Web & Software Developer

Add a Honeypot Field To Forms

This is a quick and simple way to add a honeypot field to any form. This works in WordPress, as well as in any form.

Adding a honeypot field to forms is a quick and simple way to limit spam on your forms. A honeypot field is simply a field which is added to forms, and is supposed to remain blank. Most spam bots blindly fill out all form fields. So, if this field is filled in, we will assume it’s a spam bot and we’ll stop the form from being sent.

To add a honeypot field to your forms, add this HTML:

<p id="pooh-hundred-acre-wood">
	<label for="pooh-hundred-acre-wood-field" id="pooh-hundred-acre-wood-label"><?php _e( 'For Official Use Only', 'textdomain' ); ?></label>
	<input name="pooh_hundred_acre_wood_field" type="text" id="pooh-hundred-acre-wood-field" value="" />
</p>

The CSS to hide the field from view, while keeping it visible to spam bots:

#pooh-hundred-acre-wood, 
#pooh-hundred-acre-wood-field, 
#pooh-hundred-acre-wood-label {
	position: absolute;overflow: hidden;clip: rect(0px, 0px, 0px, 0px);height: 1px;width: 1px;margin: -1px;border: 0px none;padding: 0px;}

Keeping the field visible to spam bots means that we’re also making it available to screen readers (screen readers are devices for the visually impaired). This is why it’s important to add the text label which we added above, “For Official Use Only.” I don’t like to add any text similar to, “Leave this field blank,” since that may be a red flag to spam bots that this is a honeypot field. Also, for that same reason, I don’t use the word “honeypot” in any of the attributes.

In the PHP form validation function (or whatever function you use to process the form), use this at the top to make sure the honeypot field is empty:

// Block spam bots by making sure this honeypot field is empty
if ( ! empty( $_POST['pooh_hundred_acre_wood_field'] ) ) {
	
      // This is spam. Stop validating. 
      return;

}

By

We've 2 Responses

  1. March 3rd, 2019 at 4:42 pm

    It appears that you are describing EXACTLY what I am trying to do . . . Is there any chance that you could help tell me just ‘where’ I might need to insert the php code? I’m very new to php – think I have LOTS more to learn, so please forgive my ignorance. I often learn by trial and error . . . I tried putting it in my child theme’s functions file, but that is not correct.
    I’m using wordpress 5.1, child theme of twentyseventeen theme, and Contact Form 7
    I’m guessing that I may need to put an altered copy of one of the contactform7 php files – into my child theme area . . . but I don’t know which php file. :-\
    If you are able to help tell me any of this, I would be most appreciative!
    Thanks in advance

    avatar

Questions and Comments are Welcome

Your email address will not be published. All comments will be moderated.

Please wrap code in "code" bracket tags like this:

[code]

YOUR CODE HERE 

[/code]