Introduction
The Honeypot is a spam prevention method often preferred because it doesn’t inconvenience users like a captcha field would. It works by adding a hidden field to the form. Either CSS or JavaScript typically hides the field. Although a user can’t see these fields, the spambots can. If the honeypot field is filled in, the submission is treated as spam.
The honeypot feature is not new to Gravity Forms. Still, we have made some enhancements to improve its effectiveness while also adding user controls that will allow you to specify how the honeypot handles spam submissions.
Refer to this article for more information about the Fighting Spam article.
Enabling Honeypot
Refer to this article for more information about the Honeypot, including how to enable it and configure its settings.
Honeypot Changes
Enhanced Implementation Technique
The current PHP honeypot adds a hidden field to the form when the page loads, and if that field is populated, the honeypot considers the entry spam. This still exists and is not being replaced.
Additionally, we’ve implemented an extra JavaScript input that is added to the POST request when the form is submitted, so it would never be visible to a human. Still, submissions will fail validation if this extra input doesn’t contain the expected value.
New Filter
The gform_abort_submission_with_confirmation filter can be used to determine if submissions are aborted without saving the entry.
Troubleshooting
Because the new honeypot technique relies on JavaScript to populate an input when the form is submitted, any JavaScript error may cause the honeypot to fail validation. If the honeypot fails to pass validation, the entry will be discarded or marked as spam, according to your honeypot settings. Caching, script optimization, and theme or plugin conflicts may all cause the honeypot to fail. You can check for conflicts that prevent the honeypot feature from working correctly using these steps.