Spam protection for humans

In the last post I introduced captcha for Magento as a spam protection system for Contact form. Now it's time to introduce a better, simpler spam protection available as an extension for your Magento store.

Web users nowadays are used to entering letters and numbers from Captcha image, but it is still a complication that users of web forms don't deserve. They invested time in completing the form, and at the end you ask from them to prove that they are human. Funny isn't it?

That is the reason why IL Strong Captcha was created. It consists of only one checkbox that users have to click. With that click they prove their humanity.

One checkbox, nothing else.

Screenshot IL Strong Captcha

The extension for Magento can be found at the Magento Connect.

Get extension

Let me tell about technical stuff behind this extension. It uses concepts Checkbox captcha and Honeypot captcha, combined to make your Magento forms easy for the users and hard for spambots to break in.

Below are the explanations for those two capthas taken from a blog post that inspired me to create this extension.

Checkbox Captcha

It’s good that captchas stops spam, but it shouldn’t come at the cost of discouraging users from filling out your form. And clearly it does. The perfect catpcha is one that not only stops spambots, but does it without hurting your form conversion rate. That’s why the checkbox catpcha is the perfect captcha. It stops spambots without discouraging users from filling out your form. No other captcha does this.

Checkbox captcha pros

Most captchas are big and complicated. But the checkbox captcha is small and simple. All it takes is a checkbox generated with client-side Javascript. Spambots can’t check the checkbox because it’s only displayed to users on the client-side. Only users will be able to see and check the checkbox. When it’s checked, the form is allowed to go through. A checkbox captcha is smaller and less intrusive than traditional captchas. This makes it less intimidating for users when they see your form. Users don’t have to work hard to figure anything out. They don’t even have to type. All they have to do is simply check a checkbox to confirm they’re not a spambot. With a checkbox captcha, you’ll stop spam without stopping your users.


Honeypot Captcha

Another kind of captcha that is less intrusive than traditional captchas are honeypot captchas. They are second to checkbox captchas because advanced spambots can bypass them. They can also create accessibility issues for some users.

Honeypot catchas work by hiding a textfield from users through CSS. This textfield is left blank by users because they can’t see it. However, spambots will see it and fill it in. The form will reject the spambot’s entry, and will only accept entries that leave the textfield blank.

However, users that browse the web with CSS disabled (i.e. screen readers, text-only browsers, mobile devices) will see the blank textfield. This can confuse them and make them wonder what the textfield is for. It also goes against their habit and expectation of filling in textfields. If you label it properly, they probably won’t fill it in. But they probably won’t complete your form either due to the uncertainty it brings.

Honeypot catpchas also need careful and specific labeling. Certain spambots have learned to avoid honeypot textfields if they’re labeled in a way that tells users to avoid it. If you were to give the textfield a common label, such as “name”, it would trick the spambot into filling it in. However, it would also trick users who have CSS disabled into filling it in.

Honeypot captchas are difficult and complicated to get right. They’re certainly better than traditional captchas, but they aren’t perfect. They can stop some spambots, but not all. They can hurt your form conversion rate on users who browse your site with CSS disabled. If you can’t put a checkbox catpcha on your form, a honeypot catpcha is a good second option.


The extension for Magento can be found at the Magento Connect.

Get extension

comments powered by Disqus