What is CodeIgniter's Honeypot feature?

Answer

The Honeypot feature in CodeIgniter 4 is a simple spam protection mechanism that adds a hidden form field that regular users cannot see (hidden with CSS) but spam bots often fill in automatically. Configure in app/Config/Honeypot.php: set $hidden = true to enable. Add to forms: <?= \CodeIgniter\Honeypot\Honeypot::insertHoneypot() ?> or use the Honeypot filter. When the hidden field is submitted with a value (i.e., a bot filled it), the request is rejected with a 400 error. Enable as a global filter in app/Config/Filters.php. The Honeypot is not foolproof against all bots but significantly reduces automated spam submissions without adding any UX friction for real users. Combine with CAPTCHA for stronger bot protection.