WordPress allows visitors to easily interact with your website. Unfortunately, it's too easy.
Because WordPress' comment system is open, it attracts unwanted comments. Such comments are often automatically inserted to share backlinks.
Websites with spammy content are rendered as low-quality by users and search engines alike.
To reduce comment spam, you could manually moderate the comments, but this is very time consuming.
The Honeypot extension stops automatically inserted comments, saving you loads of time while improving SEO.
A non-intrusive extension
Honeypot is for catching robots. Visitors shouldn't notice its presence.
Apart from other anti-spam techniques, like captcha or an answer field, a honeypot is hidden from visitors. This means the visitors doesn't need to interact with the anti-spam technique, improving user experience.
In short, your site is protected from spam in the background.
This extension also has an unmeasurably low server memory and CPU footprint, and it only adds roughly 160 bytes to your page's source. In other words: there's no performance difference with or without the extension.
All this makes the Honeypot extension favorable to other solutions.
Robots that leave spammy comments use different techniques leaving comments. To counter various techniques, four powerful blockades will be implemented on your site when you activate the Honeypot extension.
All methods include randomization, they prevent robots programmatically bypassing the checks.
All four methods combined block a wide overlapping spectrum of robot spamming techniques. Therefore, Honeypot has a 99.98% catch-rate.
First method: Static CSS
The Static CSS honeypot outputs a text field that must stay empty. Many robots are likely to fill in this field, marking their comment as spam.
To prevent robots from detecting this field, it's marked with a unique ID. This ID differs per site and per post. Therefore, this field is compatible with caching plugins and is difficult to detect.
Second method: Scoped Rotation CSS
The Scoped Rotation CSS honeypot works like the Static CSS honeypot. But, it requires robots to use HTML5.
Also, when no caching plugin is used, it will rotate its unique ID every 60 minutes, making it even more difficult to detect.
Third method: JS
- Label: "Comments for robots".
- Input: "Please remove this comment to prove you're human.".
- Placeholder: "You are human!".
Fourth method: Nonce
A nonce is a number that may only be used once. For this field, it may be used many times within a preset timeframe.
The Nonce honeypot is a form field that is automatically filled in by Honeypot. The nonce must unaffectedly be presented when the comment is sent. This prevents robots from using HTTP POST injection, which would otherwise allow them bypassing all other checks.
This field is unique per page, and is valid for 24 hours. When a caching plugin is used, this field stays valid for 10 days. To prevent expired keys, a new key will be generated in half of the allotted time, so a visitor can always comment within at least 12 hours.
This software package is bundled with the Extension Manager.
All you'll need to do is activate the Honeypot extension.
There is no setup required and no options are available.
WordPress has various discussion settings, through which you can fine-tune how comments are displayed and moderated.
These settings can be found at Settings -> Discussion.
Gotta catch 'em all
If you still receive a bunch of spam, consider combining this extension with an authoritative comment plugin, like Akismet.
Release date: TBA
- Fixed: Generated hashes now always start with an alphabetic character. Making the scoped field always disappear for users as intended.
- Improved: The CSS rotation field now uses a scoped style node, rather than inline styling.
- Changed: Moved the honeypot above the comment form, so spammers will more easily fill it in.
- Initial extension release.