Speed and Performance

  • Thomas Jarvis

    (@thomasjarvisdesign)


    3 years, 5 months ago

    As you probably know Recaptcha V2 and Even worse in V3 – Load large scripts that slow down websites and can be the difference between a pass/fail in web vitals.

    How does Honeypot compare?
    I imagine the speed impact will be much smaller. I assume it just adds a small script that times user input from first click?

    I currently advise clients to keep their contact form on one page and I use Recaptcha V2 instead because it only loads on pages that have a contact form. I then use some rules to prevent CF7 JS and CSS loading on every page.

Viewing 5 replies - 1 through 5 (of 5 total)

  • Hi @thomasjarvisdesign – the honeypot doesn’t use any JS, and it’s core mechanics are all quite quick. I haven’t done any specific load or stress tests with it, but I would be surprised if it added any load time at all to a page with a form on it.

    Thread Starter Thomas Jarvis

    (@thomasjarvisdesign)

    I’ll have to try it with one of the new sites I am working on. It would be nice to drop V2 as it is easily beaten by bots.

    Thanks Ryan.

    Thread Starter Thomas Jarvis

    (@thomasjarvisdesign)

    I have another couple of questions.

    If I turn on the timer.
    Is it from pageload or is it from interation with the form?

    I use a caching plugin – Will the timer information still work? Or will this get cached?

    I have a test running on my company website on the contact page:
    https://www.thinkjarvis.co.uk/contact/

    Moving from Recaptcha v2 to Honeypot has knocked 3 seconds off the LCP score for the page.

    I then tried adding the form to the home page and saw a minimial impact on page speed.

    Now leaving Honeypot running to see what impact it has over the next week and then I will roll it out to other sites on my servers.

    • This reply was modified 3 years, 5 months ago by Thomas Jarvis.

    Caching would likely be a problem with the time check, as the time is set (as a field) when the form loads, and then is checked when the form is submitted. If the form is cached, that value will always be quite old, and thus could register as a false negative (i.e. let bot submissions through).

    It is on my dev roadmap to switch this value to a session value, but this would also have problems with caching, as session values wouldn’t be set on a cached page.

    It could be stored using Javascript, but would be easily circumvented by bots not using javascript.

    It’s a tough use case to solve for, but I definitely agree, using with caching on the page is pretty essential. I’ll keep working on a solution.

    Thread Starter Thomas Jarvis

    (@thomasjarvisdesign)

    One last question.

    Can I add more than one honeypot field to the contact form?
    Does this still work?

    Caching:
    I imagine the timer is not working then.

    But the spam protection is working.

    I can either disable caching on the contact page or turn off the timer option so that it isn’t a problem.

    I will turn it off for now. The site that will eventually get this update has serverside caching so will definitely be a problem.

    • This reply was modified 3 years, 5 months ago by Thomas Jarvis.
Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Speed and Performance’ is closed to new replies.

Tags