Since I do not assume that this is the most elegant solution
I think it's quite a good solution, which will keep a lot of bots out. However, bots are getting better, and such honeypot fields are a rather old concept...
Another idea would be to add a Captcha (for example "I am not a robot" verification by Google). On top of that there are algorithms for analyzing a text for emotions and intents, which might help you categorize spam even then.
However, let me tell you something: AI is catching up, and even if that weren't bad enough, there are services on the dark web on which humans earn money by solving Captchas (even the fancy Google ones) for bots - so that the bots can still do their thing - or by filling whole forms manually. It's a fraction of a cent per Captcha or form-fill, but that adds up over the hours, and these people are very trained in doing their thing by doing it for hours.
Battling spam is like fighting windmills. You start out with a form, and bots will swarm it. You use a honeypot field, however bots might not even use it. You add a Captcha, but somehow the spam still keeps coming your way. You add an intent-detection algorithm, which at least puts spam into a moderation queue, but spam-bot authors aren't dumb, and if your site is an interesting enough target, they will find a way to fool the system. I have seen some such posts even here on Hashnode, which take reference to the specific article... arghh.
The solution I propose is to not solve the problem. Currently, JAMStack is one of the most hyped new things in webdev; for a good reason. You do your thing (create/admin a website), and leave the complicated stuff to the experts, who do that as their thing all day. They are also GDPR-compliant, and if you put a link, it's usually not even your problem anymore, because the user leaves your page (briefly) :)
This means, instead of putting a form onto your Wordpress page, you might want to put a link to a survey site, or use an embed for one. The survey site will then conduct the voting and feedback taking for you, and use their battle-tested algorithms to fight bots and spam for you. You will receive the results (which then are, GDPR-wise, your problem again) from the other service and can do whatever you need to do with them.
Of course, GDPR-wise, you can also check out the other service's options to see if you can trigger the deletion of certain records, which would fill that gap in your control-chain. GDPR, however, is still a very difficult topic, and even many big companies struggle a lot with how to handle (sub-)contractors and data-transfer for processing purposes.