The principle of a honeypot is simple — bots are stupid. While some spam is hand-delivered, the vast majority is submitted by bots scripted in a specific (wide-scope) way to submit spam to the largest number of form types. In this way they somewhat blindly fill in fields, irregardless of whether the field should be filled in or not. This is how a honeypot catches the bot — it introduces an additional field in the form that if filled out will cause the form not to validate.
Please use the official CF7 Honeypot support forum for all support requests. Support requests in comments may not be answered. Also — before submitting a support request, be sure to confirm you are using the latest versions of: 1) Contact Form 7 WordPress Plugin, 2) The Contact Form 7 plugin, 3) WordPress.
- Install using the WordPress “Add Plugin” feature — just search for “Contact Form 7 Honeypot”.
- Confirm that Contact Form 7 is installed and activated. Then activate this plugin.
- Edit a form in Contact Form 7
- Choose “Honeypot” from the CF7 tag generator. Recommended: change the honeypot element’s ID.
- Insert the generated tag anywhere in your form. The added field uses inline CSS styles to hide the field from your visitors.
The fine folks at RoseApple Media put the above video together detailing the simple process of getting up and running with CF7 Honeypot. NOTE: This video was not produced by the CF7 Honeypot developer.
Altering the Honeypot Output HTML [ADVANCED]
While the basic settings should keep most people happy, we’ve added several filters for you to further customize the honeypot field. The three filters available are:
wpcf7_honeypot_accessibility_message– Adjusts the default text for the (hidden) accessibility message.
wpcf7_honeypot_container_css – Adjusts the CSS that is applied to the honeypot container to keep it hidden from view.
wpcf7_honeypot_html_output– Adjusts the entire HTML output of the honeypot element.
For examples of the above, please see this recipe Gist.
Frequently Asked Questions
Will this module stop all my contact form spam?
Probably not. But it should reduce it to a level whereby you don’t require any additional spam challenges (CAPTCHA, math questions, etc.).
Are honeypots better than CAPTCHAs?
This largely depends on the quality of the CAPTCHA. Unfortunately the more difficult a CAPTCHA is to break, the more unfriendly it is to the end user. This honeypot module was created because we don’t like CAPTCHA’s cluttering up our forms. Our recommendation is to try this module first, and if you find that it doesn’t stop enough spam, then employ more challenging anti-spam techniques.
Can I modify the HTML this plugin outputs?
Yep! See the Installation section for more details and this gist for examples.
What is the plugin license?
This plugin is released under a GPL license.
Added do-not-store for when forms are stored in the DB (i.e. Flamingo). Improved wrapper ID masking and customization.
Additional functionality to improve spam-stopping power.
Introduces ability to force W3C compliance. See here for details.
Addresses accessibility concerns regarding a missing label and disables autocomplete to prevent browser autocomplete functions from filling in the field.
Added i18n support, French language pack. Thx chris-kn
Added wpcf7_honeypot_accessibility_message and wpcf7_honeypot_container_css filters, i18n support.
Provides backwards compatibility for pre-CF7 4.2, introduces ability to remove accessibility message.
Quick fix release to fix PHP error introduced in 1.6.3.
Updates to accommodate changes to the CF7 editor user interface.
Small change to accommodate validation changes made in CF7 4.1.
Small change to accommodate changes made in CF7 3.9.
Quite a lot of code clean-up. This shouldn’t result in any changes to the regular output, but it’s worth checking your forms after updating. Also, you’ll note that you now have the ability to add a custom CLASS and ID attributes when generating the Honeypot shortcode (in the CF7 form editor).
Added filter hook for greater extensibility. See installation section for more details.
Update to make compatible with WordPress 3.8 and CF7 3.6. Solves problem of unrendered honeypot shortcode appearing on contact forms.
Update to improve outputted HTML for better standards compliance when the same form appears multiple times on the same page.
Small update to add better i18n and WPML compatibility.
Small update for W3C compliance. Thanks Jeff.