This plugin hasn’t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

Growmap Anti Spambot Plugin


Upgrade to CommentLuv Pro For More Anti-Spam Heuristics

This plugin will add a client side generated checkbox to your comment form asking users to confirm that they are not a spammer.
It is a lot less trouble to click a box than it is to enter a captcha and because the box is genereated via client side javascript that bots cannot see, it should stop 99% of all automated spam bots.

A check is made that the checkbox has been checked before the comment is submitted so there’s no chance that a comment will be lost if it’s being submitted by legitimate human user.

To combat the new ‘learning’ bots, this plugin adds dynamically named fields to the comment form so each post has a differently named field and value.

You can set the maximum amount of comments a user can have in the moderation queue to protect you from comment floods (provided you haven’t approved any of the spammers comments before)

*new! – prevent spambots from thinking they got links on your site by removing all links from comments that are waiting for moderation

You can get support and see this plugin in action at Growmap

This is provided for free by Andy Bailey

(please remember to delete your cache when you upgrade or change any settings if you are using a cache plugin)

Translations :

French : Frederic

Spanish : Ramon

Dutch : Onno


  • You only need to specify which error messages to show when the user forgets to use the checkbox or no checkbox is present.


  • settings page

  • in use

  • error message


WordPress : Extract the zip file and just drop the contents in the wp-content/plugins/ directory of your WordPress installation and then activate the Plugin from Plugins page.

WordPressMu : Same as above (do not place in mu-plugins)


Installation Instructions

WordPress : Extract the zip file and just drop the contents in the wp-content/plugins/ directory of your WordPress installation and then activate the Plugin from Plugins page.

WordPressMu : Same as above (do not place in mu-plugins)

Does this plugin add any database tables?


Will this plugin work with Disqus/Intense Debate/js-kit?

This will only work with the default WordPress comments system.

If I disable javascript will it still work?

No. This plugin requires javascript to be enabled in the users browser for the comment to be accepted.

The checkbox doesn’t appear in my comment form

The checkbox only appears for logged out users.
If you’re logged out, it only shows if you have javascript enabled.
If you are logged out and have javascript enabled and it is still not showing then you need to have the comment form action active in your comments.php theme file

I am allowing trackbacks but I am being trackback spammed! what do I do?

You can download any of the number of trackback validation plugins which will check the trackback before allowing it or not.

After having no spam I am now getting LOTS of spam, what do I do?

Sometimes scripts can semi automate spam and they know what the checkbox name is so they can automatically tick it.
Change the checkbox name value in the settings page to something new (like change the number) so the autmoated systems don’t know what the checkbox is called any more
You can also change the secret key value and set the maximum comments in moderation to a lower number.

everyone is getting the error message

if you have a cache plugin, please clear all caches.

also, you can try saving the settings again to reset all the variables


Good, but does not work with HTTPS

After I switched from the HTTP protocol to HTTPS, this plugin did not work any longer. Commenting was no longer possible, and I could not even configure the plugin via Dashboard. The only way making commenting possible again was to deactivate/delete G.A.S.P. Very disappointing, because it really helped fighting spam.

Only thing that works for me

Akismet was worthless because it doesn’t block automated bots and once you’re on their lists they bury your site with them. I was up to 1000+ spam comments a day. That dropped to only 40 real comments (a few manually left spam, but easily controlled once the 960+ were blocked).

I do periodically change the random letters, numbers and characters any time I notice any spam coming in and that blocks them out again. Apparently, they can eventually crack that code no matter how long it is. But you can make them start over anytime you choose.

A great plugin that no longer works

I really hate to see this one go. I don’t know what has changed but it doesn’t block spam at all anymore, and hasn’t for months.

I have used GASP for years and it’s been great but about 6-8 months ago it just quit blocking spam. I don’t know if spammers have gotten smarter (hint, they have. I’ve seen bot comment spammers for sale that can click “invisible” checkboxes like this easily), or maybe wordpress has updated and broke it. GASP has not been updated in a long time now and I don’t know if it will ever be updated again.

I’ve maxed out the settings and played with everything but no luck. the checkbox is there, the other measures are there, I’ve changed my codes….but it just won’t block the spam. With GASP running I get about 3-4 spam comments an hour on my high traffic sites.

I now use wp-spamshield without any problems. I really hope the creators of GASP bring some new updates in the future, I would love to come back because of the better options.

Read all 35 reviews

Contributors & Developers

“Growmap Anti Spambot Plugin” is open source software. The following people have contributed to this plugin.


“Growmap Anti Spambot Plugin” has been translated into 1 locale. Thank you to the translators for their contributions.

Translate “Growmap Anti Spambot Plugin” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.



  • updated default number of words in name to 3
  • updated url for simple trackback plugin to the new version


  • updated : update readme to show compatibility with wp 3.8
  • added : Dutch language added (thanks Onno Schuit)


  • added : remove all links from a comment if it is in moderation. (prevents autospam bots like scrapebox from thinking they got through with a link)
  • updated : compatibility with 3.7


  • updated : $count is checked if it has a value before checking if it is greater than max_mod to hopefully elimate the problem of random users being told they have too many comments in moderation


  • updated : set checkbox as descendant of label so users can click the label to tick the box (thanks Anthony T)
  • updated : added a link back to the post with a query arg to fix pages that were expired and had old form fields on the die message
  • updated : change refer check logic
  • updated : add error codes to error messages
  • updated : allow user to not use secret_key (set as no by default)
  • fixed : max_mod kept reverting back to 3 due to get_options not saving version number
  • updated : added warning message about clearing the cache if a user upgrades or changes settings and has a cache plugin installed


  • updated : set the max_mod value during install if it doesn’t exist
  • updated : new readme


  • updated : max_mod is set at 3 by default
  • updated : readme.txt updated


  • updated : allow option of using referer check or not in settings
  • updated : use dynamic input field name so each post uses a different value and can’t be learned for the whole site
  • added : allow user to set maximum comments that can be held in moderation before new comments can be added (from CommentLuv Premium)


  • added : add a referer check to start of check_comment
  • updated : notices about undefined index when debug turned on
  • updated : check $_SERVER[‘HTTP_REFERER’] is set and die if not


  • updated : improved code for checkbox and label to help with styling (thanks James)
  • updated : regex for saving secret key
  • added : keep a count of bots caught
  • added : ad box below author info


  • added : new extra security added with secret_key
  • added : insert commentdata as spam before wp_die so spammer can’t keep submitting the same comment with new key try
  • fixed : bug with gasp_check declaration using == instead of =
  • added : keep a track of bot comments and show count in settings page (only bot comments, not forgotten checkboxes)


  • fixed : prevent two checkboxes being rendered on some themes (nexus)


  • allow blogger to change checkbox name in settings


  • First version , commissioned by @phollows via @growmap


  • tidied up options page and added field for checkbox label


  • changed the hidden div with text type input to hidden input to prevent google toolbar from filling in the text field


  • added client side alert if checkbox is not checked. @donnafontenot


  • release version


  • use different method to identify submitted form for forms that have a submit button with no id or name set (@dragonblogger)


  • ignore trackbacks and pingbacks (@basicblogtips)


  • let blog owner to choose to allow trackbacks or not (@dragonblogger)


  • add ability to specify maximum number of names or urls in content of comment. (@dragonblogger)
  • choose where to send comment