One of our clients is a WooCommerce eCommerce store. As an online store, it was only natural for them to want to allow anyone to register as a user. However this has its drawbacks if not managed properly – spam bots take advantage of this and create fake users pretty much every single day. They do this in order to gain backlinks to their customers’ websites, or to virus-laden websites, or outright scam sites.
Though you may think, “Why not just leave them there?”, it’s a bad idea because:
- You risk being penalised by Google for linking to scam sites
- You risk damaging your brand if your customers click on said links
- Your database gets bloated with useless data, slowing down your website
- Your reports & demographics are affected since most of your users are fake
- You risk getting hacked (obviously)
Once the spam users pile up, it’s very hard to remove them perfectly. Sometimes it’s easy because (refer pic) the dumb names give it away. Most times it’s not so easy to identify them and you’d have to check one by one, referring to their email addresses or other ways to try to identify them manually. There’s no “spam email database” to refer to, and the email addresses are free Gmail/Yahoo/etc emails so they actually work, hampering bulk detection methods.
Moral of the story
Make sure you have proper antispam measures BEFORE you launch your WordPress WooCommerce website. It’s hard to clean up afterwards.