Spam Orders
Automated bots and the spam that they create are just part of doing business online. In addition to spam emails, you may also receive support requests and orders in bulk from automated bots.
Many methods exist both within and external to WHMCS to help you with this problem.
Firewalls
A responsive firewall that can quickly identify undesirable traffic and block it from your website entirely. This is the most effective method and will not have any impact on your legitimate customers.
We do not endorse any particular firewall service. However, the following list includes some of the most popular choices:
Invisible reCAPTCHA
Invisible reCAPTCHA helps block orders from automated bots while allowing the majority of customers to place orders without any interruption. If reCAPTCHA detects a potential issue, it may require the user to complete an image identification pattern before placing the order.
To use this, enable Invisible reCAPTCHA in the Security tab at Configuration () > System Settings > General Settings. When you do this, make sure to check Shopping Card Checkout under reCAPTCHA for Select Forms.
For more information, see Security and Google® reCAPTCHA.
Banned Email Domains
If you are receiving multiple orders from different email addresses on the same domain, you can block them at Configuration () > System Settings > Banned Emails.
Unnecessary Forms
Spam bots often target automated forms in order to create more spam. We recommend disabling any WHMCS forms that you do not specifically need:
- Disable Allow Client Registration in the Other tab at Configuration () > System Settings > General Settings.
- Use a support department for sales inquiries. To do this, select the desired department for Presales Form Destination in the Mail tab at Configuration () > System Settings > General Settings.
- Check Clients Only for all support departments at Configuration () > System Settings > Support Departments that do not need to be client-facing.
Custom Client Fields
You can add a manual question that a human can easily understand and answer using a custom client field at Configuration () > System Settings > Custom Client Fields.
Use the following configuration:
| Field Name | Are you human? |
| Field Type | Text Box |
| Description | To help prevent automated submissions, answer "YES". |
| Validation | /[Y]+[E]+[S]/ |
| Required Field | Yes |
| Show on Order Form | Yes |
Automatically detect fraudulent orders
If an order still passes through these preventative measures, the MaxMind module in WHMCS can automatically cancel orders from spam bots before payment. This will ensure they aren’t able to make a fraudulent payment.
You can configure this at Configuration () > System Settings > Fraud Protection.
Last modified: June 14, 2024