Stop SPAM using Honeypot

0 2,262

If you are just starting a WordPress blog or you are a beginner blogger then you should have come to the situation of deleting SPAM comments from your blog every day and night. Spammers mostly target the blogs which have “powered by WordPress” or have Buddypress installed because it will become very easy for them to post any comment using their BOTs bypassing the website security.

So here what are SPAMmers doing here? Below are the answers:

  • Backlinks: Creating a lot of backlinks to their target site. (It have both pros and cons)
  • Hacking the website
  • Cheap Advertisement
  • Eating up the most important resource – Time, of the webmaster.

So for me If I have to tackle SPAM, then the last option seems to be best. Honeypot is doing the same thing. As the name implies, it sticks the SPAM Bot with its unique hidden input field and Time-based technique. The concept is if a SPAM Bot tries to sign up for the website it will fill up the signup form. In the Honeypot technique, a hidden input field with some known random value is placed in the signup form. If the value of the hidden field changes then it should be a SPAM because a simple user can’t view the hidden input field.

So using simple client-side script, we can determine whether a visitor is a SPAMMER or human. To make it more proof, a Time-based script can be added so that we can crosscheck the result.

Below is the sample code for the Honeypot technique:

In the login/register form use the following sample code:

<!-- Form content goes here --> 
<input type="hidden" id="thedeeppot" name="antiSpam" value="lalalala" /> 
<input type="submit" value="Login" name="submit"/>

Sample Javascript code:

 * Confirms Spam Attempt 
var antiSpam = function() {
    if (document.getElementById("thedeeppot")) {
        a = document.getElementById("thedeeppot");
        if (isNaN(a.value) == true) {
            a.value = 0;
        } else {
            a.value = parseInt(a.value) + 1;
    setTimeout("antiSpam()", 1000);

SPAM Bot Validation and Conclusions:

  • if (value of a) == 0 ⇒ Visitor is a SPAM bot
    Reason: a normal human can’t see and manipulate the hidden input field
  • If (value of a) <= 10  ⇒  Visitor is a ‘Smart’ SPAM bot
    Reason: No human can fill-up the form so fast as less than or equal to 10 seconds. If it is, then the visitor is ‘Smart’ SPAM bot.
  • If (value of a) > 10  ⇒  Real Human Visitor

Above code example is just for illustration. It can be made mightier and trustworthy using a few tweaks. Although I think the concept is very well clear to everybody. In case you have any query please do leave a comment.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More