Stop comment spam
WordPress allows visitors to interact with your website easily. Unfortunately, it’s too easy.
Because WordPress’s comment system is open and known, it attracts unwanted comments. These comments are often automatically inserted to share backlinks via meticulously crafted text-templates that can fool anybody. Websites with spammy content are seen as low-quality by your visitors and search engines alike.
Now, you could waste your time moderating the comments manually… or, you could use Honeypot.
A non-intrusive, privacy-first extension
The Honeypot extension is for catching robots, not humans. So, your visitors shouldn’t notice its presence.
Unlike CAPTCHA, a honeypot is hidden from visitors. So, your visitors don’t need to interact with Honeypot, vastly improving the user experience; Honeypot protects your site from spam in the background.
This extension protects all WordPress themes and plugins that implement the default WordPress comment forms — among WooCommerce product reviews — without sending any comment data to other services.
Honeypot also has an unmeasurably low server memory and CPU footprint, and it adds roughly 1kB to your pages.
Five powerful methods, zero false positives
Robots leave spammy comments via various techniques, and Honeypot counters almost all of them by adding five powerful barriers to your site.
Only a human that uses a modern browser can pass these tests:
- Static CSS-hidden fields using unique IDs. All bots that do not target WordPress specifically will fail this test.
- Randomized CSS-hidden fields using HTML5 and time-bound IDs. Targets the same bots as above, but other bots that wait (far) too long to comment will also get caught.
- Randomized JavaScript. Most bots don’t use a real browser that supports JavaScript, so they’ll fail this test. Humans that don’t use JavaScript will have to empty a field.
- Verification nonces. With this, bots can no longer abuse exposed endpoints in WordPress to leave comments.
- GPU timers. The bot must actually render the page to pass this test.
All five methods are built around randomization, so no robot can use deep-learning to bypass Honeypot. These methods combined block a broad spectrum of robot spamming techniques. Hence, Honeypot has a 99.99% catch-rate.