Support » Plugin: Contact Form 7 Honeypot » I continue to get spam. Am I doing this right?

  • Resolved DaveKinskey


    I have tried adding Honeypot code to Contact Form 7 various times, but continue to get spam from the same one or two sources, so I’m wondering if I’m doing something wrong.

    1) In Contact Form 7, I generate a Honeypot tag.

    2) The generated tag is called, for example, honeypot-97.

    3) I change the name to Checkbox-97 (or Phone-97 or Date-97, for example).

    4) I also name the ID to match. (Checkbox, in this example)

    5) I paste the shortcode into the form: [honeypot Checkbox-97 id:Checkbox]

    6) I save the form.

    Since I still received spam, based on a suggestion by one user in this forum, I also tried adding the following code, but I still get spam:

    [checkbox* humancheckbox label_last “YOU MUST CHECK THIS BOX to show that you’re human.”]

    Should I also delete the number (-97, for instance) in the name of the honeypot? I think I tried that already, but that didn’t seem to work either. Am I missing a step? Or is there something else I should do?

    Thanks in advance.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Ryan


    Hi Dave,

    What you’re doing all appears correct. Perhaps try naming the honeypot element something more appealing to spambots — something like “email” or “website”

    Also, I would double check that the honeypot HTML is being generated. As I said, it looks like you’re doing everything right, but never hurts to be sure. Just view the source of the page the form is on and search the page for the ID you set. If it’s there, it’s likely ok.

    Thank you so much, Ryan, for your answer to my question. 🙂 I’ll try changing the field. From what you said, it sounds like if the name is not “enticing” enough, the spambots may ignore the trap.

    I’ll try changing the name of the honeypot element on my contact page,

    The current source code shows text that says, “Please leave this field empty.” Can’t the spambots read that in the source code? Is that a problem? Below is the source code from the page of the current honeypot element, before changing the name, as you advised.

    <p><span class=”wpcf7-form-control-wrap Checkbox-97-wrap” style=”display:none !important;visibility:hidden !important;”><input id=”Checkbox” class=”wpcf7-form-control wpcf7-text” type=”text” name=”Checkbox-97″ value=”” size=”40″ tabindex=”-1″ /><small>Please leave this field empty.</small></span></p>

    By the way, is it necessary to leave the “-#” in the honeypot name? The new honeypot name is Date-637 and I named the id “Date”. The new code inserted is: [honeypot Date-637 id:Date]

    Can I get rid of the number? Does it matter or not?

    The new source code on reads:

    <p><span class=”wpcf7-form-control-wrap Date-637-wrap” style=”display:none !important;visibility:hidden !important;”><input id=”Date” class=”wpcf7-form-control wpcf7-text” type=”text” name=”Date-637″ value=”” size=”40″ tabindex=”-1″ /><small>Please leave this field empty.</small></span></p>

    Plugin Author Ryan


    Hi Dave,

    Yes, exactly. I think the more a field resembles something a spambot would want to fill in, the more likely it would get stuck in the trap.

    Re: the numbers — it’s not strictly necessary to keep the # in there (either for the name or the ID), but is more a method to avoid conflicts with other IDs or form element names.

    The “please leave this field empty” text is for usability. I talked about the reasons for it recently in another thread. There are ways to remove it (see that thread), and I’m looking at adding new features in an upcoming version that gives more control to the user.

    Thanks again, Ryan! I’ll see how it goes with “Date-637” for now. If I still get some spam, I’ll try eliminating the number or making it just one digit, in case the spambots are programming to spot a “hyphen plus three digits” to avoid that field, since that’s the naming format Honeypot uses by default.

    Can there be a space between the name and the number? If not, I could also try changing the hyphen to an underscore in case the spambots are looking for that hyphen.

    Plugin Author Ryan


    Hi Dave, I don’t think you’ll need to worry much about the number tbh, as that’s default CF7 stuff, not honeypot stuff, so it’s unlikely a spam bot would be programmed to avoid it. If you continue to have trouble, try using “name”, “email” or “website” as the first part and then any series of letters/numbers for the second part (to assure it’s a unique identifier) and see if that improves things. “Date” might help, but is still a somewhat arbitrary or unlikely field for a spambot to want to fill in.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘I continue to get spam. Am I doing this right?’ is closed to new replies.