Jump to content

How to enable Honeypot field in Comments Form for anti-spam


Recommended Posts

While working on the comments form of my blog, I thought to add an honeypot field in comments form to reduce spam. ?

Honeypot is simply an hidden field added to a form. Honeypot field can have any name and is made invisible normally with a css directive {display: none}. Web users, being unable to see the field, will not fill it, while spam bots majority will not detect its invisibility and will populate the field. Once the form is submitted with a not-empty honeypot field it is very likely we are dealing with spam. ? In this post you can find more details about honeypot technique.

While studying FieldtypeComments module and in particular CommentForm.php, to my great surprise ? I realized that PW already supports honeypot for Comments Form. ?? This feature has been introduced with PW 3.0.40. Normally this honeypot field is disabled, so it was enough to understand how to enable it! And as often is the case with PW ... it is super easy. ?

If in your profile you are directly working with CommentArray, you will just have to enable honeypot passing it as an option to the renderForm() function of CommentArray class, example below:

$comments->renderForm(['requireHoneypotField' => 'email2']);

And .. we are done! ?? If you will look at the html of your Comment Form you will see an additional line CommentFormHP, that's the hidden honeypot field.


In case you are using the Uikit 3 Site/Blog Profile, the renderForm() function is called in _uikit.php, ukCommentForm() function.

If you wish that honeypot field is applied to every comment form of your site, just add the requireHoneypotField option to the list at the function start:

  'errorMessage' =>
    __('Your comment was not saved due to one or more errors.') . ' ' .
    __('Please check that you have completed all fields before submitting again.'),
  requireHoneypotField' => 'email2',  // >>>>> ADD THIS LINE

Otherwise if you wish to add honeypot in comment form on selected templates only, do not modify ukCommentForm(), but pass the option requireHoneypotField when calling the function in your template:

ukCommentForm($comments, ['requireHoneypotField' => 'email2']);

Now that we enabled it, let test if honeypot works. ? 

In the browser development section let's select the honeypot field and disable css {display:none} to show it. A new field will appear:1399392365_ScreenShot2019-07-10at12_28_55.thumb.png.30654eac62946715ad0e9d15688e8874.png

If the spam bot is going to fill the field with a value and submit the form, an error is returned and comment will not be submitted ?


That approach is great as spam comments will not be even saved inside the table field_comments. ?

I hope this can be of help if somebody needs to enable this PW comments feature.

  • Like 9
  • Thanks 1
Link to comment
Share on other sites

  • 4 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...