Contact form spammers are relentless and are some of the most annoying creatures on the planet. That’s because most are actually bots, which are automated programs whose mission is to search for contact forms and fill them in with annoying messages or gibberish. If your web site is popular and has a contact form, you might receive hundreds of spam messages per day submitted by automated bots.
There isn’t any way to stop actual humans from submitting crap through your forms, but there are a couple of ways to stop bots from making your day miserable.
The first would be to use a CAPTCHA, which is an extra field users have to fill in based upon randomly generated information. This is typically a number sequence or code, or sometimes a simple math equation to solve. A form field must be manually filled in with the correct information or the form cannot be submitted. Most bots cannot read CAPTCHA information or read and solve the simple math problems, so a CAPTCHA will stop them. The problem is that information generated by the CAPTCHA code is frequently hard for humans to read, as well. They are also considered intrusive, because a user is required to take an additional step.
That’s where a honeypot is useful.A honeypot is an extra field inserted in the HTML code for a form. This is a hidden field not visible to human users. A bot, however, never actually sees a web site and only reads the HTML code for a web page. The field is in the HTML code. Bots try to fill in every field they find in a form. Smart bots may submit information that appears to be relevant for each field. Simple bots submit gibberish, links to other sites, advertising or useless info. However, they almost always try to fill in every field they find with some type of information. That’s where the honeypot field sucks them in and identifies the submitter as a bot.
A honeypot works by presenting a form field that only bots can see. When information is inserted into the field, the honeypot code prevents the form from being submitted and you do not receive a spam message. Once again, because the honeypot field is invisible to users, only automated spam bots can see the field and fill it in. This is an effective method and unobtrusive method for limiting or preventing spam submissions.
The honeypot suggested in this tutorial is a WordPress plugin that works with the Contact Form 7 plugin, and therefore is called Contact Form 7 Honeypot. This plugin will only work with a WordPress site that uses the Contact Form 7 plugin. If your WordPress site uses another contact form plugin, look for a honeypot plugin that works with that type of form.