Jamie Sefton | Web Developer

Stopping website spam

Posted: 13th Feb 2015

Stopping website spam

Spam can be a pain for developers and clients. Most spam emails come through from contact forms on a website. These are filled in by automated bots that populate your form with content and then submit it.

There are a few ways of stopping spam. The most common is using a captcha box were you have to enter the letters or numbers from a graphic. This does work well, but can be very annoying from a user point of view.

The one method I like to use is known as a honeypot method. This is basically having a blank input field with your form and using CSS to hide it with display:none. You then handle your validation with what ever language you prefer, mine is PHP. Within your validation you check to see if this hidden field has a value. If it does then it is spam because only a bot would actually see this input field and fill it in. This method will not stop 100% of spam, but it will help in reducing the amount.

Another easy method that beats the captcha is having a simple quiz. This method is commonly used with Contact Form 7 which is a WordPress plugin. This method involes having an input with a very easy question such as 30 + 2 = ? You would then use your validation to make sure this input field is equal to the correct answer. This seems to work well for now, but this isn't 100% either as bots could easily adapt to learn to answer this question correctly with the text on the page.

Either way, some or all methods will help reduce spam and it is essential to have server side validation as some bots will skip the physical form and try posting data directly to the processing file.

So, use validation and help reduce the amount of spam for your clients and then it will stop them complaining to you.