CCOM_

Stop bots creating draft orders

A common issue with WooCommerce stores running PayPal. Prevent bots from executing card guessing attacks that leave hundreds of draft orders.

Change _my_special_cookie to a cookie that loads on your site, such as Google Analytics, Cloudflare, etc. Beware that the bots can simulate cookies too, so expect to review your setting periodically.

add_action( 'init', function() {

	// Target URIs
	$endpoints = [
		'/?wc-ajax=checkout',
		'/?wc-ajax=ppc-approve-order',
		'/?wc-ajax=ppc-create-order',
		'/?wc-ajax=ppc-data-client-id',
		'/?wc-ajax=update_order_review',
		'/checkout',
		'/checkout/',
		'/wp-json/wc/store/cart',
		'/wp-json/wc/store/checkout',
	];
	if( empty( $_SERVER['REQUEST_URI'] ) || in_array( $_SERVER['REQUEST_URI'], $endpoints ) ) {

		// Require A Global Site Cookie
		if( ! is_array( $_COOKIE ) || ! array_key_exists( '_my_special_cookie', $_COOKIE ) ) {
			wp_die( 'Suspicious activity detected.' );
		}
	}

}, 10 );

Instructions for Stop bots creating draft orders

  1. Log into a staging or locally hosted clone of your site.
  2. Install and activate Code Snippets plugin.
  3. WP Admin > Snippets > Add New
  4. Copy and paste the code from the section above.
  5. Check to ensure formatting came over properly.
  6. Customize the code as desired.
  7. Add a meaningful title.
  8. Select whether to run on front-end or back-end (or both).
  9. Click “Save and Activate”.
  10. Test your site to ensure it works.
  11. Disable if any problems, or recover.
  12. Repeat for live environment.

Need help modifying Stop bots creating draft orders?

Contact me. I can help with fitting projects or refer to my partner.

Email Sean

Related posts:

  1. Checkout
  2. Remote site pending order to main site subscription
  3. QualPay Checkout payment gateway
  4. Shopping cart
  5. Zendesk contact form and integration
  6. Function to copy a WooCommerce order

License

All code snippets are licensed GPLv2 (or later) matching WordPress licensing.

Except when otherwise stated in writing the copyright holders and/or other parties provide the program as-is without warranty of any kind, either expressed or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose.

Disclaimer of warranty
Return to WooCommerce code snippets