Augie (a creative real estate investor) presented a spam prevention method idea which we’ve been talking about under a previous post this past week: HowTo Eliminate WordPress Trackback Comment And Pingback Spam. The basic idea is to provide an extra input field which is hidden to a user when viewed normally from the browser. This means if you check your form data when a submission is being processed, you can determine if the field is still empty. If it is filled out, then a bot must have auto filled the field.
Spam Field Details
The naming convention used on a hidden field should be named “email” or “url” to trick the bot. Your real email field will then of course need to be named something else. A small price to pay for less house cleaning.
Another key to all of this is to wrap your trap (haha) in a DIV so that the a bot cant tell that the field is hidden. Marking it with type=”hidden” on the input tag itself is a bit of a giveaway. Assigning an id or class to the div and specifying display:none; would cause the bot a lot of extra work which most probably aren’t programmed for. You could also use a built in id or class directly on the div to specify it as a hidden field.
Hidden Input Field Code
Here is an example of what your code would look like:
CSS code would look like this:
OR if you're doing it by the div:
Your form would look something like this:
<form method="post" action="yourformprocessor.php">
<div class="specialfield"><input id="email" type="text"></div>
<input id="realemail" type="text">
Using Hidden Fields
It isn’t too much of a stretch to add this to a custom solution or implement it into a WordPress comments or form plugins because id’s and classes are assigned to input fields by default. If you’re not already using a form plugin check out:
If I get enough requests I’ll write a post which explains how to implement this into WordPress comments in a similar manner in which I setup the Enhanced Numbered Equation CAPTCHA.
The More Spam Defense The Better
I don’t have a lot of experience in using spam bots, but this is a promising way to enhance our line of defense against spam. More importantly, its not intrusive on a users browsing experience. Unlike a CPATCHA, it requires a valid visitor to do nothing!
If you have any thoughts or comments, about this spam technique, leave them below.
Entrupeners, Subscribe for the lastest tools, tips, and tutorials.