Site spam is a thing that most Drupal developers have to deal with. Even if the site(s) you manage don't allow for non-admin authenticated users, we're willing to bet there are still some anonymous-facing forms, including the main site Contact form and probably a Webform or two.
We've built and maintained a large number of Drupal sites over the past decade+ and for the past few years, we've settled on the combination of Antibot and Honeypot for most sites. Both modules are well-maintained, have support for Drupal core versions 7-10, and minimally impact real users.
While Antibot requires that real users have Javascript enabled, both modules have easy-to-understand configuration settings, with reasonable default values. One nit-pick - we wish the module maintainers would put their configuration links in the same Admininstration menu sub-menu.
If you're fighting the good fight, we recommend this combination of contrib modules.
The pixel art image used in this blog post was generated by the DALL-E project of OpenAI.
Add new comment