Honeypot
A honeypot is a hidden form field that real users never see or fill in. Bots that blindly fill every field will populate it — and Formtorch scores those submissions as spam automatically.
It’s the lowest-friction spam protection available: no CAPTCHAs, no user interaction, zero impact on conversion rates.
How it works
When honeypot is enabled on a form:
- Formtorch expects a specific hidden field to be present but empty in every submission
- If that field contains any value, TorchWarden flags the submission as spam automatically
Real users never see the hidden field. Bots that auto-fill forms populate it and get caught.
Enabling honeypot
Open your form settings
In the dashboard , open your form → Settings → Spam Protection.
Toggle honeypot on
Enable the Honeypot toggle. No other configuration is required.
The hidden field
By default, Formtorch uses _honeypot as the field name. Add this to your HTML form:
<input
type="text"
name="_honeypot"
style="display:none"
tabindex="-1"
autocomplete="off"
/>You can also customize the field name. If you set a custom honeypot field name in your form settings, use that name instead of _honeypot in your HTML.
Make sure the honeypot field is visually hidden using CSS, not
type="hidden". Some bots skip type="hidden" fields but still fill visible
text inputs. Use display:none or visibility:hidden to keep it invisible to
users.
Custom honeypot field name
If you’re migrating from another form tool that uses a specific field name, you can set a custom honeypot field name in your form settings. Formtorch will watch for that field instead of _honeypot.
Combining with other protection
Honeypot alone catches most basic bots. For heavier spam pressure, combine it with:
- TorchWarden™ scoring — already runs on every submission
- Domain Restriction — block requests from unknown origins
- CAPTCHA — for high-value forms or persistent spam