How to Stop Spam Form Submissions Without a CAPTCHA
By: Wil Helser
We’ve all seen it… Web form submissions with gibberish filled in the form fields. Personally, I don’t know what purpose it serves… I suspect the spam-bots think the form is a comment form or something. Whatever the case may be, it’s annoying. I’m going to show you a super simple way to stop that nonsense. All it takes is a couple lines of HTML, one line of CSS and a few lines of PHP. Easy right?
The first step is to add a form field that we’ll hide with CSS. Any regular user won’t be able to see this field, but spam-bots will see it just like any other field and will fill it out. Here’s an example:
The next step is to hide the field with CSS. Just set it to “display: none”.
Now, you just add a few lines to your form processing script to check if that field has been filled out. If it has, handle it however you want. In this example, I just tell the script to die, but you could log the IP and add it to your IP tables or anything you want really. Here’s an example of the PHP:
That’s all there is to it! I told you it was super simple. Obviously, this won’t do anything to stop spam that someone actually sits down and manually types in to your contact form, but every time I’ve implemented this on a site it’s cut the spam-bot spam down to none!