Add Honeypot Protection

Convert Forms automatically protects your forms from spam by adding a hidden honeypot field to every form. This field is designed to trap spam bots, which fill out every form field. When the honeypot field is filled, the form submission is flagged as spam and blocked. Since most bots can’t distinguish between visible fields and the hidden honeypot, they fill it out, preventing the submission from going through.

This simple yet effective technique is widely used by web security experts and ensures that only legitimate submissions are processed, offering a powerful defense against automated spam bots.

How to Setup

To enable Honeypot protection on your form, follow these steps:

  1. Edit your form.
  2. Navigate to Behavior.
  3. Go to Security and Restrictions.
  4. Enable the Honeypot Protection option.

Add%20Honeypot%20Hidden%20Field%20to%20Joomla%20Forms

If a bot attempts to submit the form after filling out the honeypot field, the submission will be blocked, and an error message will appear. 

Honeypot%20Field%20Triggerd

Honeypot v1 (Deprecated Version)

This is the original version of the Honeypot, which relies on a fixed name for the honeypot field. It is the default version used by all forms but has now been deprecated. We strongly encourage you to use Honeypot v2 for better security and reliability.

Honeypot v2 is the enhanced version that provides better protection. It adds a honeypot with a unique name for each session, making it harder for bots to identify. This version is more secure because it injects the honeypot field via JavaScript, blocking bots that do not use JavaScript. Additionally, Honeypot v2 works very well with caching mechanisms like Page Cache or Conservative Cache since it is injected dynamically using JS.

Last updated on Mar 31st 2025 15:03