Honeypot Extension

  • Resolved Anonymous User 14978628

    (@anonymized-14978628)


    6 years, 9 months ago

    Hi,

    I like the idea of using a honeypot as an additional layer of security.

    Could you please tell me, is there any benefit to using this honeypot if i have comments disabled on my website? Bad bots will still visit a site even if they don’t have comments, so i’m curious if having this would be beneficial?

    I have my pages cached, and because i don’t have comments enabled, that page cache is not set to expire. Page cache is only cleared if i do so manually. Would this be a problem with this extension?

    Also, i’m curious as to how the honeypot blocks bots? I understand how it works by setting a trap, but how does it actually block the bot? Does it ban the ip? And if so, how long does this ban remain in place?

    Thanks!

Viewing 1 replies (of 1 total)
  • Plugin Author Sybre Waaijer

    (@cybr)

    Hi @martychc23,

    My apologies for the late reply, it’s been quite busy with the releases.

    When you have comments disabled, WordPress will prevent users from posting comments.
    This effectively renders Honeypot redundant.

    The extension detects caching plugins through the WP_CACHE constant. When that’s detected, the rotational hashes expiration time is extended from 24 hours to 10 days.

    If you were to enable comments, with non-expiring page caching, then you’d have to adjust the non-dynamic the_seo_framework_honeypot_nonce_scale filter. The default value (in seconds) for the filter is 12 hours, and with caching enabled it’s 5 days.
    That filter modifies the rotation time of the hashes. The validity of such is twice the inputted time length, which is done to increase randomness.
    With the extension’s default settings, I recommend setting a page-cache expiry-time of at most 9 days, to prevent catching genuine commenters.

    The extension uses four anti-spam methods to catch spammers.
    When spam is detected through any of those methods, the comment’s approval state will be flagged as spam. This puts the comment in the spam overview automatically. No ban will be instated by the extension, and no additional data is logged.

    No data is collected by any service via the Honeypot extension, and we’re not planning to do so in a short timeframe.
    The extension is effective as-is. And, from the data we collected in the past 9 months, the catch rate is close to 99.999%. We’ve said 99.98% on the site as we expect some variance.

    I hope this (although technical) answer explains the lot. Let me know if you have any more questions ?? Cheers!

Viewing 1 replies (of 1 total)
  • The topic ‘Honeypot Extension’ is closed to new replies.

Tags