Search code examples
phpwordpresssecuritywoocommercexml-rpc

Stop registration from bots for a specific web domain in WooCommerce

I work for https://www.gloriblends(dot)com. We keep getting a bunch of "customer" sign-ups under the same email {random number}@bigg.pw. I heard about having an invisible radio button that if clicked, they cannot sign-up. I do not know exactly how to do that or what plugin to use. It is getting annoying, just today we had 25 sign-ups with this bigg.pw

I have tried a few plugins to help with spam, but they do not seem to work with Woocommerce. Only seem to work for WordPress

 There is no actual code to show, but to fix this code might be needed.

I just want it so when these fake emails, not just bigg.pw, sign-up they are denied because they are clearly spam, not real...

Solution

  • First you can reject customer registration on all emails ending with @bigg.pw with the following…

    1) On account registration:

    // Reject account registration for emails ending with: "@bigg.pw"
add_action( 'woocommerce_register_post', 'reject_specific_emails_on_registration', 10, 3 );
function reject_specific_emails_on_registration( $username, $email, $validation_errors ) {
    if ( strpos($email, '@bigg.pw') !== false ) {
        $validation_errors->add( 'registration-error-invalid-email',
        __( 'Your email address is not valid, check your input please.', 'woocommerce' ) );
    }
    return $validation_errors;
}

    2) On checkout registration:

    // Reject checkout registration for emails ending with: "@bigg.pw"
add_action( 'woocommerce_after_checkout_validation', 'reject_specific_emails_checkout_validation', 10, 3 );
function reject_specific_emails_checkout_validation( $data, $errors ) {
    if ( isset($data['billing_email']) && strpos($data['billing_email'], '@bigg.pw') !== false ) {
        $errors->add( 'validation', __( 'Your email address is not valid, check your input please.', 'woocommerce' ) );
    }
    return $validation_errors;
}

    Code goes in function.php file of your active child theme (or active theme). Tested and works.

    On both cases the following error message will be displayed, stopping registration.

    enter image description here

    Important note:

    A lot of hacking bots and undesired visits comes through XMLRPC API… If you are not using it, you can just disable it completely. This will radically reduce spam and hacking intents.

    To disable it easily you can use for example Disable XML-RPC plugin.

    You should also enable a security plugin, as Wordfence, Sucuri Security, Jetpack or many other more… This will also allow to scan you Wordpress installation, reducing possible security breaches and stopping hacking intents.

    E-commerce sites are very sensitive and attract hackers like flies on honey.