diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index a794139ddb9..5a078075b93 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -283,6 +283,7 @@ class UsersController < ApplicationController
   end
 
   def perform_account_activation
+    raise Discourse::InvalidAccess.new if honeypot_or_challenge_fails?(params)
     if @user = EmailToken.confirm(params[:token])
 
       # Log in the user unless they need to be approved
diff --git a/app/views/layouts/no_js.html.erb b/app/views/layouts/no_js.html.erb
index 3d6dc48aca2..c796b08f4f9 100644
--- a/app/views/layouts/no_js.html.erb
+++ b/app/views/layouts/no_js.html.erb
@@ -6,6 +6,7 @@
     <meta name="description" content="">
     <%= render partial: "layouts/head" %>
     <%= raw SiteContent.content_for(:head) %>
+    <%= yield(:no_js_head) %>
   </head>
   <body>
     <%- unless customization_disabled? %>
diff --git a/app/views/users/activate_account.html.erb b/app/views/users/activate_account.html.erb
index a5380bcaafa..2f9cca159ba 100644
--- a/app/views/users/activate_account.html.erb
+++ b/app/views/users/activate_account.html.erb
@@ -1,26 +1,40 @@
 <div id='simple-container'>
-
     <h2><%= t 'activation.welcome_to', site_name: SiteSetting.title %></h2>
     <br/>
     <button class='btn' id='activate-account-button'><%= t 'activation.action' %></button>
 
     <%= form_tag(perform_activate_account_path, method: :put, id: 'activate-account-form') do %>
+      <%= hidden_field_tag 'password_confirmation' %>
+      <%= hidden_field_tag 'challenge' %>
     <% end %>
 </div>
 
+<%- content_for(:no_js_head) do %>
+  <%= script "vendor" %>
+<%- end %>
+
 <script language="javascript">
   (function() {
-   var t1 = new Date().getTime(),
-       button = document.getElementById('activate-account-button'),
-       form = document.getElementById('activate-account-form');
+    function activateAccount() {
+      $('#activate-account-button').prop('disabled', true);
+      $.ajax("/users/hp").then(function(hp) {
+        $('#password_confirmation').val(hp.value);
+        $('#challenge').val(hp.challenge.split("").reverse().join(""));
+        $('#activate-account-form').submit();
+      }).fail(function() {
+        $('#activate-account-button').prop('disabled', false);
+        console.log('test');
+      });
+    }
 
-    button.addEventListener('click', function() {
-      var diff = new Date().getTime() - t1;
+    var t0 = new Date().getTime();
+    $('#activate-account-button').on('click', function() {
+      var diff = new Date().getTime() - t0;
 
       // Ensure the form has been visible for a few ms before allowing the
       // user to submit.
       if (diff > 50) {
-        form.submit();
+        activateAccount();
       }
     });
   })();
diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb
index eb8acd6d8db..9d4ea00dbe8 100644
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@@ -2,11 +2,6 @@ require 'spec_helper'
 
 describe UsersController do
 
-  before do
-    UsersController.any_instance.stubs(:honeypot_value).returns(nil)
-    UsersController.any_instance.stubs(:challenge_value).returns(nil)
-  end
-
   describe '.show' do
     let!(:user) { log_in }
 
@@ -78,6 +73,10 @@ describe UsersController do
   end
 
   describe '.activate_account' do
+    before do
+      UsersController.any_instance.stubs(:honeypot_or_challenge_fails?).returns(false)
+    end
+
     context 'invalid token' do
       before do
         EmailToken.expects(:confirm).with('asdfasdf').returns(nil)
@@ -112,7 +111,14 @@ describe UsersController do
           user.expects(:enqueue_welcome_message).with('welcome_user').never
           put :perform_account_activation, token: 'asdfasdf'
         end
+      end
 
+      context "honeypot" do
+        it "raises an error if the honeypot is invalid" do
+          UsersController.any_instance.stubs(:honeypot_or_challenge_fails?).returns(true)
+          put :perform_account_activation, token: 'asdfasdf'
+          response.should_not be_success
+        end
       end
 
       context 'response' do
@@ -137,7 +143,6 @@ describe UsersController do
         it "doesn't set @needs_approval" do
           assigns[:needs_approval].should be_blank
         end
-
       end
 
       context 'user is not approved' do
@@ -268,7 +273,10 @@ describe UsersController do
   end
 
   describe '#create' do
+
     before do
+      UsersController.any_instance.stubs(:honeypot_value).returns(nil)
+      UsersController.any_instance.stubs(:challenge_value).returns(nil)
       SiteSetting.stubs(:allow_new_registrations).returns(true)
       @user = Fabricate.build(:user)
       @user.password = "strongpassword"