Without safeguards, your WooCommerce website can become a target for spam users, who can be a real nuisance if left unchecked. Most of the time, these spam accounts are harmless, their sole intention being to spam your website. However, others set out to cause more damage than just spamming.
These automated bots can churn out thousands of fake accounts, often going undetected if preventative measures aren’t in place. If you have a new WooCommerce website, we will guide you through the steps to prevent spam users from registering. If your website has already been affected by spam users, we will also explore ways to delete all fake accounts.
Learn More
Preventing Spam Users
Combatting spam registrations in WooCommerce requires a two-pronged approach. First, consider disabling user registration unless a customer places an order. This ensures only real customers who have made a purchase can create an account.
Disabling guest checkout offers an extra layer of security, however, this could potentially impact sales. Some customers might be inconvenienced by the requirement to create an account. Ultimately, the decision hinges on your store’s specific needs and your risk tolerance for spam registrations.
Disabling Account Registrations in WooCommerce
To prevent users from registering for accounts on your WooCommerce store unless they make a purchase, follow these steps:
- Navigate to your WordPress dashboard.
- From the left-hand side menu, go to WooCommerce > Settings.
- Click on the Accounts & Privacy tab.
- Locate the section titled Account Creation.
- You’ll see three options:
- Allow customers to place orders without an account
(You can leave this ticked if you want to allow guest checkout.) - Allow customers to create an account during checkout
(Untick if you do not want customers creating an account at checkout) - Allow customers to create an account on the “My account” page
(Make sure you untick this option)
The most important step is to untick Allow customers to create an account on the “My account” page. This prevents users from registering without placing an order.
Additionally, implement reCAPTCHA to deter automated bots that create fake accounts.
Boost Security with Email Verification
While disabling account creation helps, consider adding another layer of protection: email verification. This process requires users to confirm their email address by clicking a link sent after registration. Unverified accounts are essentially useless, deterring fake registrations and improving data accuracy.
Many large online retailers use email verification. Unverified accounts are often deleted after a set period, ensuring a clean user base.
You can easily implement email verification in WooCommerce with plugins. A popular option is the “Customer Email Verification for WooCommerce” plugin. This plugin lets you automate or manually handle unverified accounts, giving you complete control over your user base.
Deleting Spam Accounts
If your WooCommerce website has been plagued by fake accounts, there are methods to clean things up. While manual deletion is an option for a small number of accounts, large-scale removal requires the help of plugins.
Here’s how to tackle this issue using two popular plugins:
Bulk Delete
Install the Bulk Delete plugin and follow these simple steps:
- Navigate to the WordPress admin panel and locate “Bulk Delete” in the left-hand navigation menu.
- Click on “Bulk Delete Users.”
- You’ll see two option boxes: “By User Role” and “By User Meta.” Choose “By User Meta” which is the second option.
- In the field labelled “Select the user meta from which you want to delete users,” enter “_order_count.”
- Next to the “Equals to” dropdown menu, select “0.”
- If you’re dealing with thousands of fake accounts, tick the box for “Only delete first X users.” Change the “X” value to a manageable number. A high number might cause the script to time out, so experiment to find a suitable limit.
- Finally, click “Bulk Delete.”
WP Bulk Delete
For a more advanced solution with detailed instructions, consider the premium plugin WP Bulk Delete. This plugin offers a comprehensive guide on deleting users based on order count.
Advanced Options
Advanced users familiar with SQL and phpMyAdmin can use the following query to swiftly remove inactive or fake accounts.
This query deletes all users lacking orders or posts, effectively cleaning your WooCommerce store. However, caution is crucial. Always back up your database before running the query. Ideally, test it on a staging website first to understand its effects. Only proceed if you’re confident in your SQL knowledge and its impact.
The query below assumes your database prefix is wp_
. If your prefix is different, replace wp_
with your actual prefix.
-- Delete users with no orders or posts
DELETE FROM wp_users
WHERE wp_users.ID NOT IN (
SELECT meta_value
FROM wp_postmeta
WHERE meta_key = '_customer_user'
)
AND wp_users.ID NOT IN (
SELECT DISTINCT(post_author)
FROM wp_posts
);
-- Delete usermeta records for users that no longer exist in wp_users
DELETE FROM wp_usermeta
WHERE wp_usermeta.user_id NOT IN (
SELECT ID
FROM wp_users
);
If you’re dealing with thousands of fake accounts, limiting the query to process users in batches (e.g., 500 at a time) can help avoid timeouts. Adjust this number as needed based on your system’s capabilities.
-- Delete users with no orders or posts
DELETE FROM wp_users
WHERE wp_users.ID NOT IN (
SELECT meta_value
FROM wp_postmeta
WHERE meta_key = '_customer_user'
LIMIT 500
)
AND wp_users.ID NOT IN (
SELECT DISTINCT(post_author)
FROM wp_posts
LIMIT 500
);
-- Delete usermeta records for users that no longer exist in wp_users
DELETE FROM wp_usermeta
WHERE wp_usermeta.user_id NOT IN (
SELECT ID
FROM wp_users
LIMIT 500
);
Contributed Solutions
Many WooCommerce stores face the issue of amassing thousands of spam and fake user accounts over time. Contributors facing the same challenges have posted solutions on StackOverflow, including simple but effective PHP scripts to safely delete these non-ordering accounts in bulk without the need of you having to manually run queries.
This particular script allows deleting all spam/fake accounts with no orders in one go. An expanded version processes them in batches for larger datasets.
If you need help deleting fake accounts, contact us, we can help.