Stop registration from bots for a specific web domain in WooCommerce

Question

I work for https://www.gloriblends(dot)com. We keep getting a bunch of "customer" sign-ups under the same email {random number}@bigg.pw. I heard about having an invisible radio button that if clicked, they cannot sign-up. I do not know exactly how to do that or what plugin to use. It is getting annoying, just today we had 25 sign-ups with this bigg.pw

I have tried a few plugins to help with spam, but they do not seem to work with Woocommerce. Only seem to work for WordPress

 There is no actual code to show, but to fix this code might be needed. 

I just want it so when these fake emails, not just bigg.pw, sign-up they are denied because they are clearly spam, not real...

Answer 1

You may try to add multiple email domains to the code snippet, you can use an array to store all the domains you want to reject and then loop through that array to check if the email entered by the user ends with any of those domains. Here’s an updated version of your code that includes this functionality:

// Reject checkout registration for emails ending with specific domains add_action( 'woocommerce_after_checkout_validation', 'reject_specific_emails_checkout_validation', 10, 2 ); function reject_specific_emails_checkout_validation( $data, $errors ) { // Array of email domains to reject $blocked_domains = array('@bigg.pw', '@example.com', '@anotherdomain.com'); // Add more domains as needed

if ( isset($data['billing_email']) ) {
    foreach ( $blocked_domains as $domain ) {
        if ( strpos($data['billing_email'], $domain) !== false ) {
            $errors->add( 'validation', __( 'Your email address is not valid, check your input please.', 'woocommerce' ) );
            break; // Stop the loop if a match is found
        }
    }
}

}

In this updated code, $blocked_domains is an array containing all the domains you want to reject. The foreach loop iterates over each domain in this array and checks if the user’s email ($data['billing_email']) ends with the current domain. If a match is found, an error is added to the $errors object, and the loop is stopped using break to prevent unnecessary checks after a match is found.

Remember to replace '@example.com' and '@anotherdomain.com' with the actual domains you want to block.

Answer 2

First you can reject customer registration on all emails ending with @bigg.pw with the following…

1) On account registration:

// Reject account registration for emails ending with: "@bigg.pw"
add_action( 'woocommerce_register_post', 'reject_specific_emails_on_registration', 10, 3 );
function reject_specific_emails_on_registration( $username, $email, $validation_errors ) {
    if ( strpos($email, '@bigg.pw') !== false ) {
        $validation_errors->add( 'registration-error-invalid-email',
        __( 'Your email address is not valid, check your input please.', 'woocommerce' ) );
    }
    return $validation_errors;
}

2) On checkout registration:

// Reject checkout registration for emails ending with: "@bigg.pw"
add_action( 'woocommerce_after_checkout_validation', 'reject_specific_emails_checkout_validation', 10, 3 );
function reject_specific_emails_checkout_validation( $data, $errors ) {
    if ( isset($data['billing_email']) && strpos($data['billing_email'], '@bigg.pw') !== false ) {
        $errors->add( 'validation', __( 'Your email address is not valid, check your input please.', 'woocommerce' ) );
    }
    return $validation_errors;
}

Code goes in function.php file of your active child theme (or active theme). Tested and works.

On both cases the following error message will be displayed, stopping registration.

Important note:

A lot of hacking bots and undesired visits comes through XMLRPC API… If you are not using it, you can just disable it completely. This will radically reduce spam and hacking intents.

To disable it easily you can use for example Disable XML-RPC plugin.

You should also enable a security plugin, as Wordfence, Sucuri Security, Jetpack or many other more… This will also allow to scan you Wordpress installation, reducing possible security breaches and stopping hacking intents.

E-commerce sites are very sensitive and attract hackers like flies on honey.