Sometimes you don’t want to use captchas or “are you human questions” on your forms, well here’s a simply way to block the vast majority of bots posting to your website forms.

This quick technique is easy to implement and relies on that fact that bots are stupid and pick up on keywords and try to complete all the fields in a form.

The best way to stop bots is to always use a combination of techniques, such as captchas and IP address checking, but this method will help eliminate a lot of junk.

On your form simply include a hidden text field called something generic like “email” if you have an email field call it something obscure like “customcontact” eg:

<form method="post" action="/form">
<input type="text" name="customcontact" />
<input type="hidden" name="email" />
<input type="submit" value="GO" />
</form>

The bot will see the hidden email field and try to populate it. On you form validation, check to see if this field is empty:

if(empty($_POST['email'])) {
// you are a human
} else {
// you are a robot
}

If the field has something in it, a bot has made the submission so discard it.

If you find that this still doesn’t work try using CSS instead:

<form method="post" action="/form">
<input type="text" name="customcontact" />
<input type="text" name="email" style="display:none;"/>
<input type="submit" value="GO" />
</form>

The bot will see the field and try to populate it as it ignores CSS styles, an actual user won’t see the field so won’t be able to add anything to it.

This is not a fail-safe way to stop bots submitting your form, but will help reduce a number of rudimentary bot attacks on your forms.