How to implement anti-spam measures using Honeypot in WordPress without plugins
- Published:
category: WordPress
Since WordPress is a blog + α site management tool, comment fields for posts are output as standard for most themes (Of course, you can set WordPress to not accept comments at all). ..
Since it is a post I wrote with much effort, I want a reaction if possible, so it is a problem to output a comment column because it is spamming. There may be some comments, but it’s the impression of each reader, so even if it can’t be helped, the real problem is that it’s written in English and has nothing to do with it.
Most of these types of comments are not actually manually entered and sent, but are mechanically found in the comment field and sent automatically. In the worst case, most of the comments awaiting approval are spam and difficult to organize.
To prevent this, there are standard WordPress functions such as creating a blacklist and preventing comments using a specific email address, but all of them must be received and seen once. However, most of the email addresses used for such actions are disposable, so it may not be possible to block them.
This method is for sorting spam comments sent mechanically as spam the moment they arrive, so it is impossible to completely prevent it, but some spam can be done by just adding a simple code. You can expect a comment prevention effect.
What is a Honeypot? Specific operation with this measure
Honeypot literally means “a jar with honey,” and as the word implies, it means to attract sweets.
The honeypot for comments created this time is intentionally provided with items that are invisible to the human eye (hidden) and that the machine does not think to be input, and if there is input there, high spam !! It is to judge. Specifically, the following mechanism is used to operate it.
- Create hidden (invisible) input items in the comment form
- Make a spam judgment based on whether there is an input in 1
- If it is determined to be spam in 2, move to the “spam” item.
In the case of spam, it seems that you can just throw it away, but I think you need to know how many spam comments are on the site, so I mark (move) it as a “spam” item.
By marking it as spam, it seems that the Akismet plugin etc. will be an element to be included in the target of spam judgment, so it may be better to leave the spam as it is when used together.
How to use Honeypot to instantly move a spam comment to a “spam” item
It is common to use a dedicated plug-in to prevent spam comments on your own, but you can implement it with unexpectedly simple code.
To implement it, just insert the following code into your theme’s functions.php.
/*** Added honeypot in the comment section ***/
/* Create a hidden item called confirmation input of the email address in the comment form */
function ha_add_honeypot($postID) {
echo '<p style="display:none">';
echo '<textarea name="confirmationmail" cols="100%" rows="10" autocomplete="off"> </textarea>';
echo '<label for="confirmationmail">' . __("Please enter your email address again for confirmation","ha-basic") . '</label>';
echo '</p>';
}
add_action('comment_form', 'ha_add_honeypot');
/* If there is input in the hidden item, move it to spam */
function ha_detect_honeypot($comment_status) {
if (!empty($_POST['confirmationmail'])) {
$comment_status = 'spam';
}
return $comment_status;
}
add_filter('pre_comment_approved', 'ha_detect_honeypot');
A brief description of the code
The above code uses two user-defined functions, “ha_add_honeypot” and “ha_detect_honeypot”.
In “ha_add_honeypot”, a text input item “confirmation mail” is provided at the bottom of the comment form, and an explanation “Please re-enter your email address for confirmation” is added.
The form item itself is invisible to the human eye by specifying “style =” display: none “”.
In “ha_detect_honeypot”, depending on whether or not there is an input in the dummy item created in “ha_add_honeypot”, if there is an input, it will move to the “spam” item at the same time as sending.
How to check if Honeypot is working properly
Since it cannot be confirmed as it is, rewrite the following (upper) code in “ha_add_honeypot” to the lower code once.
echo '<p style="display:none">';
echo '<p>';
I’m just setting display: none in the style, so I just want to turn it off.
Now display one of the posts that are accepting comments, actually enter it in the re-entry field of your email address, and then click the submit button.
After sending, click the comment on the management screen, and if the comment moves in the spam item, Honeypot is complete.
If you leave it as it is, the re-entry field of the email address will be displayed in all comment forms, so please restore it after confirmation.
As mentioned above, I was surprised that Honeypot can be implemented in the comment form with just this much code. You don’t have to register it somewhere with a plugin, so if this is enough, it’s easy.
As of May 25, 2021, I stopped the plugin I was using on the site I manage and put this code in its place, but all the sites have almost no spam in the first place (almost no comments … sad) Since it is only a site), the effect is unknown.
If you implement it on your site and it is effective, I would appreciate it if you could spread it on SNS etc.
- Tags:
- spam
Post Author: Knowledge Base Admin
Hello! I could have sworn I’ve been to this blog before but after browsing through some of the post I realized it’s new to me. Anyhow, I’m definitely happy I found it and I’ll be book-marking and checking back often!
I love your blog.. very nice colors & theme. Did you create this website yourself? Plz reply back as I’m looking to create my own blog and would like to know wheere u got this from. thanks