Using Honeypot for spam protection

Honeypot protection provides security mechanisms to protect your Developer Portal site from form submission by spam bots. If spam bot activity is detected, form submission is blocked.

Before you begin

You must have administrator access to the Developer Portal to complete this task.

About this task

Honeypot protection provides the following security mechanisms:
  • A hidden field, unseen by users, is added to the form. If a value has been entered in the field when the form is submitted then this indicates that the form was completed by a spam bot, and the submission is blocked. You can specify the name of the hidden field.
  • If the form is submitted before a specified time has elapsed (five seconds by default), it is assumed that this is too short a time for a human to have completed the form, and the submission is blocked. You can specify the time length.
Honeypot protection is provided by the Honeypot module, which is enabled by default.
Note: If you want to carry out automated testing of your Developer Portal, you might need to disable the Honeypot module, because Honeyspot spam protection is designed specifically to block automated Developer Portal usage. For details on how to disable a module, see Disabling modules.


To configure Honeypot for spam protection in the Developer Portal, complete the following steps:

  1. If the administrator dashboard is not displayed, click Manage to display it.
  2. Click Configuration in the administrator dashboard.
  3. In the CONTENT AUTHORING section, click Honeypot configuration.
  4. Specify the forms that you want to protect with Honeypot.
    1. To enable Honeypot protection for all the forms on your Developer Portal site, select Protect all forms with Honeypot.
    2. To choose which forms you want to protect with Honeypot, clear the Protect all forms with Honeypot check box, then select the required forms in the HONEYPOT ENABLED FORMS section.

    By default, Honeypot protection is enabled for all user management forms and all comment forms.

  5. To have details of all blocked form submissions written to the log file, select Log blocked form submissions.
  6. In the Honeypot element name field, specify the name of the hidden form field.

    The default field name is url. You need to change the value if your form already has a field of the same name. For the most effective protection, use a generic field name; for example, email, homepage, or link.

  7. In the Honeypot time limit field, specify the number of seconds that must elapse before it is assumed that a form is being submitted by a human rather than a spam bot. If the form is submitted before this time has elapsed then the submission is blocked.
    The default value is five seconds.
  8. When done, click Save configuration.