Blog Post

GD Security Toolbox Pro 2.5: Hephaestus

Four years ago today, GD Security Toolbox Pro, version 1.0 was released. And, today, we are celebrating the fourth birthday with the very important version 2.5 bringing a lot of new features related to registration control and antispam filters.

Two major issues any website with open registration faces is the spam registration and spam comments or other submissions. Bots use spam registration accounts as a way to post more spam comments because website often allows no moderation of comments for registered users. And, the bots registering the spam accounts use a wide range of generated usernames, the unlimited pool of domains for emails and it can be very tough to sort all that out, and later remove these accounts.

Email domain registration filters

GD Security Toolbox Pro had a lot of registration filters made to prevent spam registration, and over the past year, I have been gathering data about everything plugin stops, and everything that was not stopped. And, all that leads to a huge update to the registration control methods plugin has.

Email domain DNS records filters

The new measures for stopping spam registration include:

  • Check if the email domain TLD is valid. Plugin updates the list of all available TLD’s every week to stay up to date.
  • Check if the email domain is on the disposable email domains list. This will prevent users to register with a disposable email that works for a few minutes or a few hours.
  • Check if the email domain includes a subdomain. This is one of the most obvious spam flags because normal emails are domain-based, and when the email is located on a subdomain, that is a red flag. There are some valid cases to have subdomain emails related to education, government and academy TLD’s and they will be allowed.
  • Check if the email domain has proper DNS records. This is run as the last filter because it depends on running an online query to get domain records from the DNS server. But, this will reveal a lot of about the email domain and will stop domains with incomplete A or MX records, or domains that have MX record point to disposable domains.

The best thing about this control is that if a bot is persistent, trying to registers and fail, you can ban the bot IP and stop it from coming to the website.

And, the Antispam filters for comments, trackbacks, bbPress topics, and replies and GravityForms have been expanded to include TLD validity check, disposable email check, and email domain subdomain checks. Other changes in this version include updates to events log, improvements to integrity scanner, CSP and more. There are several bugs also fixed.

And, the next few versions of the plugin will expand on some of these features to make the process better, and stop a lot more spam registration and spam posting.

To see the list of all the changes in this version, please check out the changelog. If you find any issues with the new version, please, report them in the support forums.

Please wait...
GD Security Toolbox Pro plugin for WordPress
Proactive protection and security hardening

A collection of many security related tools for .htaccess hardening with security events log, ReCaptcha, firewall, and tweaks collection, login and registration control and more.

About the author

Milan Petrovic
Milan Petrovic

CEO and Lead developer of Dev4Press Web Development company, working with WordPress since 2008, first as a freelancer, later founding own development company. Author of more than 250 plugins and more than 20 themes.

Subscribe to Dev4Press Newsletter

Get the latest announcements, release digests, promotions and exclusive discounts, and general Dev4Press-related news straight into your mailbox.


This form collects your email (optionally your name) for the purpose of sending you newsletters. Check out our Privacy Policy for more information on how we store and manage your data. We will not send you any spam. Newsletters are sent 2 to 4 times every month.

Latest From The Blog

BreadcrumbsPress Path Settings

BreadcrumbsPress Pro 4.3 / Lite 2.2

Both Pro and Lite versions of BreadcrumbsPress have been updated with new settings related to breadcrumbs paths, improvements to the blocks implementation, various tweaks, improvements, and fixes.
setup packages

Introducing Setup Packages

By popular request, Dev4Press now includes setup packages that can be purchased along with the plugin licenses and include plugin setup and training with the Dev4Press Support team via Meet, Zoom, or Skype.
antispam wpforms

Fighting spam in WPForms Lite & Pro

WPForms is a very popular plugin for creating contact forms, and a free version is available in the WordPress.org repository. But both versions have very basic spam protection, and that's why coreSecurity Pro has an Antispam feature for the WPForms plugin.

Leave a Comment

WP Rocket - Make WordPress Load Fast in a Few Clicks
Grammarly - Number 1 Writing App