Add optional honeypot protection to your Wagtail forms.
Project description
Wagtail Honeypot
Add optional form spam protection to your Wagtail forms
It should help to reduce form spam by tricking bots into submitting data in fields that should remain empty.
How it works
When the Wagtail Form is submitted and the honeypot protection is enabled, the honeypot fields & values are available in the POST data.
It provides validation for a hidden text field that should remain empty and checks a time interval between the form being displayed and submitted.
If the form is submitted with content in the hidden field or before the interval expires the submission is ignored.
- No email is sent
- No submission is stored
Installation and setup
Add the package to your python environment.
pip install wagtail-honeypot
Add the package to your settings
INSTALLED_APPS = [
...
"wagtail_honeypot",
...
]
The HoneypotFormMixin & HoneypotFormSubmissionMixin
They will add a honeypot enable/disable field to your form page model and custom form submission method.
If you follow the official Wagtail docs for the Form Builder your form should look something like this...
from wagtail_honeypot.models import (
HoneypotFormMixin, HoneypotFormSubmissionMixin
)
class FormField(AbstractFormField):
page = ParentalKey("FormPage", related_name="form_fields")
class FormPage(HoneypotFormMixin, HoneypotFormSubmissionMixin):
intro = RichTextField(blank=True)
thank_you_text = RichTextField(blank=True)
content_panels = AbstractEmailForm.content_panels + [
FieldPanel("intro", classname="full"),
InlinePanel("form_fields", label="Form fields"),
FieldPanel("thank_you_text", classname="full"),
MultiFieldPanel(
[
FieldRowPanel(
[
FieldPanel("from_address", classname="col6"),
FieldPanel("to_address", classname="col6"),
]
),
FieldPanel("subject"),
],
"Email",
),
]
honeypot_panels = [
MultiFieldPanel(
[FieldPanel("honeypot")],
heading="Reduce Form Spam",
)
]
edit_handler = TabbedInterface(
[
ObjectList(content_panels, heading="Content"),
ObjectList(honeypot_panels, heading="Honeypot"),
ObjectList(Page.promote_panels, heading="Promote"),
ObjectList(Page.settings_panels, heading="Settings", classname="settings"),
]
)
If you prefer you could add the honeypot field to the content_panels rather than a new Tab
# replace
edit_handler = TabbedInterface(
[
ObjectList(content_panels, heading="Content"),
ObjectList(honeypot_panels, heading="Honeypot"),
ObjectList(Page.promote_panels, heading="Promote"),
ObjectList(Page.settings_panels, heading="Settings", classname="settings"),
]
)
# with
content_panels = content_panels + honeypot_panels
Run python manage.py makemigrations and python manage.py migrate here
Honeypot Template Tag
Add the following template tag loader to your form page.
{% load honeypot_tags %}
Add the Honeypot fields template tag anywhere inside the form
<form>
...
{% honeypot_fields page.honeypot %}
...
</form>
In your Wagtail site you should now be able to add a new form page, enable the honeypot field.
Test that the honey pot field works
- View the newly created form page.
- The honeypot field is visible and could be submitted with any value.
- Test it out by submitting the form with the honeypot field set to any value. It won't save the form submission or send an email if you have enabled that in your form page.
Hide the Honeypot field
The honeypot field should be invisible to when viewed in a browser.
Use CSS & JS to hide the honeypot field
The package has some basic css and javascript you can use to hide the field.
Example: add the following to your form template.
<!-- recommended:
to add both but you can use one or the other -->
{% block extra_css %}
<link rel="stylesheet" href="{% static 'css/honeypot.css' %}">
{% endblock extra_css %}
<!-- alternative:
but without the css above loaded first
the field could be seen for a flash while the page loads -->
{% block extra_js %}
<script src="{% static 'js/honeypot.js' %}"></script>
{% endblock extra_js %}
The field should be visibly hidden and not be available to receive any value from a site visitor.
When rendered, the fields will have the HTML attributes
tabindex="-1" autocomplete="off"to prevent a site visitor from using the tab key to move to the field and disable any autocomplete browser functions.
Developer Documentation
Developer Docs for detailed help.
Versions
Wagtail honey pot can be used in environments:
- Python 3.9+
- Django 4.2+
- Wagtail 5.1+
Contributions
Contributions or ideas to improve this package are welcome.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file wagtail_honeypot-1.2.0.tar.gz.
File metadata
- Download URL: wagtail_honeypot-1.2.0.tar.gz
- Upload date:
- Size: 10.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 9d5fb3af8c2803bc1e6ce8651d474c65bbc7048ab8d3db3c858b9adedc6ec064 |
|
| MD5 | 57d15b2e364d41c63104622c7e48ebeb |
|
| BLAKE2b-256 | 51efa80d992444174da89a2e66156d199e57900a5ed742fe6bca61395790ef30 |
File details
Details for the file wagtail_honeypot-1.2.0-py3-none-any.whl.
File metadata
- Download URL: wagtail_honeypot-1.2.0-py3-none-any.whl
- Upload date:
- Size: 7.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 19683ec6f62d1a9ff1086bf387dcab35679f95efc31a1bb7bebb3490861337d2 |
|
| MD5 | b64921cb8b50b45d4324a3a6896dcba2 |
|
| BLAKE2b-256 | 3a4ba305a6ddc6741877dfc337b6df61fbdbb2ca0acaa9a7d28381769db6b9a6 |
