Is "display: none" correct for honeypot field?

  • Resolved rvc2

    (@rvconnelly)


    11 years, 1 month ago

    I’m trying to figure out why your plugin has not been working for this site: margaretnicholson.com. (wp ver: 4.2.1, CF7 Honeypot: 1.6.2)

    Using chrome’s Element Inspector, I see that the honeypot input field inherits these css style attributes: display:none and visibility:hidden. Visibility:hidden makes sense but doesn’t display:none remove the element from the layout so even bots cannot access it?

    Would appreciate your opinion on that. Thanks.

    https://wordpress.org/plugins/contact-form-7-honeypot/

Viewing 1 replies (of 1 total)
  • Ryan

    (@daobydesign)

    11 years, 1 month ago

    Hi. CSS can’t actually remove elements from the DOM. The form field is still there, it is just not displayed, nor does it take up any space in the visual appearance of the page rendered in the browser.

    The presumption of all honeypots is that a bot will ignore (or not load) CSS, and thus all CSS declarations are strictly for hiding the form field to (legitimate) end users.

    That said, if a bot is programmed to load CSS and disregard all fields that are invisible or hidden, then the honeypot will be effectively useless and more aggressive means of spam prevention (i.e. captchas) will be needed.

    Start by looking at what you’ve called the honeypot field though (in the CF7 form editor). Maybe try and make the name more tasty to spam bots by calling it “email” or “website” or something like that. There are a number of support threads here that talk about this.

Viewing 1 replies (of 1 total)

The topic ‘Is "display: none" correct for honeypot field?’ is closed to new replies.