Add a Honeypot Field To Forms

This is a quick and simple way to add a honeypot field to any form. This works in WordPress, as well as in any form.

Adding a honeypot field to forms is a quick and simple way to limit spam on your forms. A honeypot field is simply a field which is added to forms, and is supposed to remain blank. Most spam bots blindly fill out all form fields. So, if this field is filled in, we will assume it’s a spam bot and we’ll stop the form from being sent.

To add a honeypot field to your forms, add this HTML:

<p id="pooh-hundred-acre-wood">
	<label for="pooh-hundred-acre-wood-field" id="pooh-hundred-acre-wood-label"><?php _e( 'For Official Use Only', 'textdomain' ); ?></label>
	<input name="pooh_hundred_acre_wood_field" type="text" id="pooh-hundred-acre-wood-field" value="" />
</p>

The CSS to hide the field from view, while keeping it visible to spam bots:

#pooh-hundred-acre-wood, 
#pooh-hundred-acre-wood-field, 
#pooh-hundred-acre-wood-label {
	position: absolute;overflow: hidden;clip: rect(0px, 0px, 0px, 0px);height: 1px;width: 1px;margin: -1px;border: 0px none;padding: 0px;}

Keeping the field visible to spam bots means that we’re also making it available to screen readers (screen readers are devices for the visually impaired). This is why it’s important to add the text label which we added above, “For Official Use Only.” I don’t like to add any text similar to, “Leave this field blank,” since that may be a red flag to spam bots that this is a honeypot field. Also, for that same reason, I don’t use the word “honeypot” in any of the attributes.

In the PHP form validation function (or whatever function you use to process the form), use this at the top to make sure the honeypot field is empty:

// Block spam bots by making sure this honeypot field is empty
if ( ! empty( $_POST['pooh_hundred_acre_wood_field'] ) ) {
	
      // This is spam. Stop validating. 
      return;

}