WPBeginner

Beginner's Guide for WordPress

  • Blog
    • Beginners Guide
    • News
    • Opinion
    • Showcase
    • Themes
    • Tutorials
    • WordPress Plugins
  • Start Here
    • How to Start a Blog
    • Create a Website
    • Start an Online Store
    • Best Website Builder
    • Email Marketing
    • WordPress Hosting
    • Business Name Ideas
  • Deals
    • Bluehost Coupon
    • SiteGround Coupon
    • WP Engine Coupon
    • HostGator Coupon
    • Domain.com Coupon
    • Constant Contact
    • View All Deals »
  • Glossary
  • Videos
  • Products
X
☰
Beginner's Guide for WordPress / Start your WordPress Blog in minutes
Choosing the Best
WordPress Hosting
How to Easily
Install WordPress
Recommended
WordPress Plugins
View all Guides

WPBeginner» Blog» Plugins» How to Block Spam Comment Bots in WordPress with Honeypot

How to Block Spam Comment Bots in WordPress with Honeypot

Last updated on December 5th, 2014 by Editorial Staff
54 Shares
Share
Tweet
Share
Pin
Free WordPress Video Tutorials on YouTube by WPBeginner
How to Block Spam Comment Bots in WordPress with Honeypot

Spam comments are a big pain in the ***. To prevent spam comments, bloggers end up taking strict measures such as requiring people to register or have everyone enter a captcha before submitting a comment. Spam prevention controls such as captchas, math quiz, and registration makes it difficult for regular visitors to comment. By implementing one of those methods, you are punishing the wrong crowd. A lot of spam comments are generated by bots, which are programs designed to comment on blogs and websites. There is a common saying that you can catch more flies with honey than with vinegar. It fits perfectly here as we are about to show you how you can block spam comment bots in WordPress with honeypot.

What is Honeypot?

Before we talk about honeypot, lets talk about how these spam bots work. WordPress is used by millions of websites. This means that millions of websites have similar HTML output for comment forms. This makes it easier for bots to find blogs and post spam comments.

Honeypot is a spam prevention technology. It tricks and traps spam bots into revealing themselves by giving them a challenge that human users can not see.

Unlike other spam prevention methods which uses techniques to find out of if a commenter is human, Honeypot checks to see if the commenter is a bot. Instead of giving a challenge to human visitors, it creates a fake challenge for the bots. When bots fill the challenge, they end up revealing themselves and are caught before they could post spam.

Blocking Spam bots in WordPress with Honeypot

First thing you need to do is install and activate WP Spam Fighter WordPress plugin. After activating the plugin, go to Settings » WP Spam Fighter to configure the plugin.

WP Spam Fighter Settings

Simply check the box next to the honeypot option and save your settings.

The plugin also offers timestamp method, which assumes that a human user will spend some time reading a post before leaving a comment. If a user tries to quickly post a comment, the plugin will show them a javascript popup.

The default options should work for most websites. However we advise you to review the configuration options before pressing the Save changes button.

How it Works

When honeypot is enabled, WP Spam Fighter will add a hidden form field into your comments area. This field will not be visible to human users, but bots will think of it as part of the form and fill it out, effectively indentifying themselves as spambots.

Remember that these methods do not protect you against against manually submitted spam which is entered by human visitors. You will still have to use a plugin like Akismet to catch those.

For more comment spam preventing, checkout our tips and tools to prevent comment spam.

54 Shares
Share
Tweet
Share
Pin
Popular on WPBeginner Right Now!
  • How to Fix the Error Establishing a Database Connection in WordPress

    How to Fix the Error Establishing a Database Connection in WordPress

  • How to Start Your Own Podcast (Step by Step)

    How to Start Your Own Podcast (Step by Step)

  • Checklist

    Checklist: 15 Things You MUST DO Before Changing WordPress Themes

  • How to Properly Move Your Blog from WordPress.com to WordPress.org

About the Editorial Staff

Editorial Staff at WPBeginner is a team of WordPress experts led by Syed Balkhi. Trusted by over 1.3 million readers worldwide.

The Ultimate WordPress Toolkit

23 Comments

Leave a Reply
  1. Gerard says:
    Jul 1, 2019 at 12:39 pm

    You might want to search and advise for an alternative plugin. The one described here is getting severely outdated.

    Reply
    • WPBeginner Support says:
      Jul 1, 2019 at 1:13 pm

      Thank you for letting us know, we will certainly update any older articles as we are able :)

      Reply
  2. rio says:
    Jul 20, 2017 at 7:41 pm

    every day i got 10 spam comments. This is a good articles and i try to install this plugin but it not update for more than 2 years. Any other solution?

    Reply
  3. ramesh says:
    Dec 20, 2016 at 2:58 am

    How to find the fake Google Bots?

    Reply
  4. Simon Lock says:
    Dec 23, 2015 at 12:08 am

    WP-Spam Fighter has now gone for more than 9 months without being upgraded. According to WordPress it has not been tested for WP4.4.

    Do you still advise installing this plugin or is there something else that is more up to date and known to work with WP4.4?

    Your wise counsel would be appreciated

    Simon

    Reply
  5. David Kinlay says:
    Apr 6, 2015 at 5:53 am

    I am not sure why I can’t comment on articles in blogs, treating them as spam

    Reply
    • WPBeginner Support says:
      Apr 6, 2015 at 9:18 pm

      Your comment appears alright in our pending queue and not marked as spam :)

      Reply
  6. David Kinlay says:
    Apr 6, 2015 at 5:50 am

    I have been trying to get an answer re why every comments made on blogs returns to me stating that they are spam. Logged in to WordPress

    Reply
  7. Sephora says:
    Oct 25, 2014 at 8:16 pm

    Hi, nice articles. I wanted to download BotBlocker plugin but I realized that It haven’t been update for 3 years. I really the idea of challenge Bots instead of Humans. Do you know another plugin that can do the same ?

    Reply
  8. GreaterLight says:
    Jun 27, 2013 at 10:49 am

    I have installed Stop Spam Registrations plugin per your other blog article here: https://www.wpbeginner.com/plugins/how-to-stop-spam-registrations-on-your-wordpress-membership-site/

    My Akismet is doing a pretty good job of catching the spam COMMENTS but I am bleeding spam registrations.

    I have my API for BotScout applied and I have an account set up with HoneyPot. It is telling me I need to install a script on my site. I am trying to determine if I do indeed need to install the script if I am using the Stop Spam Registration plugin. Can you clarify? Thank you

    Reply
  9. Eguide says:
    Jun 21, 2013 at 9:21 am

    Thank you so much for recommending this BotBlocker, it helps in stopping bot attacking my site, where there are over 79,000 of comments posted and approved without my knowledge! I then install delete all comment plugin to clear all comments. Cannot imagine what to do without this plugin to stop these bot on their track!

    Reply
  10. Mike says:
    Feb 18, 2013 at 6:21 pm

    Hi, how does this work with auto-complete tools, like the feature built into Chrome? Won’t the browser also wrongly detect the forms via their fake names and fill them in when the user chooses to autofill?

    Reply
  11. Paul says:
    Jan 24, 2013 at 1:50 pm

    Who well does it do at blocking spam comments compared to Akismet?

    Reply
    • Editorial Staff says:
      Jan 24, 2013 at 2:11 pm

      Unlike Akismet, this doesn’t block manual spam comment. This is only for spam comment bots.

      Reply
  12. Hans says:
    Jan 24, 2013 at 9:47 am

    Thought this would work, so I installed the plugin…….It doesn’t.
    It stops ALL entries.

    The last update for Bot Blocker was 275 days ago and questions are not being answered on wordpress.org.
    Looks like it’s an abandoned plugin.

    Reply
    • Pablo says:
      Jan 25, 2013 at 11:24 pm

      Yep, same here. The only way I can post a comment is if I’m logged in as an admin or if the plugin is off.

      I’d be nice if someone here could help because the support forums seem abandoned.

      Reply
    • Denny Brown says:
      Jan 26, 2013 at 1:09 pm

      This is also my experience. Hans and I have both posted on the BotBlocker support page at http://wordpress.org/support/topic/plugin-botblocker-flagging-all-comments-as-spam

      Reply
  13. Vivek says:
    Jan 23, 2013 at 5:33 am

    I wonder why articles in WPBeginners get very little comments though the article has been popular on Social media networks.

    Reply
    • Editorial Staff says:
      Jan 24, 2013 at 3:50 am

      Mainly because we only approve helpful comments for the most part. If you leave comments like great plugin, or great tutorial like most folks do, we simply don’t approve them. The purpose of comments is to add value (i.e questions, thoughtful opinions, suggestions, personal experience, etc).

      Reply
  14. Pete says:
    Jan 23, 2013 at 4:39 am

    I suppose it needs to be asked…
    “Manually submitted spam is submitted by human visitors. You will still have to use a plugin like Akismet to catch those. ”

    What’s the benefit with the honey pot method when Akismet will pick it up anyway?

    Reply
    • Jacob says:
      Jun 14, 2013 at 2:24 am

      Those who self-host WP blogs have to pay for Akismet and may not want to do that.

      Reply
  15. Daniel says:
    Jan 22, 2013 at 8:37 am

    So I can use Honeypot and Akismet together with no issues?

    Reply
    • Editorial Staff says:
      Jan 24, 2013 at 4:22 am

      Yes, you should be able to do that.

      Reply

Leave a Reply Cancel reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.

Over 1,320,000+ Readers

Get fresh content from WPBeginner

Featured WordPress Plugin
PushEngage
PushEngage
Increase your website traffic & revenue with push notifications. Learn More »
How to Start a Blog How to Start a Blog
I need help with ...
Starting a
Blog
WordPress
Performance
WordPress
Security
WordPress
SEO
WordPress
Errors
Building an
Online Store
Useful WordPress Guides
    • 7 Best WordPress Backup Plugins Compared (Pros and Cons)
    • How to Fix the Error Establishing a Database Connection in WordPress
    • Why You Need a CDN for your WordPress Blog? [Infographic]
    • 30 Legit Ways to Make Money Online Blogging with WordPress
    • Self Hosted WordPress.org vs. Free WordPress.com [Infograph]
    • Free Recording: WordPress Workshop for Beginners
    • 24 Must Have WordPress Plugins for Business Websites
    • How to Properly Move Your Blog from WordPress.com to WordPress.org
    • 5 Best Contact Form Plugins for WordPress Compared
    • Which is the Best WordPress Popup Plugin? (Comparison)
    • Best WooCommerce Hosting in 2020 (Comparison)
    • How to Fix the Internal Server Error in WordPress
    • How to Install WordPress - Complete WordPress Installation Tutorial
    • Why You Should Start Building an Email List Right Away
    • How to Properly Move WordPress to a New Domain Without Losing SEO
    • How to Choose the Best WordPress Hosting for Your Website
    • How to Choose the Best Blogging Platform (Comparison)
    • WordPress Tutorials - 200+ Step by Step WordPress Tutorials
    • 5 Best WordPress Ecommerce Plugins Compared
    • 5 Best WordPress Membership Plugins (Compared)
    • 7 Best Email Marketing Services for Small Business (2020)
    • How to Choose the Best Domain Registrar (Compared)
    • The Truth About Shared WordPress Web Hosting
    • When Do You Really Need Managed WordPress Hosting?
    • 5 Best Drag and Drop WordPress Page Builders Compared
    • How to Switch from Blogger to WordPress without Losing Google Rankings
    • How to Properly Switch From Wix to WordPress (Step by Step)
    • How to Properly Move from Weebly to WordPress (Step by Step)
    • Do You Really Need a VPS? Best WordPress VPS Hosting Compared
    • How to Properly Move from Squarespace to WordPress
    • How to Register a Domain Name (+ tip to get it for FREE)
    • HostGator Review - An Honest Look at Speed & Uptime (2020)
    • SiteGround Reviews from 4196 Users & Our Experts (2020)
    • Bluehost Review from Real Users + Performance Stats (2020)
    • How Much Does It Really Cost to Build a WordPress Website?
    • How to Create an Email Newsletter the RIGHT WAY (Step by Step)
    • Free Business Name Generator (A.I Powered)
    • How to Create a Free Business Email Address in 5 Minutes (Step by Step)
    • How to Install Google Analytics in WordPress for Beginners
    • How to Move WordPress to a New Host or Server With No Downtime
    • Why is WordPress Free? What are the Costs? What is the Catch?
    • How to Make a Website in 2020 – Step by Step Guide
Deals & Coupons (view all)
DreamPress
DreamPress Coupon
Get up to 16% OFF on DreamPress's powerful WordPress Hosting.
Photocrati Coupon
Get 20% off on Photocrati premium photography theme for WordPress.
Featured In
About WPBeginner®

WPBeginner is a free WordPress resource site for Beginners. WPBeginner was founded in July 2009 by Syed Balkhi. The main goal of this site is to provide quality tips, tricks, hacks, and other WordPress resources that allows WordPress beginners to improve their site(s).
Join our team: We are Hiring!

Site Links
  • About Us
  • Contact Us
  • FTC Disclosure
  • Privacy Policy
  • Terms of Service
  • Free Blog Setup
  • Free Business Tools
Our Sites
  • OptinMonster
  • MonsterInsights
  • WPForms
  • SeedProd
  • Nameboy
  • RafflePress
  • Smash Balloon

Copyright © 2009 - 2021 WPBeginner LLC. All Rights Reserved. WPBeginner® is a registered trademark.

Managed by Awesome Motive | WordPress hosting by SiteGround | WordPress CDN by MaxCDN | WordPress Security by Sucuri.