Everyone hates spam and even though creating a honeypot for an html form may help it’s not the ‘be all and end all’ of anti-spam and some bots may work around some honeypots but hopefully this example will help decrease your spam count.
For the sake of this being such a quick and easy implementation, I will try and keep this post as short as possible and get to the point.
The logic is simple, create a normal form in HTML of the fields you would like to capture. Create one or two additional fields for your honeypot (these will be the decoy fields) and hide them using CSS with display:none;
The fields will still exist in the source code so if a bot auto-fills your form it will block the request and not send the mail.
The code explained
I have created a really simple gist for you to get the idea and understand the logic behind the honeypot. When POSTING the form we simply check if the value of the hidden field is greater than 1 which means it contains some sort of value from a bot since it’s not visible on the frontend of your site. If it does contain a value, simply return else continue with the PHP mail. That’s it! A simple honeypot for an HTML form done in 5 minutes.
As mentioned above this is not the ‘be all and end all’ of anti-spam but it may help. Be sure to take additional precautions against fighting crime and you should be on your way to making a spam proof form!
The problem I’ve found with this approach is when legitimate posters can’t complete the form because the honeypot thinks they are a spammer. Why? Because they are using their browser’s “autocomplete” feature and it will often find the hidden “First name” field and autocomplete that even though it’s not supposed to.
I’ve experimented with different ways to set the autocomplete to “off” but some browsers simply don’t follow the spec anymore.
Thanks for the code. It works for me with autocomplete=”random_value”. The browser does not know what to do with this and ignores it.
Have a nice day.