Fake Accounts / Abandoned Checkout Bots

Hey everyone,

I’m having an ongoing issue with bots on my Shopify Plus store, and I’d appreciate any advice from others who’ve dealt with this. Bots are generating fake abandoned checkouts by abusing the cart URL scheme. They use links /cart/{variant_id}:{quantity}

Bota are doing this

1. Add a product to cart
2. Immediately go to the checkout page
3. Fill in dummy customer info
4. Close the site

As a result, Shopify logs this as an abandoned checkout, which:

• Pollutes our checkout analytics
• Triggers automated abandoned cart emails
• Leads to fake accounts being created
• Send info to Klaviyo

THEY DO THAT EVERY MINUTE SO FOR LAST FEW WEEKS I HAVE THOUSANDS OF THOSE FACKE ACCOUNTS AND ABANDONDS, AND SHOPIFY JUST TELL ME THAT NOTHING IS POSSIBLE TO DO. As a PLUS member its veeery furtratin.

What I’ve Tried:

• Shopify Functions: Tried intercepting the checkout process, but it seems Shopify Functions only apply during checkout, not before it’s launched.
• Frontend JavaScript traps: Honeypot fields and hidden inputs, but bots still bypass them.
• Rate limiting / IP blocking: Looked into this via third-party tools but not easy to enforce reliably without affecting real users.
• Bot detection scripts: Some improvement, but not stopping the bots from hitting /cart/... URLs.
• Cart attribute flags like is_human, but it’s hard to verify at the right stage before checkout begins.
• Web pixels: Set up tracking to analyze these events, but still looking for a prevention method, not just detection.

What I’m Looking For:

• Is there any way to intercept or block requests to /cart/... or checkout from non-humans?
• Can we validate the cart before allowing someone to go to checkout (even if it’s not through the Shopify UI)?
• Has anyone used Cloudflare, custom apps, or Shopify Checkout Extensions to solve a similar issue?

Any workaround, clever hack, or suggestion would be appreciated!

Thanks in advance

Hi @Edgar_Petrosyan

We’re investigating causes and strategies for combatting increased bot traffic. DMing you for more details.

With Shopify Plus you also have the option to enable Shopify’s native Bot Protection
feature.

You can enable it in your Settings > Bot Protection section in your Shopify dashboard.

This method uses captcha verification on your checkout pages to help prevent credit card testing, automated purchasing or discount abandonment scraping.

60 minute limit is too short. They are attaching me for days.

Good day.
My store admin.shopify.com/store/minipresso
The thing is right now I have enabled Armex Firewall App and replaced DNS A record from Shopify to their one. So if you enter the app and go to

image.png1687×866 83 KB

By the way you can check how many abandoned checkouts I have, those all coming from bot attach. How did I know ? I have added some fingerprint, cart attribute when adding product to the cart, is_human: true. And adjusted the FLOW you can check to delete the fake accounts.

What is not okey right now that I am using some 3rd party app with its 3rd party configuration to check the bots which I expect Shopify to do. As I get it works as Proxy server / Forwarder.
And those guys did a really great job by catching those Bots and it works.

But what Shopify Could suggest ???
As much as I know you already use Cloudflare for that reason, right ? So I have to use something like this How Orange-to-Orange (O2O) works · Cloudflare for Platforms docs to have more possibility to add some rules or filter bots, etc. ??
Well I don’t know what to do. Hope you can help me.
I think you should be awear of this exact problem on https://community.shopify.com/c/shopify-discussions/shopify-bot-exploit-add-to-cart-abuse-is-corrupting-analytics/m-p/3054595

вт, 1 июл. 2025 г. в 15:03, Liam Griffin via Shopify Developer Community Forums <notifications@shopifycommunity.discoursemail.com>:

Is it okey to write here ? I dont really get where is DM ?

I’ve just sent you a DM - only admins of the forum can start a DM conversation.

Hi Liam,

I hope you’re doing well. I was also curious as to other alternatives there are towards blocking these bots without having to resort to using Armex protection app.

Please let us know know your thoughts.

Thanks!

Hi @Liam-Shopify ! Just now tagging you in case you haven’t seen our previous message. Thanks

Hi @Team_Silk

Can you describe what you’re observing from bot activity? eg: just creating abandoned carts?

That’s correct. The bots are mainly creating abandoned carts and checkouts on our site. For now, we’ve implemented Armex as a temporary solution, but ideally we’d like to find a longer-term approach that doesn’t involve changing DNS settings.

DMing you for details @Team_Silk

Could you please share solutions as well since we still using Armex to keep us from bots.

Ср, 17 сент. 2025 г. в 14:22, Liam Griffin via Shopify Developer Community Forums <notifications@shopifycommunity.discoursemail.com>:

Hi Liam, I am having the same issues with bots flooding my abandoned cart metrics - can you DM the solution?

Hi @Liam-Shopify appreciate it if you could dm us the solution, we have 3 stores that has been affected by bots, thank you in advance

@Liam-Shopify also having this issue with multiple clients on my partner account. One is always from Hong Kong SAR, the other from Seychelles. Blanket blocking these regions isn’t an option.

Any tips/solutions you can share via DM?

@Liam-Shopify can you send me the info how to stop the bots. The bots are using non active products to abandoned carts. No customer profile just an email address

@Liam-Shopify we are having the same issue from an account in Seychelles. Always a random email address, always filling the abandoned cart, always with one of the same 2 items. Can you please DM me the solution?

Thank you

I have the same issue. What’s the solution everyone is is implementing?

Also unable to delete the customer. Error says “Failed deleting 1 customer”. Does not say much.

we are having issues on plus as well with bot traffic to checkout. any chacne we can get some info on this