Skip to content

Instantly share code, notes, and snippets.

Last active September 27, 2023 01:10
  • Star 62 You must be signed in to star a gist
  • Fork 10 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
Simple honeypot for an HTML form using PHP
//check if form was sent
$to = '';
$subject = 'Testing HoneyPot';
$header = "From: $name <$name>";
$name = $_POST['name'];
$email = $_POST['email'];
$message = $_POST['message'];
//honey pot field
$honeypot = $_POST['firstname'];
//check if the honeypot field is filled out. If not, send a mail.
if( ! empty( $honeypot ) ){
return; //you may add code here to echo an error etc.
mail( $to, $subject, $message, $header );
<title>HoneyPot for HTML Form Example</title>
<form method="post" action="#my-form" id="my-form">
<!-- Create fields for the honeypot -->
<input name="firstname" type="text" id="firstname" class="hide-robot">
<!-- honeypot fields end -->
<input name="name" type="text" id="name" placeholder="Name" required><br>
<input name="email" type="email" id="email" placeholder="Email" required><br>
<textarea name="message" id="message" placeholder="Enter your message here" required></textarea><br>
<input type="submit">
Copy link

Now, I am trying to get the whole idea of this. How does the firstname input work as the honeypot field?

Copy link

unobatbayar commented Aug 16, 2021


Well, the firstname input is invisible thanks to the css, so an actual user won't be able see or fill it. Only way to fill it would be some sort of script so a spam script fills it as it sees it as an input. Therefore, it's a clever way to distinguish a person and a bot to prevent spam.

Copy link


Thanks for the response. I get it clearly now

Copy link

@wvlnsr, you'd add it to the same page as your form. It checks if there's been POST parameters and runs it through a check. If the firstname dummy field is filled it won't send the email to your address 👍

Copy link

Thanks for the response. I

Copy link

That worked like a charm.
I used only few lines in my ready made web post form - honeypot field and check
And few lines in html part.
Now will look how many will overcome.
But these spambots are crazy - as soon as I put website online, I got one spam per 2 min. Disaster.

Thanks to you for code!

Copy link

Yasso2023 commented Jan 18, 2023

Hello all,
I am also struggling with spam and looking for a way to get this problem under control.

I have a question about the code, is this exactly as specified above inserted on the same page as text or is this inserted under Contact form 7 (additional settings).

do I need to customize the code other than the placeholder texts?

Sorry for my simple questions.
Thanks in advance :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment