Honeypot for Contact Form 7


Diese einfach Erweiterung zum wunderbaren Plugin Contact Form 7 (CF7) fügt eine grundlegende Honeypot-Anti-Spam-Funktionalität hinzu, um Spambots ohne hässliches CAPTCHAs abzuwehren.

Das Prinzip eines Honeypot ist einfach – Bots sind dumm. Während mancher Spam von Hand erzeugt wird, kommt die große Mehrheit von Bots, die auf eine spezielle (großflächige) Art geschrieben sind, um Spam über die meisten bekannten Formular-Typen zu versenden. Auf diese Art füllen sie blind Felder aus, unabhängig davon, ob sie ausgefüllt sein sollten sind oder nicht. So fängt ein Honeypot den Bot – er führt ein zusätzliche Feld ein, und wenn dieses ausgefüllt ist, wird das die Einsendung als Spam markieren.

Additionally, as of version 2.1, the plugin also features an optional submission time check. This checks how long it takes to submit the form and if under a user-defined threshold, it rejects the submission as spam. This works under the idea (backed up by testing) that spam bots submit forms super fast (usually 1-2 seconds), whereas people take longer.


You will need Contact Form 7 version 3.0+ at a minimum. It is recommended to use version 5.3+ of CF7, for better spam logging. For the best results, we suggest always using the latest versions of WordPress and CF7.

We highly recommend Flamingo with CF7 and this plugin. Using Flamingo allows you to track spam submissions (via inbound messages / spam tab in Flamingo), showing you what got caught in the honeypot and why. Be sure to check your Honeypot settings to turn storing the honeypot on for this.


Support can be found here. Follow us on Twitter and on Facebook for updates and news.

Besuche die Contact Form 7 Honeypot Plugin Seite für mehr Informationen oder kaufe uns einen Kaffee, um Danke zu sagen.


This plugin does not track users, store any user data, send user data to external servers, nor does it use cookies. This is an addon plugin, and requires Contact Form 7. Please review Contact Form 7’s privacy policies for more information.


If you’d like to translate this plugin, please visit the plugin’s translate.wordpress.org page. As of v1.10, all translation is handled there. Version 2.0 brings a bunch of new strings in need of translation, so a huge thank you to the polyglots that contribute!


The latest version of this plugin is designed to work with the latest version of Contact Form 7 and WordPress. If you are using older versions of either, you’re best to find the version of this plugin released around the same time as the version you’re using. You can access older versions of this plugin by clicking Advanced View on the right of the plugin’s page and scrolling to the bottom of the plugin’s page. Use at your own risk. We strongly recommend upgrading to the latest versions whenever possible.


  • Global Honeypot Settings
  • Honeypot CF7 Form Tag Settings


  1. Installiere es mit der WordPress-Funktion „Plugin hinzufügen“ – suche einfach nach „Honeypot for Contact Form 7“.
  2. Stelle sicher, dass Contact Form 7 installiert und aktiviert ist. Dann aktiviere dieses Plugin.
  3. Bearbeite ein Formular in Contact Form 7.
  4. Wähle „Honeypot“ aus dem CF7 Tag Generator. Empfehlung: ändere die ID des Honeypot-Elements.
  5. Füge das generierte Tag irgendwo in deinem Formular ein. Das zusätzliche Feld wird mittels inline CSS vor deinen Besuchern versteckt.

Die Honeypot HTML Ausgabe anpassen [FORTGESCHRITTEN]

Während die Grundeinstellungen für die meisten Leute genügen sollten, haben wir mehrere Filter eingebaut, womit Du die Honeypot-Felder weiter anpassen kannst.
Die drei verfügbaren Filter sind:

  • wpcf7_honeypot_accessibility_message – Adjusts the default text for the (hidden) accessibility message (can now be done on the settings page).
  • wpcf7_honeypot_container_css – Passt das CSS an, das auf den honeypot Container angewendet wird um diesen versteckt zu halten.
  • wpcf7_honeypot_html_output – Passt die vollständige HTML Ausgabe des Honeypot Elements an.

Für passende Beispiele hierzu schaue dir bitte diesen Rezept Gist an.


Wird dieses Plugin allen Spam abhalten, den ich über Kontaktformulare bekomme?

Wahrscheinlich nicht. Aber es soll ihn so weit reduzieren, dass du auf zusätzliche Anti-Spam-Mittel verzichten kannst (CAPTCHA, Mathematikfragen, usw.).

Sind Honeypots besser als CAPTCHAs?

Dies hängt weitestgehend von der Qualität des CAPTCHAs ab. Unglücklicherweise werden schwerer zu knackende CAPTCHAs zunehmen benutzerunfreundlicher. Dieses Honeypot-Modul wurde geschaffen, weil ich es nicht mag, wenn CAPTCHAs meine Formulare zumüllen. Meine Empfehlung: Probier erst dieses Modul aus, und falls es nicht genügend Spam ausfiltert, wende komplexere Anti-Spam-Techniken an.

Can I use more than one Honeypot field in my forms?

You sure can, and many users have indicated this helps stop even more spam, as it increases your chances a bot will get caught in the trap. Just make sure each Honeypot field has a unique name.

Kann ich den HTML Code beeinflussen, den das Plugin erzeugt?

Jawohl! Schau Dir den Abschnitt Installation für mehr Details an und besuche diesen Gist für Beispiele.

Mein Formular wird mit einem W3C-Validierungswerkzeug nicht erfolgreich validiert

As of version 2.0, this shouldn’t be the case any longer. However, if it is for some reason, there is a simple work around. See here for details.

Does this plugin work with Flamingo?

You bet! If the honeypot trap is triggered, an email isn’t sent, but the form submission is added to the spam section of Flamingo so you can review what tripped things up.

Why do you have affiliate ads on your settings page?

I realize not everyone loves ads, but daddy’s gotta pay the bills. I’m extremely grateful to the numerous users that have donated to the plugin’s development over the years, and while that’s awesome, I don’t think donations will ever come remotely close to covering the time and effort it takes to maintain and support a plugin that now has nearly 1.5 million downloads and more than 300,000 active installs.


31. August 2022
the Plugin works got and so far it catched some spamy mails. But some are also going trough, are there any ways i can modify my Honeypot to filter more spam mails? thats my setup rn: [honeypot email validautocomplete:true move-inline-css:true timecheck_enabled:true]
27. Mai 2022
I receive about 10–20 spam messages a day. I've had this installed since mid April, and it says "honeypot has stopped 0 spam submissions". This is with the time check option enabled and the id changed, recommended in the documentation.
22. Mai 2022
My 5 wordpress sites have been spamless since using Honeypot for Contact Form 7. So much so, that I have entirely forgotten the aggravation that I once endured. And that is why this review is long overdue, I forgot to write it! There is another plus in using this plugin, I was able to uninstall google's recaptcha and no longer suffer the slow-down that recaptcha causes on every page and post. Thanks again!
22. Februar 2022
Its not working. I did everything i can on the youtube every possible solution but its not working still sending. Hi I think i found out that your plugin has a conflict to my https://wordpress.org/plugins/multiline-files-for-contact-form-7/ if this is activated.
Alle 103 Rezensionen lesen

Mitwirkende & Entwickler

„Honeypot for Contact Form 7“ ist Open-Source-Software. Folgende Menschen haben an diesem Plugin mitgewirkt:


„Honeypot for Contact Form 7“ wurde in 19 Sprachen übersetzt. Danke an die Übersetzerinnen und Übersetzer für ihre Mitwirkung.

Übersetze „Honeypot for Contact Form 7“ in deine Sprache.

Interessiert an der Entwicklung?

Durchstöbere den Code, sieh dir das SVN Repository an oder abonniere das Entwicklungsprotokoll per RSS.



Fixes small bug when enabling in bulk with other plugins.


Added new feature: additional submission time check to improve bot-stopping power! Also, fixed small HTML issue and tidied up shortcode interface.


Improved backwards compatibility. Solves issues when plugin installed on older versions of CF7.


Better error checking for missing config problems.


General code cleanup, better adherence to WP coding standards and fixes for i18n functions.


Replaced text domain constant with plain string for better i18n compatability.


Hotfix for issue with options not being set on upgrade.


A significant update with a bunch of new things. Please see the release notes.


Minor update to change name to comply with CF7 copyright notice.


Added do-not-store for when forms are stored in the DB (i.e. Flamingo). Improved wrapper ID masking and customization.


Zusätzliche Funktionalität für die Verbesserung der Anti-Spam-Wirksamkeit.


Introduces ability to force W3C compliance. See here for details.


Addresses accessibility concerns regarding a missing label and disables autocomplete to prevent browser autocomplete functions from filling in the field.


Aktualisierungen für Funktionen-/Klassenanpassungen in Zusammenhang mit CF7 4.6. Lokaler Sprachsupport entfernt, stattdessen wird translate.wordpress.org verwendet.


I18n support hinzugefügt, Französisches Sprachpaket. Danke chis-kns


wpcf7_honeypot_accessibility_message und wpcf7_honeypot_container_css filters hinzugefügt, i18n Unterstützung


Provides backwards compatibility for pre-CF7 4.2, introduces ability to remove accessibility message.


Quick fix release to fix PHP error introduced in 1.6.3.


Updates to accommodate changes to the CF7 editor user interface.


Small change to accommodate validation changes made in CF7 4.1.


Small change to accommodate changes made in CF7 3.9.


Quite a lot of code clean-up. This shouldn’t result in any changes to the regular output, but it’s worth checking your forms after updating. Also, you’ll note that you now have the ability to add a custom CLASS and ID attributes when generating the Honeypot shortcode (in the CF7 form editor).


Added filter hook for greater extensibility. See installation section for more details.


Update to make compatible with WordPress 3.8 and CF7 3.6. Solves problem of unrendered honeypot shortcode appearing on contact forms.


Update to improve outputted HTML for better standards compliance when the same form appears multiple times on the same page.


Small update to add better i18n and WPML compatibility.


Small update for W3C compliance. Thanks Jeff.


  • Erstveröffentlichung