WooCommerce: How to Blacklist Scammers, Emails, IP, Phones?

A WooCommerce email notifications pops up – yet another new order, money, revenue, happiness. However, hold on a second – money is not technically in your bank account until you’re forced to give a refund. Even worse, until you realize not only you had to give a refund, but also getting the item back costs you a fortune. And who knows how many times this is going to happen, mostly when you ship physical products.

Fortunately, there are ways in WooCommerce to blacklist customers, deny purchasing from specific countries, block certain IP addresses and do whatever you can to save money.

In the era of Amazon and online shopping we constantly hear of scams and frauds, so this is definitely a topic that shouldn’t be underestimated. A small plugin investment or a few lines of code could actually make a big difference.

Besides, choosing the correct online payment methods (which should give you some sort of anti-fraud out of the box) and avoiding offline payments (bank transfer, cash on delivery, check) are important measures you should already have in place.

So, moving beyond the actual online payments, there is something else we could do to stop scammers placing an order (yes, even before paying or trying to pay). Prevention is better (and more affordable) than cure, right?

I’ve put together a list of WooCommerce plugins and settings you should look into from today on. And sooner rather than later. Enjoy 🙂

1. Blacklist Countries

I already talked about payment gateways, but once again that’s too late in your ecommerce funnel to stop scammers. You should try to completely deny placing an order.

The easiest anti-fraud system, probably, is to limit the “countries you sell to” and the “countries you ship to”. I understand fraud doesn’t usually depend on the billing country, but based on your personal experience with past orders you could create a blacklist made of countries.

So, just go to WordPress Dashboard > WooCommerce > Settings and select “Sell to all countries, except…” and “Ship to all countries you sell to” (see screenshot – nothing wrong with the Aland Islands, Antarctica and Aruba – this is only an example). In this way you can immediately exclude orders from those billing/shipping countries.

How to blacklist countries and deny checking out in WooCommerce

2. Blacklist Specific Addresses

You might want to disable shipping or even selling to “PO Box” addresses i.e. the post office boxes, as opposed to a physical home/business address. This is a good example to explain what I mean by “blacklisting certain addresses”.

Of course there is a snippet for that on this website: https://businessbloomer.com/woocommerce-disallow-shipping-to-po-box/ – this checks if the shipping address fields contain “pobox” and if yes it denies checkout and show an error message.

Easy peasy!

3. Blacklist Specific Content in the Checkout Fields and Blacklist IP addresses

In the same way you can check if an address contains “pobox” (with the snippet above), you could re-adapt and customize the code to blacklist certain content inside other checkout fields.

For example, you could deny checkout to:

  • certain zip code ranges
  • email addresses that contain “hotmail
  • phone numbers that start with “0039” (sorry, Italy)
  • …or whatever is entered inside a checkout field, as that is what the PO Box snippet does

This is if you have coding skills of course. If not, thankfully there’s a plugin for that.

The Blacklister for WooCommerce plugin is developed and supported by Aelia, that you’d probably know thanks to their flagship WooCommerce multi-currency plugin. This plugin allows you to blacklist names, addresses, phone numbers and email addresses using exact matches or regular expressions. And together with offering great support, this also allows you to blacklist IP addresses, using exact matches or IP ranges.

Blacklisting email addresses and IPs via the Aelia plugin

4. WooCommerce Anti-Fraud

And then there is another way to avoid frauds. This time, some sort of intelligence assigns a “coefficient of risk” to each order, and if this is above your threshold it immediately blocks the order and puts it on hold.

Quite smart.

It would be too complex to achieve this with a short snippet, so I’m here introducing you to YITH WooCommerce Anti-Fraud plugin. You know I’m a YITH customer, so of course I’m not promoting products that I don’t use or support teams that I believe are not skilled.

So, there you go – here’s all you can do out of the box with a little investment:

  • Set risky conditions e.g. first order, blacklisted IP address, failed address verification, suspicious email domains, specific countries, weird order frequency, unmatched address history, invalid PayPal accounts, unusual order totals, and so on
  • Set the weight of each risky condition (low, medium, high) and define a “risk value”
  • Automatically put on hold high-risk orders

If you’re experiencing any of these problems, then this plugin is the right choice.

Enabling PayPal Verification Step via the YITH plugin
Assigning a risk level to each order (see red / yellow / green icons) via the YITH plugin

Related content

  • WooCommerce: Cart and Checkout on the Same Page
    This is your ultimate guide – complete with shortcodes, snippets and workarounds – to completely skip the Cart page and have both cart table and checkout form on the same (Checkout) page. But first… why’d you want to do this? Well, if you sell high ticket products (i.e. on average, you sell no more than […]
  • WooCommerce: Disable Payment Method If Product Category @ Cart
    Today we take a look at the WooCommerce Checkout and specifically at how to disable a payment gateway (e.g. PayPal) if a specific product category is in the Cart. There are two tasks to code in this case: (1) based on all the products in the Cart, calculate the list of product categories in the […]
  • WooCommerce: Add Privacy Policy Checkbox @ Checkout
    Here’s a snippet regarding the checkout page. If you’ve been affected by GDPR, you will know you now need users to give you Privacy Policy consent. Or, you might need customer to acknowledge special shipping requirements for example. So, how do we display an additional tick box on the Checkout page (together with the existing […]
  • WooCommerce: Redirect to Custom Thank you Page
    How can you redirect customers to a beautifully looking, custom, thank you page? Thankfully you can add some PHP code to your functions.php or install a simple plugin and define a redirect to a custom WordPress page (as opposed to the default order-received endpoint). This is a great way for you to add specific up-sells, […]
  • WooCommerce: Disable Payment Gateway by Country
    You might want to disable PayPal for non-local customers or enable a specific gateway for only one country… Either way, this is a very common requirement for all of those who trade internationally. Here’s a simple snippet you can further customize to achieve your objective. Simply pick the payment gateway “slug” you want to disable/enable […]

Rodolfo Melogli

Business Bloomer Founder

Author, WooCommerce expert and WordCamp speaker, Rodolfo has worked as an independent WooCommerce freelancer since 2011. His goal is to help entrepreneurs and developers overcome their WooCommerce nightmares. Rodolfo loves travelling, chasing tennis & soccer balls and, of course, wood fired oven pizza. Follow @rmelogli

4 thoughts on “WooCommerce: How to Blacklist Scammers, Emails, IP, Phones?

  1. So you didn’t give any advice on how to block specific addresses? Was hoping to find that since that’s what the heading says, but you only list how to block all PO Boxes under that section! Any idea how to block a specific home address?

    “This is a good example to explain what I mean by “blacklisting certain addresses”.
    -is a horrible example

    Thank you!

    1. Hi James, in the POBOX snippet you can replace this line with the home address or text you want to blacklist:

      if ( strstr( $address, 'pobox' ) || strstr( $address2, 'pobox' ) ) {

      to:

      if ( strstr( $address, 'blacklistedaddress' ) || strstr( $address2, 'blacklistedaddress' ) ) {
    1. Thank you!

Leave a Reply

Your email address will not be published. Required fields are marked *