Buy Now
Sign in

FAQ search

How can I add a HoneyPot spam check?

Published: Wednesday, 01 July 2015 10:09
There are several ways of protecting web forms from spam; one of these is the HoneyPot input - that's a form input that isn't visible to a human user but will probably be seen and completed by a spam bot. So if there is a value in the input the form is probably spam. This FAQ tells you how to set up a HoneyPot input.

If you are using CFv5 there is a different form of HoneyPot check built in. You can still use the method shown if you prefer - it is especially useful if your form is cached as it does not rely on a saved key.

  1. Add an input to your form; we'll use a text input here but you could also use a drop-down select box with a 'Show Empty' value set. You need to add a label, name and ID to the element so that it that looks 'normal'; we'll call ours 'confirm'.
  2. Drag a Load CSS action into the On Load event of the form and add a CSS snippet to hide the input. We want to hide the whole input div to make the input invisible so the CSS will be like this:
    div#confirm_container_div {
      display: none;
  3. Drag a Custom Code action into the On Submit event and put it up at or near the top of the event. Add this code to it. 
  4. <?php
    if ( $form->data['confirm'] != '' ) {
    This checks the confirm box and if there is a value set redirects the user away from the site. (This is set to go to the Internet Crime Complaint Center but any appropriate URL is OK.)

Note: this will offer protection against spambots that read the page HTML; it will not protect agaist human spammers who will not see the hidden input.