Honeypot fields
Invisible fields catch bots that fill in everything. Real visitors never need to think about them.
The classic layer ↗Spam protection for Contact Form 7
A small, focused WordPress plugin that quietly makes spam harder — without sending your visitors or their data anywhere else.
One plugin, several quiet signals
Most bots are noisy. Simple Honeypot gives your forms a few extra ways to tell the difference between a person and a script — while keeping the visitor experience simple.
Invisible fields catch bots that fill in everything. Real visitors never need to think about them.
The classic layer ↗Forms submitted impossibly fast are worth a second look. Set the threshold globally or per form.
A little friction for bots ↗An optional browser puzzle adds a small cost to automated submissions without slowing people down.
For the persistent ones ↗Block IPs and email patterns with wildcards or CIDR support. Keep the rules in your own dashboard.
Your rules, your call ↗See what was blocked, why it was blocked, and which forms are attracting the most noise.
Make the invisible visible ↗Checks happen on your server. No visitor tracking, data sharing, or third-party anti-spam account.
A calmer setup ↗A straightforward workflow
Visitors get a normal Contact Form 7 experience. You get sensible controls and a record of what your defenses are seeing.
Read the setup guideDrop [honeypot] into a Contact Form 7 form. No new service or account required.
Turn on timing, Proof of Work, and the rules that fit the site. Global settings can be overridden per form.
Review blocked events in the dashboard, tune the rules, and let legitimate messages keep moving.
A dashboard you can understand
See the controls, rules, forms, and reports in one familiar WordPress admin experience. No mystery settings hidden behind a separate platform.


Prefer to keep things simple? Start with the honeypot and add more layers when a site needs them.
Explore all featuresMade for the people behind the form
Whether you write the site, own the site, or look after a dozen of them, the goal is the same: fewer junk submissions and less maintenance.
Use WordPress hooks and a small, readable plugin that plays nicely with Contact Form 7, caching, and record-keeping plugins.
Browse the code ↗Get sensible defaults, clear settings, and a spam log that tells you more than “something went wrong.”
See common questions ↗Give clients a practical anti-spam layer without adding another monthly service or another dashboard to explain.
Plan an install ↗A few useful answers
Still curious? The full documentation and issue tracker live on GitHub.
Read the full FAQNo. The checks run locally on your WordPress site. There is no external anti-spam account, visitor tracking, or data sharing.
Usually not. Honeypot fields are invisible, timing checks happen quietly, and the default Proof of Work setting is designed to take roughly 50–100ms in a modern browser.
Yes. Add the [honeypot] tag to as many Contact Form 7 forms as you need, then use global settings or customize individual forms.
Add a rule from the Rules tab. IP rules support wildcards and CIDR notation, while email rules support wildcard patterns.
Ready when you are
Simple Honeypot is free, open source, and ready to try on the next WordPress site you touch.