3rd March 2015 Mario Gheghici

Anti-spam comments and forms plugins – captcha vs honeypot

WordPress is the best Content Management System, but is not perfect ( yet), and there still are some issues with it. For example, the amount of spam that can overload your email or database because of the comments and contact forms that you have on the website.

I used to receive more that 100 spam emails a day, even with [intlink id=”641″ type=”post”]Akismet [/intlink]installed. Akismet is one of the best anti-spam plugins, but still has its minuses.
First – all the spam comments go into your spam tab on Akismet, and they’re saved into the database. If you just log into your website once every few days, or even worse, one every few weeks, you’ll see thousands of spam comments.  At least once a week you should log into your WordPress dashboard – click on Comments from the left side menu, select the Spam tab and click on “Empty spam”
empty-spam

 

That’s good practice especially to optimize the database. A database with 4000 spam comments it’s twice a clean WordPress database – just to keep that in mind in case you ever want to move your WordPress installation to another server – when moving a website size does matter.

Same thing happens with the contact forms. Just that, instead of having thousands of comments “resting” in your database, you receive a lot of spam emails.

On both situations, most of the WordPress users chose to install a captcha plugin. We all know how annoying captcha is. Some of us try to explain users why we need to use Captcha, or even to apologize.

Image courtesy of captcha.net

Image courtesy of captcha.net

Below are some of my (former) favourite plugins using Captcha, created to help both “Akismet” and Contact Form 7 (the most used plugin for contact forms inside WordPress) fight against spam:

1. SI CAPTCHA Anti-Spam

This plugin adds CAPTCHA anti-spam methods to WordPress forms for comments, registration, lost password, login, or all. In order to post comments or register, users will have to type in the code shown on the image. This prevents spam from automated bots. Adds security. Works great with Akismet. Also is fully WP, WPMU, and BuddyPress compatible.

 

 2. Captcha – by bestwebsoft

The Captcha plugin allows you to implement a super security captcha form into web forms. It protects your website from spam by means of math logic, easily understood by human beings. This captcha can be used for login, registration, password recovery, comments forms. There is also a premium version of the plugin, allowing compatibility with BuddyPress (Registration form, Comments form, “Create a Group” form) and Contact Form 7.

Introducing Anti-spam honeypot

Still, there’s a better solution, both  aesthetically and for user experience – the “honeypot

 

According to WikiPedia, honeypot is a trap set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems. Generally, a honeypot consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or a resource of value to attackers. This is similar to the police baiting a criminal and then conducting undercover surveillance.

 

I first discovered this anti-spam technique using [intlink id=”2778″ type=”page”]GravityForms[/intlink]

[intlink id=”2778″ type=”page”]GravityForms[/intlink] – definetelly the best WordPress form generator on the market. Indeed, it’s a premium plugin, but is the one I recommend to all my clients – safe, full of features and easy to use.

After creating a form using this plugin, you have the option to activate Honeypot

Anti-spam honeypot option on Gravity Forms

Anti-spam honeypot option on Gravity Forms

The honeypot is actually a new hidden field in the form. Being hidden using CSS, the field will not be visible to visitors, but the bots trying to spam will not know that. And they will fill this field as well. And that’s the trigger – when this field is filled the form will not validate and the contact will be market as spam and will not be send.

That’s pretty clever, and, most important will eliminate not only spam but also the annoying Captcha field.

 

If you don’t use GravityForm, there is a plugin that will enable honeypot for Contact Form 7 as well:

This simple addition to the Contact Form 7 (CF7) plugin adds basic honeypot anti-spam functionality to thwart spambots without the need for an ugly captcha.

 

And there’s also another plugin who uses the same technique for comments:

Honeypot Comments

Install and activate this plugin and let a simple hidden honeypot input field catch spam bots, which will fill out all fields in the form (even our hidden honeypot field). If that honeypot field isn’t empty, the comment won’t process, effectively nuking most spam comments.

Try them and see if you get the same amount of spam from your website.

If you know another good anti-spam plugin, don’t forget to mention it in comments!

Tagged: , , ,

About the Author

Mario Gheghici

Mario Gheghici has over 15 years’ experience in media and advertising. Throughout his career he has been a journalist, a PR expert, advertising guru, and now he is widely known as a social media, online marketing, web development and SEO consultant. | Follow @mariusdigital |
Follow on Google+ | Connect on LinkedIn |

Leave a Reply

Your email address will not be published. Required fields are marked *

Get In Touch With Us!

Dream big! With us you can!