How to: Hidden PHP Form Field to Block Spam Bots

These are simple instructions on how to add a hidden text field in a HTML form that prevents spam or automated form submissions. The solution is for those using any kind of a PHP script such as a “contact form” plugin/extension for Joomla or WordPress.

In this example, I have edited the Core Design Perfect Forms plugin for Joomla to fit my needs. The idea is, that while automated robots fill in fields automatically, a hidden field which will not be seen by regular users will be left empty. Thanks to a bit of added PHP code, the submission will be prevented if the hidden form field has filled in content.

First, I added the hidden text field in my form. There are different ways to do this depending on your script. In the Perfect Forms plugin, there is a nice GUI where you can simply add custom HTML inside the form.

Custom HTML Text, Hidden PHP Form Field

The Code

<input style="display: none;" name="human" type="text" value="" />

It is also possible to use the following code, but it could be that some bots are designed not to fill in blatantly hidden input values.

<input name="human" type="hidden" value="" />

Then, we need to find the PHP file that is processing the form. In my case it was:

~/public_html/plugins/content/cdperfectforms/cdperfectforms.php

After this:

// no direct access
defined('_JEXEC') or die;

Added:

if($_POST['human'] != '') {
// do nothing
} else {
// continue with the script

And right in the bottom of the file where you have:

}
?>

Was changed to:

}
}
?>

And that should do it.

I saw some solutions which use Javascript, but it can be problematic if Javascript is not in use. This seemed the most straightforward solution, as only those who would have CSS disabled are being excluded.

Leave a Comment