Spam has been plaguing the internet almost since the day it was invented. In recent years the issue has grown exponentially. At Formidable Forms, this issue is never far from our minds.
Major internet cornerstones like Google and Amazon are leading the fight against spam. Their clever electronic wizardry means that these days, very few messages from Nigerian princes offering a share of their fortune make it as far as my inbox.
This is why spammers are targeting online contact forms harder than ever before. It's vital that messages from your contact form reach you, and your form is setup to reliably deliver messages. So your contact form, if left unprotected, can easily become a spam highway. Contact form spam protection on your WordPress site has never been more important!
Formidable Forms has always been serious about spam protection
From day one, Akismet and reCaptcha integrations have helped prevent spam. Your comment blacklist joined that party more recently to help block more specific spam. Read more in the docs about your spam prevention options. Since our 2.03.05 release we've upped our spam fighting game yet again and introduced Honeypot protection to secure all your online forms!
This feature has been on our most requested list for a while now. We are delighted to announce its inclusion in both the Pro and the Lite versions of Formidable. Normally at this point I'd add a screenshot of the new settings for this feature, but this time there are no settings!
Automatic Honeypot spam protection for all your forms
Honeypot protection is now added to ALL of your Formidable Forms automatically, giving you added protection without any extra hassle. Most importantly, Honeypot spam protection does not affect user experience or conversion rates. It's completely invisible to the user.
So how does Honeypot spam protection work?
Honeypot spam protection is simpler than you might expect. It relies on the differences between what a human and spambot see on a webpage. It adds one additional form field to every form. This field is invisible to human users, but spambots can see it.
Because this field is invisible, it can't be filled out by real users.
This gives away a spambot. Real users won't see the field so they won't insert a value. Spambots see it in the form markup, auto-populate it with something, and submit it with the rest of the form. That's when Formidable instantly identifies it as spam and blocks it.
Is it time to ditch other spam protection options?
Unfortunately, that time is not here yet. Honeypot adds an additional layer of protection, but spambots are getting more clever every day. So we would never recommend using just honeypot protection alone on your WordPress contact forms.
Luckily Formidable supports the "one-click" reCaptcha and Akismet which is much more user friendly. Keep an eye out for the new Invisible reCaptcha. It will be making its way into your forms in the coming months, as a perfect solution for maximum protection with minimum impact on user experience.
How does honeypot do when users use an auto-populate widget from their browser. For a form asking for contact info, if a user auto-populates the fields with their browser widget, is there the chance the it could accidentally fill out that invisible field and render a legitimate entry as spam?
Because the honeypot field has no label, the auto-populate function can't match it with any of you standard saved inputs, so this issue is avoided.