Project Honeypot is a distributed system used to identify spammers by feeding their bots with email addresses. When one of those addresses receives spam the IP address that scraped it is identified as a spammer. By adding their code to your site you are helping the whole Project Honeypot community deny spammers access to their sites and email servers. In turn the community is helping you to protect your sites and email servers.

Honeypot Toolkit

You can use this plugin to protect your website from spam comments, bots scraping your email addresses to be spammed, brute force login attempts, and hackers searching for vulnerabilities.

When the option is checked to use Project Honeypot it checks the Project Honeypot Http:BL with a DNS query in the background to see if the visitor’s IP address is on the list. You can set the minimum threat score and number of days since last seen. You can find out more information on the Http:BL at You will need to sign up for an access key at

After you sign up for Project Honeypot you can set up your honeypot script at and enter the URL on the settings page. Then your honeypot link will be randomly placed on your pages to get spambots to use it.

When the option to use Spamcop is it checks the Spamcop blacklist to block spammers. Their service does not require any special access or API keys. Just check the box to use Spamcop and everything is in place. This is done with a DNS query just like the Project Honeypot service. The only thing done on the backend is a query to your local DNS server.

Another function of this plugin is to monitor bad logins and 404 errors. You can set the maximum for both of these before an IP gets blocked, how long the IP will be blocked, and the amount of time the user has to reach the limit.

When a visitor is blocked an HTTP status code is returned. By default it is a 503 error so that it looks like your site has gone down. You can set the status code to a number of other codes if you want.