Mar 242016
 
WordPress Plugin Name: Honeypot for Contact Form 7
Plugin URL:https://wordpress.org/plugins/contact-form-7-honeypot/

Plugin Author: Nocean
WordPress profile: Nocean
Plugin version: 2.1
Last updated: September 8, 2021 (1 month ago)
Tested up to (WP version): WP 5.8.1
Downloaded: 0
Rating: 5 (out of 5)

Description


This simple addon module to the wonderful Contact Form 7 (CF7) plugin adds basic honeypot anti-spam functionality to thwart spambots without the need for an ugly captcha.

The principle of a honeypot is simple — bots are stupid. While some spam is hand-delivered, the vast majority is submitted by bots scripted in a specific (wide-scope) way to submit spam to the largest number of form types. In this way they somewhat blindly fill in fields, regardless of whether the field should be filled in or not. This is how a honeypot catches the bot — it introduces an additional field in the form that if filled out will trigger the honeypot and flag the submission as spam.

Additionally, as of version 2.1, the plugin also features an optional submission time check. This checks how long it takes to submit the form and if under a user-defined threshold, it rejects the submission as spam. This works under the idea (backed up by testing) that spam bots submit forms super fast (usually 1-2 seconds), whereas people take longer.

REQUIRED/RECOMMENDED PLUGINS

You will need Contact Form 7 version 3.0+ at a minimum. It is recommended to use version 5.3+ of CF7, for better spam logging. For the best results, we suggest always using the latest versions of WordPress and CF7.

We highly recommend Flamingo with CF7 and this plugin. Using Flamingo allows you to track spam submissions (via inbound messages / spam tab in Flamingo), showing you what got caught in the honeypot and why. Be sure to check your Honeypot settings to turn storing the honeypot on for this.

SUPPORT / SOCIALS

Support can be found here. Follow us on Twitter and on Facebook for updates and news.

Visit the Honeypot for Contact Form 7 plugin page for additional information or to buy us a coffee to say thanks.

PRIVACY

This plugin does not track users, store any user data, send user data to external servers, nor does it use cookies. This is an addon plugin, and requires Contact Form 7. Please review Contact Form 7’s privacy policies for more information.

LOCALIZATION / TRANSLATION

If you’d like to translate this plugin, please visit the plugin’s translate.wordpress.org page. As of v1.10, all translation is handled there. Version 2.0 brings a bunch of new strings in need of translation, so a huge thank you to the polyglots that contribute!

LEGACY/OLD VERSIONS

The latest version of this plugin is designed to work with the latest version of Contact Form 7 and WordPress. If you are using older versions of either, you’re best to find the version of this plugin released around the same time as the version you’re using. You can access older versions of this plugin by clicking Advanced View on the right of the plugin’s page and scrolling to the bottom of the plugin’s page. Use at your own risk. We strongly recommend upgrading to the latest versions whenever possible.



FAQ


Will this module stop all my contact form spam?

Probably not. But it should reduce it to a level whereby you don’t require any additional spam challenges (CAPTCHA, math questions, etc.).

Are honeypots better than CAPTCHAs?

This largely depends on the quality of the CAPTCHA. Unfortunately the more difficult a CAPTCHA is to break, the more unfriendly it is to the end user. This honeypot module was created because I don’t like CAPTCHAs cluttering up my forms. My recommendation is to try this module first, and if you find that it doesn’t stop enough spam, then employ more challenging anti-spam techniques.

Can I modify the HTML this plugin outputs?

Yep! See the Installation section for more details and this Gist for examples.

My form is not validating with a W3C validation tool

As of version 2.0, this shouldn’t be the case any longer. However, if it is for some reason, there is a simple work around. See here for details.

Does this plugin work with Flamingo?

You bet! If the honeypot trap is triggered, an email isn’t sent, but the form submission is added to the spam section of Flamingo so you can review what tripped things up.

Why do you have affiliate ads on your settings page?

I realize not everyone loves ads, but daddy’s gotta pay the bills. I’m extremely grateful to the numerous users that have donated to the plugin’s development over the years, and while that’s awesome, I don’t think donations will ever come remotely close to covering the time and effort it takes to maintain and support a plugin that now has nearly 1.5 million downloads and more than 300,000 active installs.



Screenshots:


  1. Global Honeypot Settings

    Global Honeypot Settings

  2. Honeypot CF7 Form Tag Settings

    Honeypot CF7 Form Tag Settings



Other notes:




Latest Change log entry:


Added new feature: additional submission time check to improve bot-stopping power! Also, fixed small HTML issue and tidied up shortcode interface.



Tags:


anti-spam, antispam, captcha, honeypot, spam

+ Jason's Comments

Very popular, it is kept up-to-date and is easy to manage. I add Flamingo plugin to record submits to database and Really Simple CAPTCHA or WP ReCaptcha and Contact Form 7 Honeypot for bot and spam blocking.

Website Optimization and Maintenance

There are a few ways to optimize and speed up your website for viewers and search engines: database clean up, image optimization, page / script compression, CPU / server load optimization, server file caching and utilize browser caching.

I provide website tune ups on request and recommend a schedule for Search Engine Optimization (SEO) and Page Speed optimization.

Optimization is best applied together with website security and protection and backup and maintenance.

Top