Everyone hates spam and even though creating a honeypot for an html form may help it’s not the ‘be all and end all’ of anti-spam and some bots may work around some honeypots but hopefully this example will help decrease your spam count.

For the sake of this being such a quick and easy implementation, I will try and keep this post as short as possible and get to the point.

The logic is simple, create a normal form in HTML of the fields you would like to capture. Create one or two additional fields for your honeypot (these will be the decoy fields) and hide them using CSS with display:none;

The fields will still exist in the source code so if a bot auto-fills your form it will block the request and not send the mail.

The code explained

I have created a really simple gist for you to get the idea and understand the logic behind the honeypot. When POSTING the form we simply check if the value of the hidden field is greater than 1 which means it contains some sort of value from a bot since it’s not visible on the frontend of your site. If it does contain a value, simply return else continue with the PHP mail. That’s it! A simple honeypot for an HTML form done in 5 minutes.

As mentioned above this is not the ‘be all and end all’ of anti-spam but it may help. Be sure to take additional precautions against fighting crime and you should be on your way to making a spam proof form!