Skip to main content

Adding a honeypot to Rsforms Pro.

Adding a honeypot field to RSForm Pro is a good practice to help prevent spam submissions on your forms. A honeypot field is a hidden field that should not be filled out by a regular user but might be filled out by automated bots. When the form is submitted, you can check if the honeypot field is filled out, and if it is, you can treat the submission as spam.

RSForm Pro comes with the Hashcash Honeypot Antispam, this is a create first step to prevent form spam. It effectively blocks submissions without JavaScript. However, it is not a true honeypot.

Adding a Honeypot to a form is pretty simple and straight forward. It will block most automated submissions. Often the no-javascript block of hashcash is even  not necessary.

Method A

Useful if you have just a single form.

Step 1

Add a new field to your form. Give it some interesting name like 'url','website' or 'link'. Pick a name that is not used in your form.

In Validations leave required on 'No'

Step 2

Head over to form propertiesPHP ScriptScript called on form process and add to code below, replacing fieldname with the name of your field:

if (isset($_POST['form']['fieldname'])) {
    $invalid['honeypot']='Invalid';
}

Step 3

Last step is to hide the code

Head over to form propertiesCSS and Javascript ⇾ CSS and add the code below. Replacing fieldname with the name of your field.

You could add the code to your sites CSS as well. 

<style>
    .rsform-block-fieldname /*replace fieldname with the name of your field*/
     {
        position: absolute;
        left: -1000px;
    }
</style>

Method B

This method is more useful if you have a lot of forms.

Step 1

Create a file: [ROOT]/components/com_rsform/helpers/customvalidation.php and add the code below.

If the file already exists, add the function validationNotSet.

<?php

defined('_JEXEC') or die('Restricted access');

require_once dirname(__FILE__).'/validation.php';

class RSFormProCustomValidations extends RSFormProValidations
{
    public static function validationNotSet($value, $extra = null, $data = null)
    {
        if ($value == '') {
            return true;
        } else {
            return false;
        }
    }
}

Step 2

Add a new field to your form. Give it some interesting name like 'url','website' or 'link'. Pick a name that is not used in your form.

In ValidationsValidation Rule select validationNotSet, leave required on 'No'

Step 3

Hide the code as in Step 3 of Method A