Add G.A.S.P. Protection to the WordPress Login Screen

By 29th July 2013 May 28th, 2021 Shield Security

The Growmap Anti-Spam Protection plugin (GASP) for WordPress is a must-have add-on for all WordPress sites.

GASP WordPress Login Form Protection
GASP WordPress Login Form Protection

You can add the same spam-bot protection to your WordPress login form.

What is Growmap Anti-Spam Protection (GASP)?

Simply put, it’s a mechanism for blocking automated spam bot from posting comments on your site.

The original GASP plugin for WordPress is a highly effective tool in eliminating practically all bot-driven comment spam, and we believe it’s essential for any interactive community site.

It works by inserting some HTML into your WordPress Comment form. This HTML is a mix of HTML and Javascript, and the Javascript (after page loads) dynamically adds a checkbox to your comment form.

If you don’t check the checkbox, you can’t submit the form.

The simple magic here is this: since the checkbox is created using Javascript after the page has loaded, and bots do not render Javascript, the bot wont “see” the checkbox and so it can’t mark it as checked.

When the comment form is submitted to the WordPress site, and the checkbox item is missing from the form, we know the form was submitted either by a bot, or by someone who doesn’t have Javascript enabled.

Why add GASP to the WordPress login form?

For exactly the same reason as we add it to our comment forms.  We have no interest in serving our login forms to bots who will try to find a weakness in your passwords or brute force attack you.

GASP on your WordPress login form protects you against automated, bot-based, brute-force attacks simply by ignoring them completely.

How to add GASP protection to the WordPress Login form?

The original GASP plugin was built to handle comment form submissions. It’s awesome, but that plugin’s application is limited only to WordPress comments.

So we took that same principle and added it to our WordPress security plugin: Shield Security.

To enable this protection on your login form, simply install and activate the plugin, then ensure that the ‘Login Guard‘ module is enabled.

Then, enable the G.A.S.P Protection option and save. Immediately you will find a new checkbox has been added to your login form.

GASP Login Protection Configuration Options
GASP Login Protection Configuration Options

And it’s that easy!

A few example log entries from our audit trail log

Shield Security Realworld GASP Protection Logs
Realworld GASP Protection Logs

Protect your site from brute-force bot attacks today!

You can start protecting your site in under a minute using the Shield Security plugin for WordPress.

There’s absolutely no reason you should be leaving your WordPress websites vulnerable to attack.  This feature is completely free to use, with no 3rd party API keys and sign-ups necessary.

Join the discussion 7 Comments

  • Jared says:

    Thank you for creating this plugin. I was 5 minutes away from sending one of my developers the GASP plugin to make it work for the login screen. Validation on the client-side is critical to thwart the brute-force login attacks and not overwhelm the server.

    View Comment
    • Paul G. says:

      Hi Jared,

      Glad you like it… I’ve been meaning to create this functionality for a long time, so I’m just as happy to have it!

      Stay tuned for more features coming soon. 🙂

      Thanks for leaving a comment..

      View Comment
  • Mark Finzel says:

    Do you believe this method is still effective, or have spammers started to catch on and find ways to check the box? I don’t know much about spammers’ methods so I don’t know how hard it would be for them to do.

    View Comment
    • Paul G. says:

      Hi Mark,

      I see no reason to suspect that this isn’t effective. There is no other GASP login system out there so until it because a very common layer to prevention, it’s likely there’ll not be a lot of attempts to circumvent it. And, when they do, I can apply the same approach to the GASP login as I have to the GASP comments system I’ve built.

      This isn’t preventing spammers – it’s preventing automated bots from trying to brute-force log into your site. Use it in combination with all the other login prevention strategies and you’ll be very well protected.


      View Comment
  • Vinay says:

    Very nice and wise collection of words to describe the importance of anti-spam plugins.
    I am running a video website. And when I started it, the Akismet was already installed. I want to ask is it necessary to install more anti-spam plugins to protect my website. I mean, professionally how many anti-spam plugins should be installed if you want 100% protection.

    View Comment
  • Lakewood says:

    Is there a way to add GASP to other forms such as Gravity or User Registration forms with Shield?

    View Comment

Leave a Reply

x Logo: ShieldPRO
This Site Is Protected By