Subscribe via

Project Honey Pot Http:BL WordPress Plugin

This plugin is no longer supported/updated. Please see Project Honey Pot Http:BL is going back home.

Today I would like to announce the release of “Project Honey Pot Http:BL” WordPress Plugin.


This plugin allows you to verify all visitors’ IP address against the Project Honey Pot database. Using the Http:BL API, this plugin flags, logs, and blocks visitors with a high threat score, helping you prevent harvesters, spammers, or other suspicious bots from abusing your blog. I’ve been talking a lot about LoJack anti-spam measures lately and this is one of them.
This plugin requires you to sign up for a free account at Project Honey Pot so that you can use their Http:BL API to verify your visitors.
This plugin is based on Jan Stepien’s http:BL version 1.4 which is no longer being supported. This version of the plugin fixes a lot of database bugs and usability issues that the original plugin had. Here are the key benefits of having this plugin enabled.

  1. LoJack anti-spam solution with collective intelligence
  2. Easy Project Honey Pot integration. No need to mess with Apache mod_httpbl, which means that this will work on shared hosts.
  3. Ability to redirect malicious bots to a bot trap.
  4. Logging capabilities




Download via the Official WordPress Plugin Directory

Upcoming Feature(s)

  1. Threat score limit per type (suspicious, comment spammer, harvester)
  2. White list
  3. Improve log display

As always, please feel free to share any comments, questions, and suggestions!

24 Responses to “Project Honey Pot Http:BL WordPress Plugin”

[go to last comment]
  1. digitaltodd

    wow this sounds great. a very good idea to block them by ip. i will try it!

  2. digitaltodd

    So I have the plugin running now. I don’t get that much traffic so we will see how much stuff it catches/blocks. I just thought I would mention that in your instructions it says to use httpbl_stats() function and in the settings for the plugin it says to use php_httpbl_stats()(which i didn’t see right away because I was using the readme). Not a big deal but because my layout is widgetized sometimes it is hard to place these kinds of calls in the right place on the template to make them work, not knowing which was the right call made it harder.


  3. Ty Bone

    Thank you very much for letting me know! I will change it and check it in so nobody else gets confused.

  4. autworld

    this is a great idea, i´ve been waiting for something like that. thank you!

  5. Ty Bone

    I hope this works out for you. Please let me know when you’ve implemented this. I love feedback. Thanks!

  6. autworld

    thanks for your feedback, Ty, we have tested it today on the blog of a friend of mine and yes, it helps alot. you did a great job! we gonna implemented it in the next days, after we´ve finished some other improovements. i´ll give you an feedback after this, have a nice day.

  7. Ty Bone

    Released version 1.0.1 with the following change:

    – Fixed readme.txt typo to use php_httpbl_stats() instead of httpbl_stats()

  8. Eddy De Clercq


    As a long time project honyepot lover/implementer (I even wrote a port fro SAP systems once), I’m very happy with this plugin for my blog.
    I see one minor issue though. In the log I get after this line ‘A list of 50 most recent visitors listed in the Project Honey Pot’s database.’ A lot of this ‘\n\t\t\’. It seems that the length of this string with crs and tabs is growing when the log gets longer.


  9. Ty Bone

    @Eddy De Clercq
    Thank you for trying out this plugin and your great feedback. I will release a new version without these characters in them today.

    Just so that I know for the future, what version of PHP are you using? Also are you running on a Linux or Windows platform?

  10. Eddy De Clercq

    Hi Ty,

    Thx for the quick reply and solution. It’s PHP 5 on Linux.


  11. Ty Bone

    Released version 1.1.0 with the following change:
    – Removed “\n\t” from HTML printout as this shows badly on some platforms.

  12. Eddy De Clercq

    Problem solved. Again thx for the quick fix

  13. Ty Bone

    Released version 1.2.0 with the following change:
    – Added backwards compatibility with Jan’s original plugin (using table ‘httpbl_log’ for logging).

  14. ovidiu

    hi there, my question is not really related but what plugin are you using for the reply function and the threading function in your comment form?

  15. Ty Bone

    I use WordPress Threaded Comments. It works well with my AJAX Force Comment Preview plugin. Hope you can check that out too!

  16. Ty Bone

    Released version 1.3.0 with the following changes:
    – Fixed a major bug in the previous release that broke logging.
    – Added CSS to admin menu to let user identify options groups easier.

  17. Eddy De Clercq


    I’ve installed the new version and since then see nothing appear anymore in the log. Either there aren’t any malicious visits whihc I doubt very much either the plugin doesn’t work anymore either the logging doesn’t work anymore. Do you have any hints on what to do or check in order to get things running back to normal?


  18. Ty Bone

    Sorry for the late response (I’ve been on a bit of a vacation).

    To debug, I recommend enabling logging in your the plugins options and temporarily modifying php-httpbl.php line 321 from:

    if ($log)


    if (true)

    Now wait a few days to see if you are getting hits.

    Please let me know if this helps.

  19. Eddy De Clercq

    After 5 days, still no logs. I thought it would be that I also use an sql injection blocker, but I stopped that one and it makes no difference. The two worked together in the past anyway.

  20. Ty Bone

    Eddy De Clercq
    Do you know if the code even executes at all? Can you add some echo commands in php-httpbl.php in php_httpbl_check_visitor()? I would place one before and after line 253 to print out the $result for sure.

    echo “result before if:” . $result[0];
    if ( $result[0] == 127 ) {
    echo “result after if:” . $result[0];

    It might be possible that your service DNSBL stopped working. You might also want to log into your Project Honey Pot account and check the statistics if you have been detecting any bots lately.

  21. Clay

    Hi. I know you don’t represent Project Honeypot, but I can’t seem to be able to sign up to get the API key. Their signup form says it will send a validation email which you must follow to activate, but it never comes. I’ve checked spam folders, and I’ve tried different email accounts. I am having a dreadful time right now with spammers (appear to be human, but professional spammers) and I’m hoping to utilize the service.

    Perhaps as a current member of the Honeypot community, are you aware of any outage in their service, or stoppage of new accounts?

  22. Ty Bone

    I’m sorry you are having this issue. I haven’t noticed any outages or stoppage of new accounts. They are usually good at letting us know if they are going to be down for maintenance or anything. Did you try to send them an email? You can get to the email link on the about page.

  23. Eddy De Clercq


    The before is showing my Project Honey Pot Http:BL Access Key. The after doesn’t show of course. I can’t check the Project HP site, since it’s down for maintenance.


  24. Project Honey Pot Http:BL is Going Back Home « OMNINOGGIN

    […] by WP Greet BoxIt is my pleasure to announce that I will be joining my development efforts of Project Honey Pot Http:BL plugin with Jan Stepien (the original developer of Http:BL). Jan has already merged my changes onto […]

[go to first comment]

Leave a Reply