How to Stop Bots from Sending Fake COD Orders on Shopify

If you receive fake Cash-on-Delivery (COD) orders on your Shopify store, the issue usually comes from bots submitting your order form repeatedly. This happens most often when using COD apps that rely on custom order forms.

This guide explains the recommended methods to reduce or completely stop fake bot orders before they reach your eGrow account.

1. Enable Shopify’s Built-In reCAPTCHA

Shopify provides Google reCAPTCHA to help prevent automated form submissions.
However, it must be enabled manually and only applies to Shopify’s native forms.

How to enable it:

1. Go to Online Store → Themes

2. Click Customize

3. Open Theme Settings

4. Look for Spam Protection or reCAPTCHA

5. Enable:

   • Login captcha

   • Contact form captcha

   • Checkout/Order form captcha (if available)

Note:
Shopify’s reCAPTCHA does not protect third-party COD forms unless they use Shopify’s native endpoints.

2. Enable CAPTCHA Inside Your COD App

Most COD apps used by merchants (EasySell, Releasit, Cash on Delivery Form, etc.) include built-in spam protection settings.

Look for options such as:

• Enable reCAPTCHA

• Enable bot protection

• Spam protection

• Form security

If supported, you can also add your reCAPTCHA v2 Site Key and Secret Key.

This is one of the most effective ways to block bot orders before they sync to eGrow.

3. If the App Does Not Support reCAPTCHA

Some COD apps do not have built-in CAPTCHA. In that case, you can still protect your form using:

A. Honeypot Field

A hidden field that only bots fill.
Many apps offer this as:

• “Anti-Spam Field”

• “Honeypot Protection”

• “Detect bots automatically”

Enable it if available.

B. Custom reCAPTCHA Script

If your COD form is embedded inside your theme (not in a popup or external link):

• Ask the app support to enable reCAPTCHA,
  or

• Add a developer snippet that loads Google reCAPTCHA v2/v3 into your form code.

This usually goes inside:

• theme.liquid, and

• the form section.

4. Use IP Blocking or Rate Limiting Apps

If bots are sending many orders quickly, IP blocking apps help protect your store instantly.

Recommended options:

• Shop Protector

• Bot Protection by Shop Secure

• Blocky

These apps can block:

• Suspicious IP addresses

• High-frequency form submissions

• Automated bot traffic

This prevents fake orders before they reach your Shopify admin and before they sync to eGrow.

Recommended Setup for COD Stores

For best results, we suggest combining:

1. Shopify built-in reCAPTCHA

2. COD app’s built-in captcha or bot protection

3. Honeypot fields

4. Optional: IP-blocking app for heavy bot attacks

This layered protection stops nearly all automated fake orders before they reach eGrow.