Add G.A.S.P. Protection to the WordPress Login Screen

by Paul G.

The Growmap Anti-Spam Protection plugin (GASP) for WordPress is a must-have add-on for all WordPress sites.

GASP WordPress Login Protection

GASP WordPress Login Protection

Now you can add the same spam-bot protection to your WordPress login form.

What is Growmap Anti-Spam Protection (GASP)?

Simply put, it’s a mechanism for blocking automated spam bot from posting comments on your site.

The original GASP plugin for WordPress is a highly effective tool in eliminating practically all bot-driven comment spam, and we believe it’s essential for any interactive community site.

It works by inserting some HTML into your WordPress Comment form. This HTML is a mix of HTML and Javascript, and the Javascript (after page loads) dynamically adds a checkbox to your comment form.

If you don’t check the checkbox, you can’t submit the form.

The simple magic here is this: since the checkbox is created using Javascript after the page has loaded, and bots do not render Javascript, the bot wont “see” the checkbox and so it can’t mark it as checked.

When the comment form is submitted to the WordPress site, and the checkbox item is missing from the form, we know the form was submitted either by a bot, or by someone who doesn’t have Javascript enabled.

Why add GASP to the WordPress login form?

For exactly the same reason as we add it to our comment forms.  We have no interest in serving our login forms to bots who will try to find a weakness in your passwords or brute force attack you.

GASP on your WordPress login form protects you against automated, bot-based, brute-force attacks simply by ignoring them completely.

How to add GASP protection to the WordPress Login form?

The original GASP plugin was built to handle comment form submissions. It’s awesome, but that plugin’s application is limited only to WordPress comments.

So we took that same principle and added it to our WordPress security plugin: WordPress Simple Firewall.

To enable this protection on your login form, simply install and activate the plugin, then turn on the ‘Login Protect’ feature.

GASP Login Protection Configuration Options

GASP Login Protection Configuration Options

Then, enable the G.A.S.P Protection option and save. Immediately you will find a new checkbox has been added to your login form.

And it’s that easy!

[Edit 2013/08/22] A few example log entries from our firewall log

WordPress Simple Firewall Realworld GASP Protection Logs

Realworld GASP Protection Logs

Protect your site from brute-force bot attacks today!

You can start protecting your site in under a minute using the WordPress Simple Firewall plugin.

There’s absolutely no reason you should be leaving your WordPress websites vulnerable to attack.  The plugin is completely free to use, with no 3rd party API keys and sign-ups necessary.

← Previous Article:

→ Next Article:

{ 4 comments… read them below or add one }

Jared August 2, 2013 at 12:24 am

Thank you for creating this plugin. I was 5 minutes away from sending one of my developers the GASP plugin to make it work for the login screen. Validation on the client-side is critical to thwart the brute-force login attacks and not overwhelm the server.


Paul G. August 3, 2013 at 4:55 pm

Hi Jared,

Glad you like it… I’ve been meaning to create this functionality for a long time, so I’m just as happy to have it!

Stay tuned for more features coming soon. :)

Thanks for leaving a comment..


Mark Finzel February 9, 2014 at 10:44 pm

Do you believe this method is still effective, or have spammers started to catch on and find ways to check the box? I don’t know much about spammers’ methods so I don’t know how hard it would be for them to do.


Paul G. February 10, 2014 at 10:37 am

Hi Mark,

I see no reason to suspect that this isn’t effective. There is no other GASP login system out there so until it because a very common layer to prevention, it’s likely there’ll not be a lot of attempts to circumvent it. And, when they do, I can apply the same approach to the GASP login as I have to the GASP comments system I’ve built.

This isn’t preventing spammers – it’s preventing automated bots from trying to brute-force log into your site. Use it in combination with all the other login prevention strategies and you’ll be very well protected.



Leave a Comment

Take Back Control Of WordPress Today