Tricking WP login form spammers into thinking honey pot is a real WP login form

I’m creating a honey pot and I want to to trick WP form spammers into thinking it’s a real login form. I’m creating wp-login.php page and form with common WP fields. The CMS I’m using is a Symfony and the HTML fingerprint will be different, but does that matter?

What details should I pay attention to while working on this? What are bots looking for on a page to decide it’s a real WP login form?

I want to aim all bots, the more advanced the better.

This is a form I’ll be posting:

<form name="loginform" id="loginform" method="post">
    <p>
        <label for="user_login">
            Username or Email Address<br/>
            <input type="text" name="log" id="user_login" class="input">
        </label>
    </p>
    <p>
        <label for="user_pass">
            Password<br/>
            <input type="password" name="pwd" id="user_pass" class="input"></label>
    </p>

    <p class="forgetmenot">
        <label for="rememberme">
            <input name="rememberme" type="checkbox" id="rememberme" value="forever"> 
            Remember Me
        </label>
    </p>
    <p class="submit">
        <input type="submit" name="wp-submit" id="wp-submit" class="btn btn-default"
               value="Log In">
        <input type="hidden" name="interim-login" value="1">
        <input type="hidden" name="redirect_to" value="1">
        <input type="hidden" name="customize-login" value="1">
        <input type="hidden" name="testcookie" value="1">
    </p>
</form>

Read more here: Tricking WP login form spammers into thinking honey pot is a real WP login form

Leave a Reply

Your email address will not be published. Required fields are marked *