Log in


  • Category: Site admin
  • License: GNU General Public License (GPL) version 2
  • Updated: 2012-12-4
  • Downloads: 708
  • Recommendations: 11


Previous releases:

Other Projects

View Mark's plugins

Honeypot Spam Catcher for Elgg 1.8

Catches spam filling out hidden input field on register and request password forms

by Mark
Last updated 520 days ago

Extends register and request password forms with an input field hidden to humans by CSS. Automated spam will fill this out and register will fail.

Includes option to get spammers email and username mailed to you.

If you dont use a white background on register form, change to color you use in plugin settings.

This will not completely prevent automated spam but adds another layer of protection and can be used in conjunction with captchas and spam login filter plugins.

Make sure to read README and please like us on facebook http://www.facebook.com/webintelligence.ie

Note: The new input is hidden behind div, rather than using absolute positioning and offsetting it by -2000px, because this produced better results when two methods were tested.

P.S. We've spent many hours creating free plugins for Elgg. Please take a minute to give something back by liking us on facebook http://www.facebook.com/webintelligence.ie


  • Andy1966uk 519 days ago

    What a brilliant idea. Will give it a go... thx

  • elgg!gal 518 days ago

    Seems like a good idea, installed.


  • Brett Ware 517 days ago

    Can you just make the background transparent?

  • iconMatrix 517 days ago

    @Brett you can open the css for that file and add this then ajust to your liking for the log on box

    filter:alpha(opacity=40); /* For IE8 and earlier */ 

  • Tom 517 days ago

    @ Brett Ware, to make the background transparent just Twizanex it. To see what I mean, look at this example here. Just open  the Honeypot Spam Catcher for Elgg 1.8 css and change it like this:

    /* From this width */  /* width: 500px;  */

    /* To this   */     width: 1000px;

    Let me know how it works for you

  • DhrupDeScoop 517 days ago

    'twizanex' ? is that similar to twizllers? or redvines ? which is closer ?

  • Tom 517 days ago

    @DhrupDeScoop, Twizanex is a: noun, verb, Twiza·nexed, Twiza·nexing. Twizanex is not similar to twizzllers, however, Red Vines Red twists flavor appears very similar or closer to Purple Vines Purple raspberry-flavored Twizanex.  %-(I)  (laughing out loud)                              

  • costakisc 517 days ago

    ohh, raspberry flavored sounds good

  • JasonWDTX 512 days ago

    Wow, this works very good. I went from over 50 spam registrations a day down to like 2 or 3 after I added this. 

  • Komarudin Surya 509 days ago

    I use Elegance theme on my site, where a register form using pop-ups. Can I use these plugins?

    Thanks for the answer ;D

  • Mark 508 days ago

    Yeah it will work

  • Roman 475 days ago

    something weird. I imitated spammer by typing 1 into new field (which is visible by the way) and all I got emailed is:

    The email address of the spammer is 1


    no IP address or username were emailed at me.

    elgg v1.8.6

  • Mark 475 days ago

    The plugin emails the email address filled in the fake field, rather than real email field. With automated spam, this is the same email address 99% of the time.

    The plugin doesn't email IP address, but could be done by integrating IP tracker plugin with this plugin..

  • Roman 475 days ago

    okay, then it's todo list. Interesting idea though. spambots cannot resist temptation, that's where comes honeypot.


  • elgg!gal 470 days ago

    Update to the Author: Honepot is a great spam catcher, after installing this 48 days ago, I haven't had any issues with spam since, and even disabled the captcha at registration. It stops the bots. :)

  • Jason Gregory 299 days ago

    Not showing in page source when activated for Cool theme by Stan Larroque, version 1.0.  Please advise on how to correct.

  • John 246 days ago

    I'm using the Honeypot plugin, but the hidden email field is visible with developer tools such as Google's Inspect Element. If you go to Facebook Sign Up page, there are hidden fields, but you won't see them even with developer tools because (I think) the input type of the fields is set to "hidden" not "text" as in the honeypot plugin. The purpose of hidding fields is to hide it from people completely whether visually or with the help of developer tools. If a spammer can see where your hidden fields are located using developer tools such as Firebug, he/she could tailor his/her spambot so that it avoids filling the "hidden" field. 

    Here is the HTML of the honeypot plugin: 

    <div class="email_cover"></div>
    <input type="hidden" name="email_address" tabindex="-1" /> 

    And here is the CSS of the honeypot plugin: 

    .email_cover {
           display: block;
           position: absolute;
           width: 1000px;
           height: 40px;
           background-color: <?php echo $color; ?>;

    I have tried to use <input type = "hidden"... and the hidden form has become invisible (as intended) but the <div class="email_cover"></div> of the form, and hence its location on the page, is being highlighed when I hover my mouse over the <div class="email_cover"></div> in the HTML panel of the Firebug. 

    Any hint/help is appreciated. 

  • kxx4 125 days ago

    will this work with the image captcha plugin?

  • S.Brady.Hussain 125 days ago

    yes it will and elgg hammer made by Tom

  • Luis Teran 109 days ago

    Holy crap This worked. It was very easy to install and I did not have to configure anything.