Registration honeypot

A hidden “honeypot” field in your registration form is a great way to catch out signup bots and scripts – a bot or script will blindly enter text into the field, but humans won’t see it and, therefore, won’t ;-)

Add the following to your (child) theme’s functions.php:

function add_honeypot() {
    echo '<div style="display: none;"><input type="text" name="system55" /></div>';
}
add_action('bp_after_signup_profile_fields','add_honeypot');
function check_honeypot() {
    if (!empty($_POST['system55'])) {
        global $bp;
        wp_redirect(home_url().'/spam-prevention');
        exit;
    }
}
add_filter('bp_core_validate_user_signup','check_honeypot');


That’s it! Don’t forget to add a page with the slug “spam-prevention” to your site which explains to the user that they did something that looks spammy…

2 Responses to Registration honeypot

  1. Peter says:

    I followed your instruction. How does one know if it is working?

    • Mattt says:

      Hey Peter :-)

      You know it’s working when spam registrations either decrease cosiderably or stop altogether :p

      That said, I just (after all this time…) noticed that there was a problem with the code above – WP munged the hidden form field because I didn’t escape the div. It’s fixed now. Apologies to the thousands of folk who’ve viewed this page already :-/

      Cheers,
      Mattt.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>