IP Restriction
IP Purchase Restriction#
Limits how many tickets a single IP address can purchase for a raffle. This catches abuse from guests creating multiple accounts or bots buying tickets, complementing the core per-customer limit which only tracks logged-in users.
Enabling#
- Go to WooCommerce → Settings → Raffle → Pro Modules and enable IP Purchase Restriction.
- Edit a raffle product.
- In the PRO Features section, set the Max tickets per IP address field.
How it works#
- When a customer tries to add a raffle product to cart, the system:
- Gets the visitor’s IP address (using
WC_Geolocationfor proxy-aware detection). - Counts existing tickets for this raffle purchased from orders with this IP.
- Counts tickets for this raffle currently in the visitor’s cart.
- If the total would exceed the limit, the add-to-cart is blocked with an error message.
- Gets the visitor’s IP address (using
- The same check runs when a customer updates the cart quantity.
- On the product page, a notice shows how many tickets the customer can still purchase.
Settings#
| Setting | Location | Description |
|---|---|---|
| IP Purchase Restriction (module) | WooCommerce → Settings → Raffle → Pro Modules | Enable/disable the feature globally |
| Max tickets per IP address | Per-product → PRO Features | Maximum tickets from one IP. 0 or blank = no limit |
Frontend notices#
| Scenario | Notice |
|---|---|
| Some tickets purchased, limit not reached | Amber notice: “You can purchase X more ticket(s) (limit: Y per customer).” |
| Limit reached | Red notice: “You have reached the maximum of X ticket(s) for this raffle.” |
| No purchases yet / no limit set | No notice |
HPOS compatibility#
The feature is fully compatible with WooCommerce High-Performance Order Storage. It detects whether HPOS is active and queries the appropriate table:
- HPOS enabled: Joins tickets with
wc_orders.ip_address - Legacy mode: Joins tickets with
postmeta._customer_ip_address
Interaction with core per-customer limit#
The IP restriction works alongside the core per-customer limit — the stricter of the two applies. For example:
- Core limit = 10, IP limit = 5 → guest is blocked at 5 (IP limit)
- Core limit = 3, IP limit = 10 → logged-in user is blocked at 3 (core limit)
Counted ticket statuses#
Only active and winner tickets count toward the IP limit. Cancelled and refunded tickets are excluded, so customers can re-purchase after a refund.
Limitations#
- Customers behind a shared IP (e.g., office network, university) share the same IP quota.
- VPN users can circumvent the restriction by changing IP addresses.
- This is a deterrent, not a foolproof security measure. For high-value raffles, combine with logged-in-only purchases and the core per-customer limit.
CSS classes#
| Element | CSS Class |
|---|---|
| Notice container | .rfwc-pro-ip-notice |
| Limit reached | .rfwc-pro-ip-notice--reached |
| Remaining allowance | .rfwc-pro-ip-notice--remaining |