Title: Honeypot Toolkit Author: Jeff Sterup Published: December 22, 2017 Last modified: February 6, 2026 --- Search plugins ![](https://ps.w.org/honeypot-toolkit/assets/banner-772x250.jpg?rev=1791405) ![](https://ps.w.org/honeypot-toolkit/assets/icon-256x256.png?rev=1791405) # Honeypot Toolkit By [Jeff Sterup](https://profiles.wordpress.org/foomagoo/) [Download](https://downloads.wordpress.org/plugin/honeypot-toolkit.5.0.4.zip) * [Details](https://wordpress.org/plugins/honeypot-toolkit/#description) * [Reviews](https://wordpress.org/plugins/honeypot-toolkit/#reviews) * [Installation](https://wordpress.org/plugins/honeypot-toolkit/#installation) * [Development](https://wordpress.org/plugins/honeypot-toolkit/#developers) [Support](https://wordpress.org/support/plugin/honeypot-toolkit/) ## Description This plugin allows you to automatically insert your Project Honeypot links into all of your pages and block IP addresses that are listed on the Http:BL list from Project Honeypot. There is an option to block IP addresses that have been blocked by Spamcop using their blacklist and the SANS Internet Storm Center API as well. To prevent bots from using brute force attacks and scanning your site there is an option to block users that fail to login a set number of times or use blocked user names. You can also block IP addresses that generate a large number of 404 errors. This plugin will also prevent WordPress User Enumeration and automatically block anyone attempting it. ## Screenshots * [[ * Settings page * [[ * Blocked list page * [[ * Activity page * [[ * Whitelist page ## Installation 1. Extract the downloaded Zip file. 2. Upload the ‘honeypot-toolkit’ directory to the `/wp-content/plugins/` directory 3. Activate the plugin through the ‘Plugins’ menu in WordPress 4. Use the menu item called Honeypot Toolkit to get the plugin set up. You should set up an account on the project honeypot website at https://www.projecthoneypot. org if you want to use Project Honeypot. ## FAQ ### Where do I get the script for my honeypot? You must sign up for an account on https://www.projecthoneypot.org. Then go to https:// www.projecthoneypot.org/manage_honey_pots.php to set up your honeypot and follow the instructions. After the script has been placed on your site enter the url of your script on the Honeypot Toolkit settings page. ## Reviews ![](https://secure.gravatar.com/avatar/a7d4b46affc96327515f86afb3cc731a80ae03d4ff463d8bff9733d7ea533f8d? s=60&d=retro&r=g) ### 󠀁[Amazing! A must have for every site!](https://wordpress.org/support/topic/amazing-a-must-have-for-every-site/)󠁿 [dichternebel](https://profiles.wordpress.org/dichternebel/) November 11, 2023 This plugin does the job very well. Besides using Project Honyepot and Spamcop, I really love the additional Login and 404 handling that protects from brute force attacks. In combination with a 2FA login plugin this makes me finally feel a lot safer using Wordpress. Thanks a lot! ![](https://secure.gravatar.com/avatar/d5d8457c928cb2228bdfe6bdfae9b05c2c270a824eb1b8bd55730dab1bc540e4? s=60&d=retro&r=g) ### 󠀁[Unfortunately does not work](https://wordpress.org/support/topic/unfortunately-does-not-work-3/)󠁿 [thorsten107](https://profiles.wordpress.org/thorsten107/) January 6, 2023 Nevertheless, 10 messages come to spam on day via the contact form. This plugin does not block anything ![](https://secure.gravatar.com/avatar/091da50764d6ed65999718df56f4893754c5955f2d2138b64c36b3d31501692c? s=60&d=retro&r=g) ### 󠀁[Still works](https://wordpress.org/support/topic/still-works-199/)󠁿 [Andrea](https://profiles.wordpress.org/aneises/) December 1, 2021 with version 5.8.2 (also multiste) ![](https://secure.gravatar.com/avatar/a5c6cecbc7b4fe4ca56a1eb4cacf74287adcd5e70971b01828d71a32838f9e65? s=60&d=retro&r=g) ### 󠀁[Does all it is designed to do](https://wordpress.org/support/topic/does-all-it-is-designed-to-do/)󠁿 [ogbcashdown](https://profiles.wordpress.org/ogbcashdown/) April 24, 2021 Has been very effective in blocking malicious traffic to my site. ![](https://secure.gravatar.com/avatar/3f21e724dc828d80c89f72f9accde311317bbbaf02726f63fd608640489e0e4b? s=60&d=retro&r=g) ### 󠀁[No logs in Honeypot activity list](https://wordpress.org/support/topic/no-logs-in-honeypot-activity-list/)󠁿 [Boretsyan](https://profiles.wordpress.org/dazepuzzle/) February 14, 2021 Hi there, I have installed Honeypot Toolkit plugin on my website, the status is: @ – Honey Pot Active but I haven’t any data in activity list in plugin. I have verified script and the dedicated link is on all my pages but now activity yet! What should I do to enable this plugin and make it working? ![](https://secure.gravatar.com/avatar/bcfcbdb500cc959e891fb7d00b1a57cbbb459c2a626c591eb702be72154adaf5? s=60&d=retro&r=g) ### 󠀁[Lots of fun using the Honeypot](https://wordpress.org/support/topic/lots-of-fun-using-the-honeypot/)󠁿 [caffeinefiend](https://profiles.wordpress.org/caffeinefiend/) December 21, 2019 I’m really enjoying using the Honeypot. In the past i was using cloudflare and plugins just to block the little blights. Now its a enjoyable sport to see how many of the pests i caught each morning. So to me this is much like going fishing, but here we are just catching the invasive pests. The plugin works really well and even though my version of Wordpress is quite a bit newer (5.3.2) than the supported i’ve had no problems at all. Its nice to run a plugin that benefits the larger community whilst making everything so simple to install and use. I’ve even taken to using an advertisement manager plugin to switch the trap links and allow me to change my trap bait as i call it. Like i said its a great sport! [ Read all 7 reviews ](https://wordpress.org/support/plugin/honeypot-toolkit/reviews/) ## Contributors & Developers “Honeypot Toolkit” is open source software. The following people have contributed to this plugin. Contributors * [ Jeff Sterup ](https://profiles.wordpress.org/foomagoo/) “Honeypot Toolkit” has been translated into 2 locales. Thank you to [the translators](https://translate.wordpress.org/projects/wp-plugins/honeypot-toolkit/contributors) for their contributions. [Translate “Honeypot Toolkit” into your language.](https://translate.wordpress.org/projects/wp-plugins/honeypot-toolkit) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/honeypot-toolkit/), check out the [SVN repository](https://plugins.svn.wordpress.org/honeypot-toolkit/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/honeypot-toolkit/) by [RSS](https://plugins.trac.wordpress.org/log/honeypot-toolkit/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### 5.0.4 Added option to allow IP V6 address checking to be turned off for the Internet Storm Center API as they can report false positives. Changed from using count to using attacks variable in Internet Storm Center API response. #### 5.0.3 Added check for 429 response from sans and code to respect their retry time. #### 5.0.2 Fixing database error on activation for multisite installs. #### 5.0.1 Added option to automatically retrieve the IP ranges for Googlebot and Bingbot from their developer sites and add them to the allowlist. Added text length restriction to IP note textareas. #### 5.0 Added ability to use SANS Internet Storm Center API to block malicious visitors Changed default HTTP response code to 403 Renamed whitelist to allowlist and blacklist/ blocked list to blocklist to create better naming consistency Added versioning to admin.css to bust cache and force loading of new CSS rules Fixed typos in settings page help dialog #### 4.5.2 Updating help text for the settings page. Adding documentation link to plugin meta. #### 4.5.1 Replacing single settings template that somehow disappeared during 4.5 update. #### 4.5 Updating URLs in readme to point to new site. Bumped tested version of WordPress #### 4.4.4 Fixed typo in 4.4.3. Used _transient_timeout instead of _site_transient_timeout #### 4.4.3 Changing transients to use site transients for better compatibility with multisite installs Added check for transients to ensure that they expire rather than living forever Added check for empty array when no honeypot positions are selected #### 4.4.2 Added DNS_A argument to dns_get_record calls to only pull A records since that is all the plugin uses. Made the logic a little more efficient for deciding if a DNS record was returned. #### 4.4.1 Added check to make sure honeypot link isn’t included in post excerpt if the_content hook is used. #### 4.4 Changed the way activity count is updated to use the primary key so the database table will not get locked. #### 4.3.1 Fixed missing ajax save function for content honeypot. Fixed check on settings page to make sure honeypot locations have been saved. #### 4.3 Added options to set the locations where the honeypot will appear. #### 4.2.2 Fixed PHP warning when checking for a temporary whitelist entry and one doesn’t exist. #### 4.2.1 Fixed call to explode that was missing the delimiter #### 4.2 Changed how the server variables are handled. The variables can be a comma delimited list. Added rel=”nofollow” to honeypot links. #### 4.1.2 Fixed deprecated message for PHP 7.x #### 4.1.1 Fixed issue on multisite installs where the plugin would check for temporary whitelist entries in a database table prefixed with the current site DB prefix. Changed $wpdb- >prefix to $wpdb->base_prefix #### 4.1 Added functionality to temporarily whitelist an IP if it has passed the Project Honeypot and Spamcop blacklist checks. This prevents the same IP being checked multiple times while a user is visiting a site. Fix for dropdown css on IP list pages. #### 4.0.9 Added the ability to enter a . in the band username field. Added functionality to automatically whitelist the web servers IP address so it doesn’t block itself while doing a health check. #### 4.0.8 Improved input validation and sanatization. Added a checkbox to the IP lists so all entries can be selected. Added functionality to submit the search query when the enter key is pressed in the search box. Changed the way notes are stored so line breaks will not be stripped. #### 4.0.7 Fixing bug with login monitoring. IP v6 addresses were not properly being blocked. Added better notes when a user is blocked. #### 4.0.6 Updating scripts to use my new domain name for documentation links so plugins like wordfence don’t alert users. Updating readme to reflect compatibility with WP 5.1. #### 4.0.5 Fixed styling issue with jQuery UI dialog. Changed IP links in the admin to go to domaintools.com since they can handle IPv6 addresses. #### 4.0.4 Changed from using wp_get_sites to get_sites to remove a deprecated message and stop using a deprecated function. Changed functionality when updating the check interval for Project Honeypot and Spamcop lists. Now it will reset the timeout when a new interval is set. #### 4.0.3 Improved functionality to check blocked IP addresses on the SPamcop and Project Honeypot lists. #### 4.0.2 Fixed typo to correct DB prefix in activate function #### 4.0.1 Made change to ensure the activate function is called when a new version is released. #### 4.0 Added support for blocking IPv6 addresses. Added better support for blocking proxy addresses. Changed validation functionality to use filter_var for IP addresses. #### 3.2.3 Added temporary patch for IP v6 addresses. #### 3.2.2 Fixed bug with transient set and get for blacklist check. #### 3.2.1 Fixed bug that prevented IPs on the blacklist from being removed if they weren’t on the Spamcop or Project Honeypot lists anymore. Fixed a bug that moved the dialog box above the top of the screen during an ajax call. #### 3.2 Changed the process to hide usernames so that it processes 100 at a time. This way it doesn’t fail if there is a large number of users. Hid the option to show IP lists on individual sites from the settings page if the site is not a multisite install. #### 3.1 Forced user nicenames to be md5 hashed when usernames are hidden regardless of whether they match the user login or not. #### 3.0 Added option to change an authors user nicename to an md5 hash to hide their real username. Changed the plugin to be a network only plugin. Now all IP lists are managed at the network level for multisite installs. #### Full Changelog https://www.sterup.com/wordpress-plugins/honeypot-toolkit/changelog/ ## Meta * Version **5.0.4** * Last updated **2 months ago** * Active installations **400+** * WordPress version ** 4.6.0 or higher ** * Tested up to **6.9.4** * Languages * [Dutch (Belgium)](https://nl-be.wordpress.org/plugins/honeypot-toolkit/), [English (US)](https://wordpress.org/plugins/honeypot-toolkit/), and [Swedish](https://sv.wordpress.org/plugins/honeypot-toolkit/). * [Translate into your language](https://translate.wordpress.org/projects/wp-plugins/honeypot-toolkit) * Tags * [brute force protection](https://wordpress.org/plugins/tags/brute-force-protection/) [honeypot](https://wordpress.org/plugins/tags/honeypot/)[login monitor](https://wordpress.org/plugins/tags/login-monitor/) [project honeypot](https://wordpress.org/plugins/tags/project-honeypot/)[spam prevention](https://wordpress.org/plugins/tags/spam-prevention/) * [Advanced View](https://wordpress.org/plugins/honeypot-toolkit/advanced/) ## Ratings 4.5 out of 5 stars. * [ 7 5-star reviews ](https://wordpress.org/support/plugin/honeypot-toolkit/reviews/?filter=5) * [ 0 4-star reviews ](https://wordpress.org/support/plugin/honeypot-toolkit/reviews/?filter=4) * [ 0 3-star reviews ](https://wordpress.org/support/plugin/honeypot-toolkit/reviews/?filter=3) * [ 0 2-star reviews ](https://wordpress.org/support/plugin/honeypot-toolkit/reviews/?filter=2) * [ 1 1-star review ](https://wordpress.org/support/plugin/honeypot-toolkit/reviews/?filter=1) [Your review](https://wordpress.org/support/plugin/honeypot-toolkit/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/honeypot-toolkit/reviews/) ## Contributors * [ Jeff Sterup ](https://profiles.wordpress.org/foomagoo/) ## Support Got something to say? Need help? [View support forum](https://wordpress.org/support/plugin/honeypot-toolkit/) ## Donate Would you like to support the advancement of this plugin? [ Donate to this plugin ](https://www.sterup.com/donate/)