Don’t treat site visitors like spammers

Making your site visitors responsible for proving that they are, in fact, human is a bit of a dick move.

It’s no secret that I’m all about making websites more secure. But your business’s online security shouldn’t be at the expense of someone trying to visit your website. There are 2 ways you can protect your online forms — one makes it harder for your visitors + the other simply doesn’t.


Most of us all know + hate the captcha field. If you’ve ever struggled to figure out what letters or numbers are shown in an image so that you can proceed to the next step in some process, you’ve been asked to prove you are human by the site owner.
Captcha-properties // don't treat site visitors like spammers

image via gravityforms

The reason captcha works is that spammers + hackers typically use scripts or programs to gain access. Those scripts aren’t smart enough to decipher images, so they aren’t able to correctly fill in that form field — which keeps them out.
But the problem with captcha is that it doesn’t put the responsibility on the bad guys {the hackers}, it puts the responsibility on the folks trying to sign-up, purchase or reach out to the business. Those are not the type of people you want to put roadblocks in front of.


The alternative to captcha is honeypot. And while it may conjure up thoughts of childhood stories with Winnie the Pooh, honeypot isn’t so sweet for those trying to hack their way in.
In terms of a sign-up form or login, honeypot works by inserting a form field into the code that does not show on the actual page. The user trying to sign-up/buy has no idea it’s there. However, the hacker’s scripts that scan the page code will see it + try to add text to that field. When text has been entered there, the submission is rejected + everyone is kept safe.
Unlike captcha, honeypot keeps your site visitors from having to prove they are human + worth hearing from. The onus is on the hackers, where it should be.
Allow me to step off my soapbox for a second + explain that there may be situations where captcha is a much more beneficial route to go, but for small businesses + entrepreneurs with informational sites, blogs + small membership areas, honeypot is almost always enough to protect everyone.
The good news is that most systems already have honeypot built in. Just last week I added opt-in code from InfusionSoft + MailChimp that featured honeypot by default. And my favorite form plugin, Gravity Forms, has a checkbox that allows you to activate honeypot on any + every form.
So if you have any forms on your site {contact, opt-in, etc} replace any captcha settings + plugins with something that makes it easier on your site visitors + harder on the hackers.

on your keyboard hit enter to search or esc to close