DIY Honeypot to Stop Spam Registrations


Here’s a really effective way to prevent registration form spam (and other forms) by using a simple honeypot.

Note: If you’re using Contact Form 7, there is a great plugin for that.


Our online form is being filled out by a bot, and being submitted. Not only is WordPress filling up with fake users, but in this case, WordPress is linked to a CRM and posted the users over to that system also, causing lots of admin for the team.


I can’t share the whole code, or even screenshots, but here’s most of it.

At the top of the form, we check:

// Is this spammy?
$spam = false;
$spam_messages = array();

//Check if form has been submitted
if($_POST) {

  // Check the time the form has existed. Less than the threshold means the form is filled too quickly, and probably spam
  $create_time = time();
  if ( isset($_SESSION["reg_form_create_time"]) ) {
    $create_time = $_SESSION["reg_form_create_time"];
  // Calc the time the form was on page
  $form_fill_time = time() - $create_time;

  // Was the form filled in too quickly?
  if ($form_fill_time < 5) {
    $spam = true;
    $spam_messages[] = "Form fill time too short: ".$form_fill_time." seconds";

  // Process the form details
  // Before we save the details, let"s check if they are spammy
  // == Spam Check ==
  // If we have spam, ignore, and redirect to the homepage
  if ($spam) {

    // Email the admin
    $message = implode($spam_messages, PHP_EOL);
    $message .= PHP_EOL . PHP_EOL . print_r($_POST, true);
    wp_mail("[email protected]", "Spam registration", $message);

    wp_redirect( home_url() );

  else {
    // Not spam

    // Email the admin
    $message = print_r($_POST, true);
    wp_mail("[email protected]", "Not spam registration", $message);



Change Default Image Size on Visual Composer Single Image

The Visual Composer Single Image component defaults the Image Size to ‘thumbnail’.  This really isn’t very useful, especially if your clients are using Visual Composer to build pages.

An Image Size of ‘large’, ‘medium’, or even a custom image size, is much more useful.

If you’ve set ‘large’ to be the same width as your main content area, the image will fit perfectly, and will also be great in smaller responsive areas.

There’s the code to re-map the Image Size default to ‘large’

// Re-map VC Single Image params
add_action('init', function()
  // Get VC Single Image shortcode config
  $single_img = WPBMap::getShortCode('vc_single_image');

  // Loop over config to find the param we want to change
  foreach($single_img['params'] as $key => $param)
    // This is our param
    if($param['param_name'] === 'img_size')
    // Add standard value for image size
    $single_img['params'][$key]['value'] = 'large';

  // VC doesn't like the thought of you changing the shortcode base, and errors out, so we unset it.

  // Update the parameter
  vc_map_update('vc_single_image', $single_img);
}, 100);

WordPress redirect https to http without SSL certificate

If your website has an invalid SSL certificate for your site (perhaps your shared hosting company has a wildcard certificate), most browsers will show a warning about the validity of the certiticate.

However, Google could still index your site using https: URLs, as it assumes you have a valid SSL certificate.

The problem is, if people click the links from Google, they get the browser warning.

Changes to your htaccess file wont work as.

Here is a php snippet you can drop into your theme functions.php. It redirects at the PHP level.

// Avoid SSL on Google
add_action( 'template_redirect', 'bhww_ssl_template_redirect', 1 );
function bhww_ssl_template_redirect() {
  $https = ( $_SERVER['HTTP_X_HTTPS'] == 'On' );
  if ( $https ) {
    if ( 0 === strpos( $_SERVER['REQUEST_URI'], 'http' ) ) {
      wp_redirect( preg_replace( '|^https://|', 'http://', $_SERVER['REQUEST_URI'] ), 301 );
    } else {
      wp_redirect( ‘http://’ . $_SERVER[‘HTTP_HOST’] . $_SERVER[‘REQUEST_URI’], 301 );

Assign a Tag to a Contact in Infusionsoft using Affiliates Pro

If you’re using Affiliates Pro, and Infusionsoft, you might want to tag the Infusionsoft contact for an affiliate, once they have signed up.

Here’s a handy function to do that.

Important: You need to installed the Infusionsoft SDK plugin first (or add the SDK to your theme yourself).

// Affiliate added
add_action( 'affiliates_added_affiliate', 'my_affiliates_added_affiliate' );
function my_affiliates_added_affiliate( $affiliate_id ) {

  global $wpdb;

  $groupid = 1601; // Set your tag id from Infusionsoft

  // Get the AffiliatesPro details from WP
  $affiliate = $wpdb->get_results("SELECT * FROM wp_aff_affiliates WHERE affiliate_id = $affiliate_id");
  $affiliate = current($affiliate);

  // Get the contact details from InfusionSoft
  $contacts = Infusionsoft_DataService::query(new Infusionsoft_Contact(), array('Email' =>   $affiliate->email));
  $found = array_shift($contacts);

  $contactID = $found->Id;

  // Got it

  // Add the tag in Infusionsoft
  Infusionsoft_ContactService::addToGroup($contactID, $groupid);