[wp-hackers] Simple comment spam experiment

Aaron D. Campbell aaron at xavisys.com
Wed Apr 16 17:10:43 GMT 2008

I've used this "honeypot" technique in some forms, and it's pretty 
effective.  Giving it a name that most bots will recognize (such as 
"email") will increase it's success rate.  Also, in case CSS doesn't 
hide it, I give it a label like "If you are a real person, please leave 
this blank"

Lastly, you have to verify that the field was submitted, but blank.  
This helps to assure that your form was used, and filled in properly.

Shelly at WordPress wrote:
> >>You might also consider making a field that is not "hidden" except via
> CSS. This would prevent the form from showing up to anybody but a
> spammer might be more prone to fill it in.<<
> I'm sorry - that's what I meant :)
> It's *not* hidden, it's still text, but it's given a class so it's 
> hidden from view (and the label to it tells handicapped visitors to 
> leave it empty).  Sorry I should have been more clear on that!  It 
> does use CSS to "hide" it - but if it were automated in any way, then 
> it'd be filled in.
> I suppose you could even turn that field into a joke, and give it some 
> kind of false name to make spammers even more likely to fill it in..so 
> they don't just see a blank input field.
> Like I said, this is something I've wanted to *try* for a while, just 
> never took the time to do it.  Now I'm wondering if it would work :)
> ~Shelly

More information about the wp-hackers mailing list