Jump to content
Edison

How to enable Honeypot field in Comments Form for anti-spam

Recommended Posts

While working on the comments form of my blog, I thought to add an honeypot field in comments form to reduce spam. 🤨

Honeypot is simply an hidden field added to a form. Honeypot field can have any name and is made invisible normally with a css directive {display: none}. Web users, being unable to see the field, will not fill it, while spam bots majority will not detect its invisibility and will populate the field. Once the form is submitted with a not-empty honeypot field it is very likely we are dealing with spam. 😜 In this post you can find more details about honeypot technique.

While studying FieldtypeComments module and in particular CommentForm.php, to my great surprise 👀 I realized that PW already supports honeypot for Comments Form. 🍾🍾 This feature has been introduced with PW 3.0.40. Normally this honeypot field is disabled, so it was enough to understand how to enable it! And as often is the case with PW ... it is super easy. 😎

If in your profile you are directly working with CommentArray, you will just have to enable honeypot passing it as an option to the renderForm() function of CommentArray class, example below:

$comments->renderForm(['requireHoneypotField' => 'email2']);

And .. we are done! 🍾🍾 If you will look at the html of your Comment Form you will see an additional line CommentFormHP, that's the hidden honeypot field.

1204309510_ScreenShot2019-07-10at12_22_10.thumb.png.2dda4eb28599cb9d9ce75bc909811333.png

In case you are using the Uikit 3 Site/Blog Profile, the renderForm() function is called in _uikit.php, ukCommentForm() function.

If you wish that honeypot field is applied to every comment form of your site, just add the requireHoneypotField option to the list at the function start:

...
  'errorMessage' =>
    __('Your comment was not saved due to one or more errors.') . ' ' .
    __('Please check that you have completed all fields before submitting again.'),
  requireHoneypotField' => 'email2',  // >>>>> ADD THIS LINE
);
...

Otherwise if you wish to add honeypot in comment form on selected templates only, do not modify ukCommentForm(), but pass the option requireHoneypotField when calling the function in your template:

ukCommentForm($comments, ['requireHoneypotField' => 'email2']);

Now that we enabled it, let test if honeypot works. 🧐 

In the browser development section let's select the honeypot field and disable css {display:none} to show it. A new field will appear:1399392365_ScreenShot2019-07-10at12_28_55.thumb.png.30654eac62946715ad0e9d15688e8874.png

If the spam bot is going to fill the field with a value and submit the form, an error is returned and comment will not be submitted 😎

1389045056_ScreenShot2019-07-10at12_29_26.thumb.png.92b5d5acc8ddf2ded1519129d672b78d.png

That approach is great as spam comments will not be even saved inside the table field_comments. 🤪

I hope this can be of help if somebody needs to enable this PW comments feature.

  • Like 8
  • Thanks 1

Share this post


Link to post
Share on other sites

Great share, @Edison I will definitely test this in my next profile. How would I add the honeypot if I am using custom forms and modifying the module placing it in /site/modules/FieldTypeComments ?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...