Avoid Spam form submissions - (Easy way of form Anti-Spam) | Drupal 8

Avoid Spam form submissions - (Easy way of form Anti-Spam)

Submitted by editor on Thu, 03/16/2017 - 10:14

How to avoid spam contact form or other form submissions by robots (spam-bots) ?

Method 1. (Classical way)

Use a captcha system like Math captcha, Image captcha, reCaptcha of google....

Method 2. Use Honeypot

Honeypot use a very simple method to limit unwanted form submission by robots (any way, some robots can pass through this method). This method can block up to 98% of spam form submissions.

Concept of Honeypot.

By adding an invisible field to your forms that only spambots can see, you can trick them into revealing that they are spam bots and not actual end-users.

Here we have a simple checkbox that:

  • Is hidden with CSS.
  • Has an obscure but obviously fake name.
  • Has a default value equivalent 0.
  • Can't be filled by auto-complete
  • Can't be navigated to via the Tab key. (See tabindex)

Install / Implement Honeypot on drupal.

Just install and configure drupal Honeypot contrib module.

Install / Implement Honeypot on custom PHP Website.


<input type="checkbox" name="contact_me_by_fax_only" value="1" style="display:none !important" tabindex="-1" autocomplete="off">



On the server side we want to check to see if the value exists and has a value other than 0, and if so handle it appropriately. This includes logging the attempt and all the submitted fields.

In PHP it might look something like this:

$honeypot = FALSE;
if (!empty($_REQUEST['contact_me_by_fax_only']) && (bool) $_REQUEST['contact_me_by_fax_only'] == TRUE) {
    $honeypot = TRUE;
    // treat as spambot
} else {
    // process as normal

An Example of Honeypot php class for easy implementation.

PHP Class


class Honeypot {

  const FIELD_NAME = "contact_me_by_fax_only";

   * Get Honeypot form input field.
   * @return string
  public static function getHoneypot() {
    $field_name = self::FIELD_NAME;
    $form_input = '<input type="checkbox" name="' . $field_name . '" value="1" style="display:none !important" tabindex="-1" autocomplete="off">';
    return $form_input;

   * Check the form submission.
   * @return bool
  public static function checkHoneypot() {
    $honeypot = FALSE;
    $field_name = self::FIELD_NAME;
    if (!empty($_REQUEST[$field_name]) && (bool) $_REQUEST[$field_name] == TRUE) {
      $honeypot = TRUE;
    return $honeypot;



At the form creation:

  <?php print Honeypot::getHoneypot(); ?>

At the form submission:

if (Honeypot::checkHoneypot()) {
  // Probably a spam.
else {
  // Probably not a spam.


Source : http://stackoverflow.com/questions/36227376/better-honeypot-implementation-form-anti-spam

Add new comment

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.