Skip to content

Stop web spam – trap pesky spambots with a honeypot

a honeypot with dip stick

Make no mistake; if you have a web form or comment system on your site, the spambots WILL find you. They will pack the form fields with as much rubbish as they can pump out and try to send it on to you, the site owner. This is good, this is exactly what we want them to do.

What? Yes, it’s good that we know how they will likely behave. The Honeypot is a simple but surprisingly effective technique of stopping spambots which capitalizes on this predictable behaviour. Like trapping a fly, we place a honeypot input field in the form that is hidden from the user through CSS styling but accessible through the HTML, and rejecting any submissions that contain content in this field. Human users cannot see this field and thus will not fill it out, but the spambot will be unable to resist this temptation and go straight for it. That’s it – no fancy tricks; just a regular text input field and a small rule to the sanitation filter on the server side.

WordPress Users

If you use the popular Contact Form 7 plugin for your WordPress powered site, there is already a Honeypot plugin available for you. The plugin adds a honeypot to the list of insertable fields in the form builder. Simply add the honeypot field anywhere in your form. I’ve been placing mine at the very top where it’s the first thing that the spambots see.