Contact Form 7 Honeypot
[resolved] Getting spammed a ton lately (5 posts)

  1. mikebang
    Posted 2 years ago #

    Honeypot has worked great for months and this last week I have been getting spammed a ton on CF7 forms. Any ideas or any updates released to the plugin to stop this? Seems like the bots have caught on...

    WP 3.7.3
    CF7 3.7.2
    HoneyPot 1.6


  2. Ryan
    Plugin Author

    Posted 2 years ago #

    I'd start by updating WP and CF7, you're a few versions behind on both. Next, I'd rename my honeypot fields to something more tantalizing to a bot (ie. "website", "url", "email" or something along those lines).

  3. Guenni007
    Posted 2 years ago #

    i renamed it to e.g. "age" and i use it with latest WP and CF7.
    But in deed i got some SpamMails (perhaps filled out by hand) but i guess they are bot replies. (All E-Mails came from ???@gmail.com)
    I think for bots the display:none and visibility:hidden infos are bad.
    Perhaps you can use the text-indent option and define a column height of 1px.
    If i deleted your css rules of display and visibility there is
    a text under the column: "Please leave this field empty"?
    Is this realy good?

  4. Guenni007
    Posted 2 years ago #


    .age-777-wrap input.wpcf7-form-control.wpcf7-text {
        border: medium none !important;
        height: 0;
        margin: -20px 0 !important;
        padding: 0 !important;
        text-indent: -999999px;

    and the advice in <small>Please leave this field empty</small>
    get rid of that.

  5. Ryan
    Plugin Author

    Posted 2 years ago #

    Hi Guenni007, all good suggestions that for now I cannot implement*.

    You're right that hidden elements are a flag for bots, and a potential way around a honeypot. The challenge with your CSS proposition is that while common, it's a hackish way of hiding elements with potential for failure on older browsers as well as the performance issues with forcing a user's browser to render a box 999999px wide.

    The "please leave this field empty" text is an accessibility feature so that if the field does happen to get displayed (ie., CSS doesn't load, screen readers, etc.) there are human-readable instructions and the form is still operational.

    On a single site, both of your suggestions are totally viable solutions for stopping spam, but to assure the widest-level of compatibility (currently 82,000+ downloads of this plugin), I need to consider how to best weigh usability/accessibility with spam protection.

    * That said, you've got me thinking that maybe I should variable-ize some of these things and thus allow the user to adjust via the form creator interface if they'd like. Look for these features in v1.7. Until then, you might want to look into the Altering the Honeypot Output HTML section on the Installation tab.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Contact Form 7 Honeypot
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic


No tags yet.