Registration Honeypot: A Simple WordPress Plugin to Combat Spam

photo credit: riekhavoc - cc
photo credit: riekhavoccc

If you’re new to WordPress, the sudden onslaught of spam that you receive upon opening registration can take you by surprise. Unless you have a solid plugin in place, open registration comes with the wearisome task of wading through new signups to put the axe to spammers who got through.

One of the common ways of combatting registration spam is to lay a snare at the doorstep of your site by creating a hidden field. Human registrants cannot see the field and therefore leave it blank. Spambots, however, will automatically fill out the field and get caught chasing the “honeypot.”

Registration Honeypot is a new free plugin that combats spambots using the tried and true honeypot method. There’s nothing to configure and no settings panel – simply activate it and leave it. Spammers caught in the act will see the following message:


While Registration Honeypot isn’t built around an original concept, it’s the simplified implementation that counts here. Justin Tadlock, founder of Theme Hybrid, created the plugin because he couldn’t find a simple honeypot plugin that wasn’t loaded down with extra, unnecessary settings.

“It’s an overly simple method for catching one type of spam,” Tadlock said in his plugin announcement post. “But it’s useful and handles a good 99% of all spam registration issues I’ve seen.”

If you’re on the hunt for a new plugin to combat registration spam and you want a quality plug-n-play solution, give Registration Honeypot a try. Like all other Theme Hybrid plugins, it’s available for free on It’s not going to stop 100% of spam registrations but it will shut down the bots who cannot resist the honey.


12 responses to “Registration Honeypot: A Simple WordPress Plugin to Combat Spam”

  1. Excellent! I wrote something almost identical to this a while back, but it was buggy and I hadn’t gotten around to optimising it yet. Just always writes briliant code, so I might just need to fork Justin’s code instead of fixing my own :)

  2. Sarah, thanks for the writeup. You actually found more to say about the plugin than I could in the plugin announcement post. I’ve been successfully using a less-polished version of this plugin for a couple of years on a few sites. It’s worked well for me so far. I hope some other folks get some use out of it.

      • Usually. I’ve seen some sites which get slammed even with that setup. If you throw in WP Hashcash, it kicks out a few more too, although in that situation you should use my plugin instead, as it combines Cookies for Comments and WP Hashcash into a single plugin which is slightly more efficient, since they don’t launch their payloads separately …

        Thankfully most bots are stupid and rely on the site having very little protection, but more aggressive ones can bypass these (as Otto calls them) “sporting methods”. At that point you are in spam hell and the best I’ve come up with is to use a CAPTCHA. Thankfully even a very basic CAPTCHA has been enough to stop all the spam I’ve seen, but I’m guessing more heavily targeted sites would need to jump through a lot of hoops to block the bots.

  3. Thanks for the plugin. Since our site will not have additional users self registering, in addition to this plugin I have changed the new user process to require a 600 character password. I’ll see if that stops the bogus new user registrations.


Subscribe Via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

%d bloggers like this: