else, go to the Register page and change the URL from yoursite.com/register to something like yoursite.com/register-here or yoursite.com/user-registration.

#4: Install anti-spam plugins

A simple way to prevent spam on your site (including your WooCommerce store) is by using a WordPress anti-spam plugin like Akismet or Limit Attempts.


Akismet Anti-Spam plugin

Akismet Anti-Spam is one of the most popular anti-spam plugins for WordPress. It checks comments and contact form submissions on your site against its database of spam to prevent malicious content from being published.

Key features:

  • Automatically filters out spam comments.
  • Shows URLs in the comment body to reveal hidden (or misleading) links.
  • Discard feature automatically blocks the worst spam.

Limit Attempts

Limit Attempts plugin

Limit Attempts by BestWebSoft is an anti-spam plugin for WordPress that’s designed to protect your website from spam and brute force attacks. It does this by limiting the number of failed login attempts per user and blocking their IP for a period of time.

Key features:

  • Stops automated bots and scripts from generating combinations to hack your website.
  • Lets you manage blacklists and whitelists and hide website forms for marked IPs.
  • Considers incorrect CAPTCHA as a failed login attempt.

Wrapping up

The most effective way to prevent spam orders in WooCommerce is to put up as many defense measures as possible. This way, you can prevent automated bots, spammers, and scripts from placing bogus orders and potentially costing your business.

To recap:

  • Start by configuring basic WordPress anti-spam settings.
  • Add CAPTCHA to your WooCommerce store using Passster.
  • Change the register page URL or create a new registration page for customers.
  • Install anti-spam plugins like Akismet and Limit Attempts.


Protect your entire website, entire pages, or just parts of your content with one or more passwords.