Last updated August 21, 2011. Created by geerlingguy on July 28, 2011.
Log in to edit this page.
Honeypot uses both the honeypot and timestamp methods of deterring spam bots from completing forms on your Drupal site. These methods are effective against many spam bots, and are not as intrusive as CAPTCHAs or other methods which punish the user [YouTube].
Honeypot form protection
Honeypot form protection means that an invisible field is added to a form. If this invisible field is filled out (bots will usually put in a value), then the form will return an error. Normal users (read: human beings) won't ever see the field, so they won't fill it out. Even if they do, the field is labeled in such a way as to indicate the human shouldn't fill out the field.
This is not foolproof, though, as many spam bots can detect hidden fields, and they can also be adapted to work around a particular field on your site (this isn't typically the case for smaller sites, though). To prevent against this, you are able to change the field's name from the default, 'homepage', to whatever you'd like.
Time restriction
Humans usually take a few seconds (at least) before they are able to complete a form. Honeypot requires at least 5 seconds to pass (by default) before the form can be successfully submitted. This deters spam bots because they can't afford to sit around waiting until a time limit is up before resubmitting the form. You can change or disable the time restriction for the Honeypot module by visiting the Honeypot configuration page at admin/config/content/honeypot (Drupal 7) or admin/settings/honeypot (Drupal 6).
Bypass Honeypot Protection
For many users (administrators, for example), you might want to have honeypot protection turned off. You can go to the permissions page to grant the 'bypass honeypot protection' permission to trusted roles. The permissions page is located at admin/people/permissions (Drupal 7), or admin/user/permissions (Drupal 6).
Using Honeypot in your own forms
If you want to add honeypot to your own forms, or to any form through your own module's hook_form_alter's, you can simply place the following function call inside your form builder function (or inside a hook_form_alter):
<?php
honeypot_add_form_protection($form, $form_state, array('honeypot', 'time_restriction'));
?>Note that you can enable or disable either the honeypot field, or the time restriction on the form by including or not including the option in the array.