How to Block Spam Comment Bots in WordPress with Honeypot

Last updated on January 22nd, 2013 by Editorial Staff

How to Block Spam Comment Bots in WordPress with Honeypot

Spam comments are a big pain in the ***. To prevent spam comments, bloggers end up taking strict measures such as requiring people to register or have everyone enter a captcha before submitting a comment. Spam prevention controls such as captchas, math quiz, and registration makes it difficult for regular visitors to comment. By implementing one of those methods, you are punishing the wrong crowd. A lot of spam comments are generated by bots, which are programs designed to comment on blogs and websites. There is a common saying that you can catch more flies with honey than with vinegar. It fits perfectly here as we are about to show you how you can block spam comment bots in WordPress with honeypot.

What is Honeypot?

Before we talk about honeypot, lets talk about how these spam bots work. WordPress is used by millions of websites. This means that millions of websites have similar HTML output for comment forms. This makes it easier for bots to find blogs and post spam comments.

Honeypot is a spam prevention technology. It tricks and traps spam bots into revealing themselves by giving them a challenge that human users can not see.

Unlike other spam prevention methods which uses techniques to find out of if a commenter is human, Honeypot checks to see if the commenter is a bot. Instead of giving a challenge to human visitors, it creates a fake challenge for the bots. When bots fill the challenge, they end up revealing themselves and are caught before they could post spam.

Blocking Spam bots in WordPress with Honeypot

First thing you need to do is install and activate BotBlocker WordPress plugin. After activating the plugin, go to Settings » BotBlocker Settings to configure the plugin.

The default options should work for most websites. However we advise you to review the configuration options before pressing the Save changes button.

How it Works

Botblocker will now replace the names of the form fields for your comment forms with random fields. For example it will replace name field with email. On the screen, your human visitors will see the email field and enter their email address. Instead of seeing the email field, the bots will see the name field and enter a name. WordPress will not process the comment until email is entered in the proper format.

It will also rename URL field, and textarea field names with random and commonly used form field names. Such as address, newsletter, zip code, etc. The spam bots will see these names and fill the form incorrectly which will reveal that the comment posted is actually a spam comment and will be marked as spam.

Botblocker does not give you protection against manually submitted spam. Manually submitted spam is submitted by human visitors. You will still have to use a plugin like Akismet to catch those.

For more comment spam preventing, checkout our tips and tools to prevent comment spam.

About the Editorial Staff

Editorial Staff at WPBeginner is a team of WordPress lovers led by Syed Balkhi. Page maintained by Syed Balkhi.

WPBeginner's WordPress Training Videos Free

Our HD-Quality tutorial videos for WordPress Beginners will teach you how to use WordPress to create and manage your own website in about an hour. Get started now »

GreaterLight

I have installed Stop Spam Registrations plugin per your other blog article here: http://www.wpbeginner.com/plugins/how-to-stop-spam-registrations-on-your-wordpress-membership-site/

My Akismet is doing a pretty good job of catching the spam COMMENTS but I am bleeding spam registrations.

I have my API for BotScout applied and I have an account set up with HoneyPot. It is telling me I need to install a script on my site. I am trying to determine if I do indeed need to install the script if I am using the Stop Spam Registration plugin. Can you clarify? Thank you
Eguide

Thank you so much for recommending this BotBlocker, it helps in stopping bot attacking my site, where there are over 79,000 of comments posted and approved without my knowledge! I then install delete all comment plugin to clear all comments. Cannot imagine what to do without this plugin to stop these bot on their track!
Mike

Hi, how does this work with auto-complete tools, like the feature built into Chrome? Won’t the browser also wrongly detect the forms via their fake names and fill them in when the user chooses to autofill?
Paul

Who well does it do at blocking spam comments compared to Akismet?
- http://www.wpbeginner.com Editorial Staff
  
  Unlike Akismet, this doesn’t block manual spam comment. This is only for spam comment bots.
Hans

Thought this would work, so I installed the plugin…….It doesn’t.
It stops ALL entries.

The last update for Bot Blocker was 275 days ago and questions are not being answered on wordpress.org.
Looks like it’s an abandoned plugin.
- Pablo
  
  Yep, same here. The only way I can post a comment is if I’m logged in as an admin or if the plugin is off.
  
  I’d be nice if someone here could help because the support forums seem abandoned.
- Denny Brown
  
  This is also my experience. Hans and I have both posted on the BotBlocker support page at http://wordpress.org/support/topic/plugin-botblocker-flagging-all-comments-as-spam
Vivek

I wonder why articles in WPBeginners get very little comments though the article has been popular on Social media networks.
- http://www.wpbeginner.com Editorial Staff
  
  Mainly because we only approve helpful comments for the most part. If you leave comments like great plugin, or great tutorial like most folks do, we simply don’t approve them. The purpose of comments is to add value (i.e questions, thoughtful opinions, suggestions, personal experience, etc).
Pete

I suppose it needs to be asked…
“Manually submitted spam is submitted by human visitors. You will still have to use a plugin like Akismet to catch those. ”

What’s the benefit with the honey pot method when Akismet will pick it up anyway?
- Jacob
  
  Those who self-host WP blogs have to pay for Akismet and may not want to do that.
Daniel

So I can use Honeypot and Akismet together with no issues?
- http://www.wpbeginner.com Editorial Staff
  
  Yes, you should be able to do that.