Plugin Author: Nocean
WordPress profile: Nocean
Last updated: February 16, 2018 (6 months ago)
Tested up to (WP version): WP 4.9.8
Rating: 5 (out of 5)
This simple addition to the wonderful Contact Form 7 (CF7) plugin adds basic honeypot anti-spam functionality to thwart spambots without the need for an ugly captcha.
The principle of a honeypot is simple — bots are stupid. While some spam is hand-delivered, the vast majority is submitted by bots scripted in a specific (wide-scope) way to submit spam to the largest number of form types. In this way they somewhat blindly fill in fields, regardless of whether the field should be filled in or not. This is how a honeypot catches the bot — it introduces an additional field in the form that if filled out will cause the form not to validate.
Support can be found here.
If you’d like to translate this plugin, please visit the plugin’s translate.wordpress.org page. As of v1.10, all translation is handled there. Thank you to the polyglots that contribute!
If you are using CF7 3.6+, use the latest version of this plugin. If you are using an older version of CF7, you will need to use CF7 Honeypot v1.3.
- Install using the WordPress “Add Plugin” feature — just search for “Contact Form 7 Honeypot”.
- Confirm that Contact Form 7 is installed and activated. Then activate this plugin.
- Edit a form in Contact Form 7.
- Choose “Honeypot” from the CF7 tag generator. Recommended: change the honeypot element’s ID.
- Insert the generated tag anywhere in your form. The added field uses inline CSS styles to hide the field from your visitors.
Installation & Usage Video
For the more visually-minded, here is a short video showing how to install and use CF7 Honeypot from the fine folks at RoseApple Media. Note: This video was not produced by the CF7 Honeypot developer.
Altering the Honeypot Output HTML [ADVANCED]
While the basic settings should keep most people happy, we’ve added several filters for you to further customize the honeypot field. The three filters available are:
wpcf7_honeypot_accessibility_message– Adjusts the default text for the (hidden) accessibility message.
wpcf7_honeypot_container_css– Adjusts the CSS that is applied to the honeypot container to keep it hidden from view.
wpcf7_honeypot_html_output– Adjusts the entire HTML output of the honeypot element.
For examples of the above, please see this recipe Gist.
Will this module stop all my contact form spam?
- Probably not. But it should reduce it to a level whereby you don’t require any additional spam challenges (CAPTCHA, math questions, etc.).
Are honeypots better than CAPTCHAs?
- This largely depends on the quality of the CAPTCHA. Unfortunately the more difficult a CAPTCHA is to break, the more unfriendly it is to the end user. This honeypot module was created because we don’t like CAPTCHAs cluttering up our forms. Our recommendation is to try this module first, and if you find that it doesn’t stop enough spam, then employ more challenging anti-spam techniques.
Can I modify the HTML this plugin outputs?
- Yep! See the Installation section for more details and this Gist for examples.
My form is not validating with a W3C validation tool
- This is by design, and we recommend leaving this validation error for enhanced improvement of the plugin. However, there is a simple work around. See here for details.
Latest Change log entry:
Additional functionality to improve spam-stopping power.
antispam, captcha, form, honeypot, spam
+ Jason's Comments
Very popular, it is kept up-to-date and is easy to manage. I add Flamingo plugin to record submits to database and Really Simple CAPTCHA or WP ReCaptcha and Contact Form 7 Honeypot for bot and spam blocking.Website Optimization and Maintenance
There are a few ways to optimize and speed up your website for viewers and search engines: database clean up, image optimization, page / script compression, CPU / server load optimization, server file caching and utilize browser caching.