Skip to content
Spam catcher bundle for the Laravel framework
Find file


Honeypot - Form Defender

Honeypot is a Laravel framework bundle that uses the honeypot techinque to defend web forms. We put a fake form field in the form (hidden) with a common name which spam bots think is real. They fill it out and we check to see if it's filled in. If it is, we know a bot filled out the form.

We also include a second defence mechanism using a timestamp. If the form takes less that 5 seconds to fill in (you can configure the speed) we'll figure it's spam.


In your applications bundles.php put:

return array(
    'honeypot' => array('auto' => true),

Add the Honeypot fields to your form

{{ Form::open('save') }}

    {{ Form::honeypot('honey_field_name', 'time_field_name') }}
{{ Form::close() }}

Then use Honeypot's custom form validators to check your form date. Note the honeytime takes a number for the minimum seconds it should take to fill out the form for a human. If it takes less time than that we fail the test. For example:

$rules = array(
    'email'             => "required|email",
    'field_name'        => 'honeypot',
    'field_name_time'   => 'required|honeytime:5'

$validator = Validator::make(Input::get(), $rules);
Something went wrong with that request. Please try again.