Registration honeypot

A hidden “honeypot” field in your registration form is a great way to catch out signup bots and scripts – a bot or script will blindly enter text into the field, but humans won’t see it and, therefore, won’t 😉

Add the following to your (child) theme’s functions.php:

function add_honeypot() {
    echo '<div style="display: none;"><input type="text" name="system55" /></div>';
function check_honeypot() {
    if (!empty($_POST['system55'])) {
        global $bp;

That’s it! Don’t forget to add a page with the slug “spam-prevention” to your site which explains to the user that they did something that looks spammy…

4 thoughts on “Registration honeypot”

    1. Hey Peter :-)

      You know it’s working when spam registrations either decrease cosiderably or stop altogether :p

      That said, I just (after all this time…) noticed that there was a problem with the code above – WP munged the hidden form field because I didn’t escape the div. It’s fixed now. Apologies to the thousands of folk who’ve viewed this page already :-/


  1. Is this still working?

    I use security check (Buddypress) and BP registration.
    BP regisstration works best but you have to manually aprove registrations. I get 100-300 a day. To much work. I need a better solution.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>