Thats right, negate did the same for me too. It only stops low to mid level non-headless browser bots. I developed a software that im still testing that works to intercept bots before they even enter.
Topic summary
Shopify store owners are experiencing widespread bot attacks creating fake abandoned checkouts, typically using the address “street 10 apt 2” with various email providers. These bots generate fraudulent customer records, risk email domain blacklisting through automated abandoned cart emails, and severely distort analytics data (conversion rates, customer counts), making marketing decisions unreliable.
Key Issues:
- Bots appear to be testing stolen credit cards, creating chargeback liability
- Third-party apps like Blockify and Negate Bot Protection prove largely ineffective
- Shopify restricts checkout page access to apps, limiting protection options
- Advanced bot protection only available on $2000+/month plans
- Bots access checkout directly (server-side), bypassing front-end security
Attempted Solutions:
- Removing $0/digital products from stores (most effective workaround)
- Disabling cart availability for targeted pin codes
- Manual IP blocking via customer data requests
- Regular deletion of fake customer accounts
Community Frustration:
Multiple users report this issue persisting for 1-2 years with minimal Shopify support. Several merchants criticize Shopify for using Cloudflare internally while preventing customers from implementing similar protection. One developer claims to have created a custom solution reducing daily abandoned carts from 2000+ to ~10, with plans to release as an app. Some users are considering migrating to WordPress/GoDaddy for better security control.
You ended up created something too? lol Im glad im not the only one.
YOU WERE LIED TOO!!! SHOPIFY STAFF DONT HAVE ACCESS TO THAT!!! Litterally shopify staff only are given the same documentation for trouble shooting and info as we are, which is why they are worthless…Only occasionally do they have some amature hacker holding that Customer service job who takes advantage of customers LIKE YOU, and tells you so crazy story, because HES ONE OF THE PEOPLE SENDING TO BOTS TO TRY AND CONVINCE YOU TO BUY BOT BLOCKER SOFTWARE ON SHOPIFY!! I got so pissed I left shopify and started using wordpress and now, no issues because I use cloudflare as shopify doesn’t allow it. DO THE SAME.
Yes he was saying that, but only because some customer service rep decided to take advantage of his position and access to his account and BS him…THEY ARE LYING BECAUSE THE BOTS ONLY ENTER FROM THE SAME WAY WE ACCESS THE SITE. IF its server side, its a HUGE cyber security issue and NO ONE IS SAFE ON SHOPIFY. It means that rep was a hacker. Also he misslead the customer to believe that lie to upsell bot blocking software. THESE PEOPLE OWN FIVVER AND SHOPIFY they create the monsters, to sell their products which is is one big lie! I’ve developed my own software and I also build websites now on wordpress. IF you want someone to help you do that, let me know.
Sorry the solution is to go to wordpress and use cloud flare. If you want help making a site, let me know.
Hi All,
We successfully mitigated the issue of fake abandonment carts. This was achieved by disabling cart availability for the specific pin code being targeted by the bot. Additionally, we transferred (not redirected) the URL of the product that the bot was repeatedly attempting to add. As a result, the bot’s attempts to generate blank abandonments eventually ceased, since its credit card validation checks could no longer proceed.
In parallel, we have further strengthened our security measures by implementing additional anti-bot applications across all five of our Shopify stores.
We trust that these actions have contributed positively to the protection and stability of our operations.
Best regards,