phpwordpressspam-preventionhoneypotwpforms

How to create a custom honeypot for WP Forms?


I use WP Forms on WordPress, and I'm looking to add a custom honeypot as an extra layer of protection against an influx of spam.

In an attempt to achieve this in a simple and effective, I've created a name field in the form which is hidden display: none; - So in theory this should mean, If this field gets filled in, then it's most likely always going to be spam.

I believe I had this working, but it's come to my attention the form is no longer submitting regardless of the hidden name field true or false.

I'm unsure if it's due to a recent update with WP Forms plugin or an issue with the function I was using.

Does anybody know how to achieve this or advise any issues with this?

Thanks

function forms_custom_honeypot( $honeypot, $fields, $entry, $form_data ) {
    $honeypot_class = 'fancy-name-field';

    $honey_field = false;

    foreach( $form_data['fields'] as $form_field ) {
        if( false !== strpos( $form_field['css'], $honeypot_class ) ) {
            $honey_field = absint( $form_field['id'] );
        }
    }

    if( !empty( $entry['fields'][$honey_field] ) ) {
        $honeypot = 'Custom honeypot';
    }

    return $honeypot;

}
add_filter( 'wpforms_process_honeypot', 'forms_custom_honeypot', 10, 4 );

Credit to @billerickson for forms_custom_honeypot.


Solution

  • Just wanted to provide a quick update that I managed to solve the issue with the custom honeypot code working now with WPForms.

    Answer is that the custom honeypot was setup as a First Last with Name on WPForms then it doens’t work. However, once changed back to simple text field it works fine and logs fine.

    So, if you're following the work above, then Bill's recommendation is to always use the "Text" field and to avoid false positives give it a label that is not name or email because some users will let the browser pre-fill those in.

    enter image description here