3. ⚙️ Configuration: Protecting Your Magento Forms

The power of the JaJuMa Honey Spam Anti-Spam extension lies in its granular, per-form configuration.
This allows you to apply the perfect level and type of protection to each form, from your customer registration page to your contact form.

To begin, navigate to
JaJuMa -> Honey Spam Anti-Spam -> Honey Spam Forms
in your Magento Admin Panel.
This grid is your central hub for managing spam protection across your site.

3.1 🔧 Getting Started: Adding a Form for Protection

To apply spam protection to a new form, simply click the Add New Form button in the top-right corner. This will take you to the form configuration page where you can define the specific protection rules and actions for that form.

3.2 📌 General Form Settings

The first step in configuring a form is to define its basic settings.

Enable / Disable Form

This is the master switch for the specific form you are configuring.

• Enabled: The Honey Spam extension will be active for this form.
• Disabled: The extension will ignore this form, and no spam checks will be performed.

Select Form (Form ID)

Use this dropdown to specify which form you want to protect. The extension comes pre-configured to recognize Magento's default forms:

• Customer Registration
• Newsletter Registration Form
• Contact Form
• Product Review Form
• Search Header Form
• Ajax Search Suggestion
• Advanced Search Form
• Checkout Form
  or
• Custom Form

If you need to protect a form that is not on this list (e.g., a custom RFQ form or a third-party extension's form), select Custom Form.
This will reveal additional fields required for integration.
For a detailed walkthrough, see our guide on How to Protect Custom Magento Forms.

3.3 🚫 Configuring the Action on Spam Detection

When the extension detects a submission as spam, you have full control over what happens next.
This choice represents a strategic decision:
Do you want to be a "Silent Guardian" that gives bots no feedback, or an "Active Blocker" that informs potential users of an issue?

• Show a Global Message (Active Blocker):
  To show a message, set Redirect to Error Page to No.
  Then, enter the text you want to display in the Message field. This is the recommended approach for forms like "Contact Us" where a legitimate user might accidentally be flagged, as it provides them with immediate feedback without a jarring redirect.

• Redirect to an Error Page (Active Blocker):
  To redirect the user, set Redirect to Error Page to Yes.
  Then, enter the URL key for your desired CMS page (e.g., spam-error) in the Error Page Url field. This is a more forceful way to handle blocked submissions.

• Do Nothing (Silent Guardian):
  To silently discard the spam without providing any feedback to the spammer,
  set Redirect to Error Page to No and leave the Message field blank.
  This is the best strategy for high-confidence spam blocking (like on a newsletter signup form) as it prevents bots from learning that their submission was blocked.

3.4 🕶️ Enabling Your First Layers of Defense

These two foundational techniques are easy to enable and highly effective at stopping the vast majority of common automated spam.

Honey Spam Hidden Field

This technique adds an invisible form field that only bots will fill out.

• Enable Honeyspam Hidden Field: Set to Yes to activate this feature.
  This is highly recommended as a baseline defense.
• Name of the hidden form field: You can define a custom name for the hidden field.
  While the default is usually fine, you can change it if needed.

⚠️ Warning:
Ensure the name you choose for the hidden field is not already in use by another field in the form
(e.g., name, email).
Using a duplicate name can cause conflicts and prevent the form from working correctly.

Form Submit Time Check

This technique is more than just a timer; it functions as a clever "inverted honeypot." The extension embeds a hidden field containing a timestamp when the form is first loaded by a user. When the form is submitted, the system checks two things:

1. Is the timestamp field present and valid?
   Many bots will either remove this field or fail to process its value correctly.
   If the field is missing or has been tampered with, the submission is flagged as spam.
2. Is the submission time too fast?
   If the timestamp is present, the system calculates the duration.
   Submissions completed faster than a human possibly could are blocked.

This dual-check mechanism is highly effective at catching bots that are programmed to either ignore or strip out unrecognized form fields.

• Enable Form Submit Time Check:
  Set to Yes to activate this behavioral check.
• Time in seconds:
  Define the minimum time a submission must take. Any submission completed faster than this threshold will be flagged as spam.

💡 Pro Tip:
A value between 3 and 5 seconds is a great starting point.
This is typically too fast for a human to legitimately complete a form but slow enough to avoid flagging users who type quickly.

📞 Need Help?

Still have questions or need assistance with your setup? Our expert team is here to help. Please don't hesitate to contact our support team for personalized assistance.