Captchas aren’t always convenient to stop spam since some bots can figure them out, and also, captchas force a legit human to decipher very complex characters.

So what’s a honeypot?

A honeypot is a trap to detect bots from humans. Its principle is that bots will typically fill in all the fields when submitting spam, for example, a spam comment.

Based on this, we can add an extra textarea element, and mark the comment as spam.

Let’s trap some bees

This code can be added to your functions.php file or similar:

<?php

/**
 * Add the honeypot, a hidden textarea field.
 */
function elio_add_honeypot() {
	echo '<p style="display:none!important"><textarea name="additional-comment"></textarea></p>';
}

/**
 * Check if the more_comment field is set. If it's not empty, it's spam. Otherwise, return the status already set.
 *
 * @param bool|string $approved The approval status that will be modified if the honeypot is filled.
 *
 * @return string
 */
function elio_check_honeypot( $approved ) {
	return empty( $_POST['additional-comment'] ) ? $approved : 'spam';
}

add_action( 'comment_form', 'elio_add_honeypot' );
add_filter( 'pre_comment_approved', 'elio_check_honeypot' );

A honeypot is a nice way to make your forms user friendly and keep spam low, there are plugins that make this automatically, and there are also ways to add it to the login form.

However, do not rely on this as an absolute method to fight spam. In addition to professional services like Akismet, there are other techniques like simple mathematical captchas, or captchas that ask a question for you to click on the correct image. Think of honeypot as a complement, rather than a replacement.

Code Wrangler at Automattic for Jetpack. Designer, illustrator, WordCamp speaker. Co-founder of WPArgentina.

Follow @eliorivero on Twitter

Leave a Reply