Home/ Questions/Q 1041895
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-16T15:25:22+00:00

By honeypot, I mean more or less this practice: #Register form <style> .hideme{ display:none;

  • 0

By “honeypot”, I mean more or less this practice:

#Register form
<style>
    .hideme{
        display:none;
        visibility: hidden;
    }
</style>
<form action="register.php">
    Your email: <input type="text" name="u-email" />
    Choose a password: <input type="text" name="passwd" />
    <div class="hideme">
        Please, leave this field blank: <input type="text" name="email" />  #the comment is for text-browser users
    </div>
    <input type="submit" value="Register" autocomplete=off />
</form>

//register.php
<?php
if($_POST['email'] != ''){
    die("You spammer!");
}
//otherwise, do the form validation and go on.
?>

more info here.

Obviously, the real fields are named with random hashes, and the honeypot fields can have different names (email, user, website, homepage, etc..) that a spambot usually fills in.

I love this technique because it doesn’t cause the user to be annoyed by CAPTCHA.

Do any of you have some experience with this technique? Is it effective?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It works relatively well, however, if the bot creator caters to your page they will see that (or even have a routine setup to check) and will most likely modify their bot accordingly.

    My preference is to use reCaptcha. But the above will stop some bots.

    • 0