Trusted WordPress tutorials, when you need them most.
Beginner’s Guide to WordPress
25 Million+
Websites using our plugins
Years of WordPress experience
WordPress tutorials
by experts

How to Block Spam Comment Bots in WordPress with Honeypot

Editorial Note: We earn a commission from partner links on WPBeginner. Commissions do not affect our editors' opinions or evaluations. Learn more about Editorial Process.

Spam comments are a big pain in the ***. To prevent spam comments, bloggers end up taking strict measures such as requiring people to register or have everyone enter a captcha before submitting a comment. Spam prevention controls such as captchas, math quiz, and registration makes it difficult for regular visitors to comment. By implementing one of those methods, you are punishing the wrong crowd. A lot of spam comments are generated by bots, which are programs designed to comment on blogs and websites. There is a common saying that you can catch more flies with honey than with vinegar. It fits perfectly here as we are about to show you how you can block spam comment bots in WordPress with honeypot.

What is Honeypot?

Before we talk about honeypot, lets talk about how these spam bots work. WordPress is used by millions of websites. This means that millions of websites have similar HTML output for comment forms. This makes it easier for bots to find blogs and post spam comments.

Honeypot is a spam prevention technology. It tricks and traps spam bots into revealing themselves by giving them a challenge that human users can not see.

Unlike other spam prevention methods which uses techniques to find out of if a commenter is human, Honeypot checks to see if the commenter is a bot. Instead of giving a challenge to human visitors, it creates a fake challenge for the bots. When bots fill the challenge, they end up revealing themselves and are caught before they could post spam.

Blocking Spam bots in WordPress with Honeypot

First thing you need to do is install and activate WP Spam Fighter WordPress plugin. After activating the plugin, go to Settings » WP Spam Fighter to configure the plugin.

WP Spam Fighter Settings

Simply check the box next to the honeypot option and save your settings.

The plugin also offers timestamp method, which assumes that a human user will spend some time reading a post before leaving a comment. If a user tries to quickly post a comment, the plugin will show them a javascript popup.

The default options should work for most websites. However we advise you to review the configuration options before pressing the Save changes button.

How it Works

When honeypot is enabled, WP Spam Fighter will add a hidden form field into your comments area. This field will not be visible to human users, but bots will think of it as part of the form and fill it out, effectively indentifying themselves as spambots.

Remember that these methods do not protect you against against manually submitted spam which is entered by human visitors. You will still have to use a plugin like Akismet to catch those.

For more comment spam preventing, checkout our tips and tools to prevent comment spam.

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. See how WPBeginner is funded, why it matters, and how you can support us. Here's our editorial process.

Editorial Staff

Editorial Staff at WPBeginner is a team of WordPress experts led by Syed Balkhi with over 16 years of experience in WordPress, Web Hosting, eCommerce, SEO, and Marketing. Started in 2009, WPBeginner is now the largest free WordPress resource site in the industry and is often referred to as the Wikipedia for WordPress.

The Ultimate WordPress Toolkit

Get FREE access to our toolkit - a collection of WordPress related products and resources that every professional should have!

Reader Interactions

25 CommentsLeave a Reply

  1. Syed Balkhi says

    Hey WPBeginner readers,
    Did you know you can win exciting prizes by commenting on WPBeginner?
    Every month, our top blog commenters will win HUGE rewards, including premium WordPress plugin licenses and cash prizes.
    You can get more details about the contest from here.
    Start sharing your thoughts below to stand a chance to win!

  2. Gerard says

    You might want to search and advise for an alternative plugin. The one described here is getting severely outdated.

    • WPBeginner Support says

      Thank you for letting us know, we will certainly update any older articles as we are able :)


  3. rio says

    every day i got 10 spam comments. This is a good articles and i try to install this plugin but it not update for more than 2 years. Any other solution?

  4. Simon Lock says

    WP-Spam Fighter has now gone for more than 9 months without being upgraded. According to WordPress it has not been tested for WP4.4.

    Do you still advise installing this plugin or is there something else that is more up to date and known to work with WP4.4?

    Your wise counsel would be appreciated


  5. David Kinlay says

    I have been trying to get an answer re why every comments made on blogs returns to me stating that they are spam. Logged in to WordPress

  6. Sephora says

    Hi, nice articles. I wanted to download BotBlocker plugin but I realized that It haven’t been update for 3 years. I really the idea of challenge Bots instead of Humans. Do you know another plugin that can do the same ?

  7. GreaterLight says

    I have installed Stop Spam Registrations plugin per your other blog article here:

    My Akismet is doing a pretty good job of catching the spam COMMENTS but I am bleeding spam registrations.

    I have my API for BotScout applied and I have an account set up with HoneyPot. It is telling me I need to install a script on my site. I am trying to determine if I do indeed need to install the script if I am using the Stop Spam Registration plugin. Can you clarify? Thank you

  8. Eguide says

    Thank you so much for recommending this BotBlocker, it helps in stopping bot attacking my site, where there are over 79,000 of comments posted and approved without my knowledge! I then install delete all comment plugin to clear all comments. Cannot imagine what to do without this plugin to stop these bot on their track!

  9. Mike says

    Hi, how does this work with auto-complete tools, like the feature built into Chrome? Won’t the browser also wrongly detect the forms via their fake names and fill them in when the user chooses to autofill?

  10. Hans says

    Thought this would work, so I installed the plugin…….It doesn’t.
    It stops ALL entries.

    The last update for Bot Blocker was 275 days ago and questions are not being answered on
    Looks like it’s an abandoned plugin.

  11. Vivek says

    I wonder why articles in WPBeginners get very little comments though the article has been popular on Social media networks.

    • Editorial Staff says

      Mainly because we only approve helpful comments for the most part. If you leave comments like great plugin, or great tutorial like most folks do, we simply don’t approve them. The purpose of comments is to add value (i.e questions, thoughtful opinions, suggestions, personal experience, etc).


  12. Pete says

    I suppose it needs to be asked…
    “Manually submitted spam is submitted by human visitors. You will still have to use a plugin like Akismet to catch those. ”

    What’s the benefit with the honey pot method when Akismet will pick it up anyway?

Leave A Reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.