FAKE USERS ARE BEING REGISTERED EVERY DAY

lortnok

bots, fake accounts are saturating the customer list because new accounts are registered daily. Never a transaction and random email addresses so they are for sure not belong to real people. How to fix this so it is a tiny bit harder to register at the website? I have captcha and honeypot on my custom contact form and that works well, we need a solution for account registration, too to prevent spamming.

arminunruh

oh! where can people register? do you have a website url for me?

lortnok

@arminunruh https://56hrs.com/shop/

arminunruh

hmm not sure, i would just try to use anti spam plugins. like akismet
i mean even here on the forum i use 2 antispam plugins, but sometimes spam accounts still manage to register. im not sure if it can ever be 100% be solved

lortnok

@arminunruh i do use them. But how can I integrate it when it comes to creating new accounts with woocommerce? Since I don’t edit the account related pages directly. I think this is a very important security feature for a webshop since these customers are also being created at the gateway side. I contacted the gateway they said this is a security issue of the website.

arminunruh

what do you mean with gateway? you mean payment gateway? which payment methods do you use?

do you mind sending me your wp-admin login, you could also just create a new admin user just for me.

i want to see which anti spam plugin you use and if it works correctly with lay theme

Can you please send:

• a link to this forum topic
• your website address
• /wp-admin/ username and password
  to: info@laytheme.com

lortnok

apologies for not getting back, life happened. It is still a problem, when I have a bit of time I will try to give more info/ login credentials! I use stripe and I got in touch with their customer support because I have also seen fake customers created on the stripe account, but that was because it is linked to Woocommerce.
They told me it is a security problem of the theme, that is why I contacted you.
I think we need a captcha or something to prevent bots creating new accounts. I cannot simply put a captcha on the account creation page I believe. I have captcha on the contact form.

arminunruh

hey so i think the way to do this is to use a wordpress plugin. this is what i found out asking gemini:

Yes, there are several highly effective plugins specifically designed to block bot registrations in WooCommerce. Because bots have become more sophisticated, the most successful strategy in 2026 is usually a multi-layered approach rather than a single setting.

Here are the best plugin options categorized by how they handle the problem:

1. The "Invisible" Leaders (Best User Experience)

These plugins stop bots without making your real customers solve frustrating puzzles.

• Simple Cloudflare Turnstile: This is currently one of the most popular alternatives to reCAPTCHA. it uses a smart, non-interactive challenge that is invisible to most users but stops bots cold. It is privacy-friendly and integrates directly with the WooCommerce registration and checkout pages.
• WP Armour (Honeypot): This plugin adds a "honeypot" (a hidden field) to your registration form. Only bots can see/fill it; if the field is filled, the registration is instantly blocked. It is extremely lightweight and requires zero configuration.
• Zero Spam for WordPress: Uses JavaScript-based validation. Since most basic bots don't "render" JavaScript like a human browser does, they fail the check automatically.

2. Comprehensive Anti-Spam Suites

If you want an "all-in-one" shield for your entire site (comments, registrations, and contact forms):

• CleanTalk (Premium): A cloud-based service that checks registration data against a massive database of known spammers in real-time. It is incredibly effective for high-traffic stores and requires no CAPTCHAs.
• Akismet Anti-Spam: Developed by Automattic (the people behind WordPress). While famous for comment spam, it is also very effective at filtering fake user accounts.
• WP Cerber Security: A powerful security suite that includes specialized bot detection for WooCommerce. It can also track IP addresses and automatically block them if they attempt too many registrations.

3. Verification & Approval (The "Hard" Stop)

If bots are still getting through, these plugins add a manual or automated "ID check."

• New User Approve: This puts every new registration into a "Pending" queue. You must manually approve them before they can log in. This is 100% effective but can be slow for stores with high volume.
• Email Verification for WooCommerce: This forces users to click a link in their email before their account is activated. This stops the "mass-creation" of accounts that use fake or non-existent email addresses.

---

Comparison Table: Which one should you choose?

Plugin	Complexity	User Friction	Best For
Cloudflare Turnstile	Low	None	Most stores (Modern & Fast)
WP Armour	Zero	None	Simple, lightweight protection
CleanTalk	Low	None	High-volume stores (Paid)
hCaptcha	Medium	Low/Med	High-security/Privacy focus
New User Approve	Low	High	B2B or "Exclusive" stores

Pro-Tip for WooCommerce Settings

Before installing a plugin, check your WooCommerce > Settings > Accounts & Privacy.

• Disable "Allow customers to create an account on the 'My Account' page" if you only want people to register during the actual checkout process. This removes the main target page that bots use.
• Enable "Automatically generate customer password" to prevent bots from testing their own weak passwords on your site.

Would you like me to walk you through the setup for a specific plugin, like Cloudflare Turnstile or WP Armour?