/* ------------------------------------------
Honeypot + Timer + Bot Header Detection
-------------------------------------------*/
// 1. Add hidden honeypot field
function brad_add_honeypot_field() {
echo '
';
}
add_action('comment_form', 'brad_add_honeypot_field');
// 2. Add timer field (bots are too fast)
function brad_add_timer_field() {
echo '';
}
add_action('comment_form', 'brad_add_timer_field');
// 3. Validate honeypot + timer + headers
function brad_advanced_spam_blocker($commentdata) {
// Honeypot check: bots fill this field
if (!empty($_POST['my_hp_field'])) {
wp_die('Spam detected (honeypot triggered).');
}
// Timer check: human takes > 2 seconds to comment
$start = isset($_POST['comment_start_time']) ? intval($_POST['comment_start_time']) : 0;
if ($start > 0 && (time() - $start) < 2) {
wp_die('Spam detected (too fast).');
}
// Bot header check: many bots have no user-agent
if (empty($_SERVER['HTTP_USER_AGENT'])) {
wp_die('Spam detected (no user agent).');
}
// Optional: block comments with too many URLs
$comment = $commentdata['comment_content'];
if (substr_count($comment, 'http') > 1) {
wp_die('Spam detected (too many links).');
}
return $commentdata;
}
add_filter('preprocess_comment', 'brad_advanced_spam_blocker');
