Stop comment spam
WordPress allows visitors to interact with your website easily. Unfortunately, it’s too easy.
Because WordPress’s comment system is open and known, it attracts unwanted comments. These comments are often automatically inserted to share backlinks via meticulously crafted text-templates that can fool anybody. Websites with spammy content are seen as low-quality by your visitors and search engines alike.
Now, you could waste your time moderating the comments manually… or, you could use Honeypot, which does that in less than a thousandth of a second.
A non-intrusive, privacy-first extension
The Honeypot extension is for catching robots, not humans. So, your visitors shouldn’t notice its presence.
Unlike CAPTCHA, a honeypot is hidden from visitors. So, your visitors don’t need to interact with Honeypot, vastly improving the user experience; Honeypot protects your site from spam in the background.
This extension protects all WordPress themes and plugins that implement the default WordPress comment forms — among WooCommerce product reviews — without sharing comment data with anyone.
Honeypot also has an unmeasurably low footprint on server memory and CPU usage, it adds roughly 1kB to your pages.
Five powerful methods, zero false positives
Robots leave spammy comments via various techniques, and Honeypot counters almost all of them by adding five powerful barriers to your site.
Only a human that uses a modern browser can pass these tests:
- Static CSS-hidden fields using unique IDs. All bots that do not target WordPress specifically will fail this test.
- Randomized CSS-hidden fields using HTML5 and time-limited IDs. Targets the same bots as above, but other bots that scrape comment forms for postponed abuse will also get caught.
- Randomized JavaScript. Most bots don’t use a real browser that supports JavaScript, so they’ll fail this test. Humans that don’t use JavaScript are asked kindly to empty a field.
- Verification nonces. With this, bots can no longer abuse easily exposed endpoints in WordPress to leave comments.
- GPU timers. The bot must actually render the page to pass this test, blocking spam from many emulated browsers.
All five methods are entirely randomized and use secure authentication methods, so no robot can learn how to bypass Honeypot. These methods combined block a broad spectrum of robot spamming techniques. Hence, Honeypot has a 99.99% catch-rate. Now you can finally uninstall and delete Akismet.