How to stop and delete bots accounts on WooCommerce site?!

Started by Dom, Aug 30, 2024, 07:10 AM

Previous topic - Next topic

Dom

Hey folks! 😊

My WooCommerce site is getting constantly bogged down by bots creating pointless accounts. I'm talking about 16,000 fake accounts! 😱 I suspect they're doing some vulnerability testing and trying to find weaknesses to hack the site. It's driving me nuts!

Going through these accounts manually to delete them just isn't an option. My finger would fall off from all the clicking... plus it would be all pointless because they would simply just make more! Has anyone else faced this issue and found a solution to delete these accounts that haven't made any actual orders? Any help would be a lifesaver! Thanks in advance! 🙏

tech_wiz

Hey mate! 😊

Ugh, bots are the absolute worst 🤪!!!

Here's a nifty SQL query to zap those bots (first make sure to BACKUP your database):

DELETE FROM wp_users
WHERE ID NOT IN (
    SELECT DISTINCT user_id
    FROM wp_usermeta
    WHERE meta_key = '_last_order' AND meta_value IS NOT NULL
)
AND ID NOT IN (
    SELECT DISTINCT user_id
    FROM wp_usermeta
    WHERE meta_key = 'wp_capabilities'
    AND (
        meta_value LIKE '%administrator%'
        OR meta_value LIKE '%editor%'
        OR meta_value LIKE '%author%'
        OR meta_value LIKE '%publisher%'
    )
);

**Remember to add in the roles in the code that need protecting.**

Bot Prevention: Install a plugin that adds a CAPTCHA to your registration form like Wordfence (Free version includes recapatcha for woocommerce forms). Bots hate those!
And remember, always back up before you go all delete-happy! 😂 Good luck!

Bill90

First, install a good security plugin to prevent bots from registering in the first place.

For the accounts already on your site, you can use a combination of plugins and some manual SQL queries. Here's one I've used:

DELETE u, um
FROM wp_users u
LEFT JOIN wp_usermeta um ON u.ID = um.user_id
LEFT JOIN wp_wc_order_stats os ON u.ID = os.customer_id
WHERE os.customer_id IS NULL;

This deletes users and their metadata if they haven't made any orders. Once again, always back up your database before executing such queries! 📦

Cheers and good luck! 🍻

Jack

Hey there! 😎

This sounds like a classic case of bot attack. Been there, done that! First off, I highly recommend setting up reCAPTCHA on your registration forms to keep those pesky bots out. As for cleaning up, here's a more aggressive approach:

Backup your database (always!).
Use a scheduled task to routinely clean up inactive users.
You can use WP-CLI to script this. Here's a quick command to delete users with no orders:

wp user list --role=customer --meta_key=_last_order_date --meta_compare=NOT EXISTS | awk '{print $1}' | xargs wp user delete --reassign=1
This script lists all users without the _last_order_date meta key and deletes them, reassigning their posts to user ID 1.

JamesH

Hey mate! 👋

I totally get your frustration. Dealing with bots is the worst! You should definitely try using a plugin that can help you manage and clean up user accounts. There are a few plugins out there designed specifically for this purpose.  WP Bulk Delete Pro version allows you to do this. It allows you to filter and delete users based on their roles and activity including if they have made an order or not.

Another option is to write a custom script to handle this. Here's a little snippet to get you started:

function delete_inactive_users() {
    $args = array(
        'role'    => 'customer',
        'number'  => -1,
        'meta_query' => array(
            array(
                'key'     => '_last_order_date',
                'value'   => '',
                'compare' => 'NOT EXISTS'
            )
        )
    );

    $user_query = new WP_User_Query($args);

    if (!empty($user_query->results)) {
        foreach ($user_query->results as $user) {
            wp_delete_user($user->ID);
        }
    }
}

add_action('admin_init', 'delete_inactive_users');

This script will delete all users with the role of 'customer' who haven't made any orders. Throw this into your theme's functions.php file or create a simple plugin with it. Then once it has deleted the accounts delete the function to otherwise it might just delete customers accounts before they are able to make an order.

Good luck! 🤞