Would you like to prevent spam registrations and logins in your affiliate program? AffiliateWP provides built-in spam prevention tools to help secure your affiliate registration and login forms from bots and automated abuse.
In this tutorial, we’ll walk you through the spam protection options available in AffiliateWP and how to enable them.
Overview of Spam Protection Features
AffiliateWP protects your affiliate program using a combination of passive and active spam prevention tools:
- Honeypot Protection – blocks bots silently without affecting real users (enabled by default)
- CAPTCHA Integration – adds visual or logic-based human verification to your affiliate forms
These tools help you reduce fake signups, prevent automated login attempts, and maintain the integrity of your affiliate program.
Built-In Honeypot Protection (No Setup Required)
AffiliateWP includes a hidden honeypot field in every affiliate registration form. This feature helps detect and block spam bots without requiring any action from you or your affiliates.
What Is a Honeypot and How Does It Work in AffiliateWP?
A honeypot is a hidden form field designed to trap bots that attempt to fill every visible input field. While real users can’t see or interact with it, automated bots often populate it, triggering the system to treat the submission as spam.
In AffiliateWP:
- A hidden field named
affwp_honeypotis automatically included in all affiliate registration forms. - Legitimate users never see or fill out this field.
- If the honeypot field is submitted with any value, the registration is automatically rejected.
This feature requires no configuration and works silently in the background. It helps reduce spam registrations while keeping the user experience seamless and uninterrupted.
The honeypot works alongside other spam prevention tools and doesn’t affect user experience.
Accessing CAPTCHA Settings
To add active human verification to your affiliate forms, you can enable CAPTCHA through the AffiliateWP settings. To access CAPTCHA settings:
- Navigate to AffiliateWP » Settings in your WordPress dashboard.
- Click the Affiliates tab.
- Scroll down to the Affiliate Registration & Login Security section.
This is where you’ll configure CAPTCHA-based protection for registration and login forms.
Adding CAPTCHA to Affiliate Forms
CAPTCHA adds an extra layer of verification to help distinguish real users from bots. AffiliateWP currently supports three CAPTCHA services:
- hCaptcha: Add an extra layer of protection with the privacy-focused hCaptcha alternative.
- Google reCAPTCHA: Strengthen your site’s security using Google’s reCAPTCHA service.
- Cloudflare Turnstile: Secure your forms by integrating with Cloudflare Turnstile, a CAPTCHA-free solution that prioritizes user experience.
You can enable one of these verification tools to protect your affiliate registration and login forms. When selected, you’ll be prompted to enter your site key and secret key, which can be generated through your CAPTCHA provider.
Once a service is enabled, you’ll also have the option to apply it to the affiliate login form as well by selecting the option labeled Add CAPTCHA to Affiliate Login form. This helps prevent credential-stuffing and brute-force attacks.
Be sure to save your settings after completing the configuration.
Frequently Asked Questions
Can I apply CAPTCHA to both registration and login forms?
Yes. After selecting a CAPTCHA type, you can check the box labeled Add CAPTCHA to Affiliate Login form to secure both forms.
Can I use more than one CAPTCHA service at the same time?
No. Only one CAPTCHA provider can be active at a time.
Are all CAPTCHA options available on every AffiliateWP license?
Yes. All CAPTCHA features are available with any AffiliateWP license.
Do I need to enable the honeypot feature?
No. The honeypot is automatically included in all affiliate registration forms. It’s enabled by default and requires no configuration.