Blocking Spam Orders
Automated bots and the spam that they create are just part of doing business online. In addition to spam emails, you may also receive support requests and orders in bulk from automated bots.
Many methods exist both within and external to WHMCS to help you with this problem.
A responsive firewall that can quickly identify undesirable traffic and block it from your website entirely. This is the most effective method and will not have any impact on your legitimate customers.
We do not endorse any particular firewall service. However, the following list includes some of the most popular choices:
Invisible reCAPTCHA helps block orders from automated bots while allowing the majority of customers to place orders without any interruption. If reCAPTCHA detects a potential issue, it may require the user to complete an image identification pattern before placing the order.
To use this, enable Invisible reCAPTCHA in the Security tab at Configuration > System Settings > General Settings (Setup > General Settings prior to WHMCS 8.0).
Make certain that you check Shopping Card Checkout under reCAPTCHA for Select Forms.
Banned Email Domains
If you are receiving multiple orders from different email addresses on the same domain, you can block it at Configuration > System Settings > Banned Emails.
For more information, see Banned Emails.
Spam bots often target automated forms in order to create more spam.
To help with this, disable any WHMCS forms that you don't need:
- Disable Allow Client Registration in the Other tab at Configuration > System Settings > General Settings.
- Use a support department for sales by selecting it for Presales Form Destination in the Mail tab at Configuration > System Settings > General Settings.
- Ensure that you have checked Clients Only for any support departments at Configuration > System Settings > Support Departments that do not need to be client-facing.
Google reCAPTCHA v2
You can enable Google reCaptcha v2 in the Security tab at Configuration > System Settings > General Settings.
It helps to protect the client registration page, ticket submission pages, contact form, and homepage domain checker.
Custom Client Field
You can add a manual question that a human can easily understand and answer using a custom client field at Configuration > System Settings > Custom Client Fields.
Use the following configuration:
|Show on Order Form||