CleanTalk's blog

    Sign up

    Author: Alexander

    • Simple Ways to Implement All-around WordPress Security

      WordPress security is a hot buzz in the industry these days, as the CMS is quite popular among the small businesses as well as enterprises. Hence, it is the most relevant thing to discuss about at present, without any shadow of doubt. Securing a WordPress site is called ‘hardening’ of WordPress. It is like building a wall around your house and making sure all the windows and doors are closed.

      WordPress is used by more than 70% of the site owners today according to a research and hence it is vulnerable to the security breaches all the time. The most popular content management system is attacked by more than 20,000 spammers and 50,000 and above malware, as per Google SE reports.

      Securing WordPress is not a fixed target to achieve. It is a continuous process which may need upgradation and amendment every day. There might be several causes of a WordPress site to be hacked, like –

      • There might be security issues in a hosting program where the WordPress site is being hosted.
      • WordPress theme code is having security issues
      • Plugin that being used is not secure enough
      • Username or password is weak etc.

      Therefore, following some simple tricks to secure your WordPress along with taking professional security help of WordPress security plugins is a must.

      Securing WordPress Host

      1. Check WordPress hosting options – Hosting platform is the most important part of owning a WordPress site. There are options available for hosting WordPress such as shared hosting, managed hosting and dedicated hosting. Each type of hosting way has its own security algorithms. But when you use shared hosting, your WordPress can be accessible by the cross-site attack. Managed and dedicated hosts are considered to be more secure in this context. Also, each hosting site has its own security filters and it is good to use them.
      2. A good and secure host ensures of having some features to enforce security. These include –
      • Inbuilt web application firewall
      • Inbuilt and fast updates
      • Good server monitoring that is inbuilt
      • Flexible to updates and changes in PHP and MySQL
      • Backups and server monitoring

      Securing WordPress Login Options

      Login is hackers’ favorite area to try their hands on. Therefore, securing login is one of the primary tasks while you are making your WordPress secure.

          1. The WP admin login is the bird’s eye of an attacker and he always starts with the name ‘admin’ for obvious reasons. Admin username should not be kept as ‘admin’ as it is an easy guess. If an old WP site has already having username ‘admin’, the owner should delete the admin user and must create a new one with some complexity.
          2. Using a secure password which is long more than 8 characters at least and complex enough to include special characters, numeric, alphabets both small and capital letter etc. There are some tips to choose a password for your WordPress site, like
            • The password should not have similar alphabets and patterns of arranging alphabets like the username.
            • The password should not contain website’s name anyhow in it.
            • Latest buzzwords should not be there in the password, like “Selfie” etc.
            • The password can be generated through password generation tools.
          3. User enforcement is needed to enter only and only strong password. All of the team members and admin users should be creating a mandatorily strong password with all the rules duly followed. There are some plugins to implement this on the WordPress site.
          4. Password changing rules should be implied for the WP site. It can be once in a month or once in a quarter etc. Once the duration is completed for one password, a notification should be shooting to all the users to change the password.
          5. Predictable passwords that include a common sequence of numbers, alphabets, username should be highly prohibited.
          6. Using two-step authentication is recommended for WordPress sites. Even if the attacker is successful to guess your password, he can’t guess the one time code generated by the system and sent to the authorized email or phone of the admin user.
          7. User access rules need to be implemented in order to prevent every user to crawl and access all of the administration features. The user should be given access to the features they only need to have and access to other features should be prohibited.
          8. Attackers use bots or scripts to attempt to login in any WordPress website. The number of attempts to login into the system from any particular user is counted. If the threshold of the login attempt set has been exceeded, the user should be blocked then and there.
          9. Session timeout option should be there for idle users. The user can leave the session while logged in and it can impose a great security risk to the website. The session should be timed out and automatically logged out after a defined period of time. The help of plugins can be taken to implement this functionality.
          10. Implementing SSL certificates to the user login page can help to secure the WordPress site to a greater extent.
          11. Once a failed attempt is made to log in, PHP code from WordPress generates error messages which include the filename, class name, code snippets etc. to notify where exactly the error has been generated. These error messages have to be removed from the logout page as the attackers can get information and clues to find ways to break the code. This can be achieved by doing a simple change in the functions.php file. 
            add_filter(‘login errors’, create function(‘&a’, “return null”));
          12. WordPress admin page URL is a good source of a clue to the attackers. It lets them know that it is an admin user. The URL should be changed from wp-admin to anything that is not regular, will prevent common brute force attacks.
          13. When an admin user logs in to the WordPress, it shows the author name by default. It can be the security vulnerability, as the attackers get information about the author name. To hide the author name, some changes can be done in the wp-admin.php file.
            Create a function and add a condition inside it like –

            {
if (is_author())
{
wp-redirect(home_url());
exit;
}
}
          14. A server-side login can be layered over the WordPress login to protect the WP password from brute force attack.
          15. .htaccess file in the WordPress admin folder should be used to protect the /wp-admin/ and wp-login.php file from being accessed other than the admin or authorized user.
          16. To prevent trackbacks and pingbacks by the remote blogging users, XML-RPC file should be disabled.

        Securing Database and Data files

        Data files of any website contain all the information related to user authentication and business. To protect the data files from being hacked, some tricks can be done to the admin files.

        1. Database password should be strong enough just like the WordPress admin password.
        2. UserID of the database should not consist of the word “user” and password can’t be literally “password” either. This will be the easiest guess for the brute force attacks on data files.
        3. The user should use SFTP over FTP to connect to the server. SFTP creates a security layer around the sensitive information being transferred between the user and the server.
        4. The WordPress database uses WP-<database name> as the prefix of data-files by default. This welcomes attackers to check the structure of your database using bots and tools. So, the data-file prefix should be anything other than “WP”.
        5. MySQL database names should not be easily recognizable like “WordPress” etc. A strong name should be given to the MySQL databases.
        6. Permissions to read, write and execute the files in databases should be given sensibly. The owner should only be given the permission to write. In that case, CHMOD 755 need to be given. In case of any other user, file permission should be like CHMOD 644, only read, no write and no execution.
        7. A WordPress site owner should use advanced solutions like a server-side scanner to monitor the activity of malware and how many files are infected. There are plugins to achieve the same.

      Continuous Monitoring

      When you want to know if someone is intruding into your house or when he is doing it, you have to keep watch at the entry points of your house all the time, right? Continuous monitoring is the same. It monitors the activities of users, malware, and another activity that is happening on the server.

      There are different tools for this and also some good plugins like Cleantalk, are there to help. Monitoring tools can be of different categories

      1. Online Scanners – These type of monitoring tools work from remote and online.
      2. Application monitors – It scanners the files locally on the system it is installed on. Security plugins help to achieve this type of monitoring.
      3. Availability Monitors – These check the website availability or uptime. When the WordPress site is up and running or down, it sends a notification to the admin user through email and/or SMS. These services can raise alarms when the site has been hackers as they can monitor the WordPress site.
      4. The monitor of reputation – the cleanliness of the site is the prime monitoring subject for tools like google.com or any other premium search engines. The best part is it blocks the site but before that, a notification is sent before 24 hours of it.
      5. Monitoring of File and integrity-Whenever the integrity of the files, monitoring file system send a notification to the admin user. It also identifies the changes of integrity that took place.
      6. Email Notification about admin login – Plugins like CleanTalk has feature to send email notification, whenever admin user accesses the site using username and password successfully. This alerts an admin user if there is an unauthorized successful login by attacker. However, if a logged in session is saved and a user accesses the WP dashboard through it, it won’t send any email notification. This feature can be enabled from the option “Receive notifications for admin authorizations in your CleanTalk Dashboard. Choose “Site Security” in the “Services” menu, then click on “Settings.

      Take help of Security Plugins to secure your site

      All the above tricks and tips are not enough alone to harden your WordPress. There are plugins that are needed to be used to provide all-around protection to the WordPress website. Security plugins protect the WP sites from different kind of threats being discovered every day. Among many ways it protects the WP site, here are some –

      1. Secure User Accounts – plugins detect the easy to guess admin username and password and helps the user to change the value easily. It detects the bots or automation scripts and stops user enumeration just immediately so that bots can’t be able to guess the username using the author information and permalink.
      2. Plugins use optimized logins to prevent the brute force attacks with a feature called – “Login Lockdown’. It even blocks the IP, Network or country of the attacker. There is a list called blacklist which is easily accessible by the admin user and he can manipulate it according to the requirement. It has the feature to force log out of all the users after a defined timeline. It monitors the failed attempts of login continuously and sends a notification to the admin user.
      3. User account number, account access, file access permissions can be implemented and edited through the plugins only.
      4. wp-config.php is manipulated and edited to change the prefix to the database, scheduling automatic backups every day, email notifications for the integrity changes – all of these can be achieved by a good security plugin.
      5. Plugins protect the file system from the WordPress site by disabling the file editing by changing the code in the wp-config.php file. System log monitors help the user to detect the unauthorized activities on the site.
      6. The most important feature of security plugins to protect WP site is web application firewall. It protects the site against dangerous threats like Cross-site scripting, malicious bots which overwhelm the resources of the WP server. It disables the XML.rpc to prevent pingback or traceback feature which can be good sources for attackers to gain information. Also, it prevents the readers to post comments through proxy servers and blocks all the access of the external readers of generic users to the debug files.

      WordPress security issues are discussed every day all over the world. New vulnerabilities are discovered and security tricks are also discovered to prevent them. But this is a continuous learning and implementation process and WordPress site owners should be active enough to prevent their sensitive business information to get exposed in the world.

      There are simple things like not downloading themes from unknown resources, deleting themes and plugins that are not being used anymore, staying updated with the WordPress and security plugin versions to get protection from the new threats etc. These should be followed religiously for every WordPress site in according to protect it from as many corners as possible.

    • Updates for API method spam_check

      We have updated the data that is given out as a work result of the API of the spam_check method.

      Data is now sent for any records in the database. Previously, data sent if the records had the status BlackListed.

      Next parameters have been added:

      -spam_rate – a rating of spam activity from 0 to 100%. 100 means certain spam. The ratio of blocked requests to all. As an example: 100 requests have been made and 97 requests of them have been blocked so spam rate will be 97%.

      -frequency_time_10m – 10 minutes activity.
      -frequency_time_1h – 1 hour activity.
      -frequency_time_24h – 24 hours activity.

      Parameters “frequency_time” show how many attempts of spam attacks were caught.

      It allows you to make decisions more correctly and consider more parameters and you will get more information because of some of IP/email didn’t show by reason of low spam activity.

       

      Let us know if you have any questions.

    • ‘WordPress Security by CleanTalk’ Review– Is it Potent Enough to Safeguard you?

      ‘WordPress Security by CleanTalk’ Review– Is it Potent Enough to Safeguard you?

      WordPress is a very popular open source website creation tool. But this is not only a blogging platform, WordPress is an open source content management system used by millions of people worldwide. It is popular mainly because WordPress is very easy to use and easy to start with. Also, very good support from WordPress itself and different forums are available. According to a research, more than 22.5% of the websites are powered by WordPress in 2017.

      Due to its huge popularity and continuous growth as the world’s most used CMS, WordPress is naturally vulnerable to security threats and attacks. WordPress security attacks from the very beginning are handles by WordPress security releases. But there is new type of attacks is coming in the picture every day and everything does not come under WordPress Security Release. Here comes the WordPress Security Plugins.

      WordPress Security by CleanTalk is one of the most important security plugins which helps your WordPress site protected and secured from the Brute Force attacks by creating a firewall. Check out what kind of attacks your website may face and how can you secure yourself from these attacks:

      Why does a WordPress site is attacked anyway?Why does a WordPress site is attacked anyway?

      There is a cut-throat competition in the market in any venture and everyone wants to get the success at the end of the day. Due to the huge pressure, hackers want to access your website to get all the sensitive information, block your access from the site, redirect your users to any other malicious websites, remove or delete your user and all the content from the website or simply use the backlinks from your website. Stealing your backlink information and using it in their website will just improve their page ranks in any search engine.

      Most of the popular websites get thousands of attacks every week or even every day.

      How does a good security plugin work to prevent a different type of attacks on a WordPress site?

      There are several types of security attacks a WordPress website gets every day. A good security plugin applies optimized algorithms to prevent those vulnerabilities and keep the website secure. Following are some form of security threats a WordPress website gets:

      1. Malicious Software: After hitting your website, hackers leave some malicious software or script, also known as malware into your website. Your security plugin should scan all the files, contents, data files, database, changes in the DNS, comments or any kind of post to find out the malicious code that could possibly be hidden in the website’s source code, or URL. These malwares are scanned and removed by the WordPress security plugin.

      2. Brute Force Attacks: This type of attack is performed using permutation and combination of possible login information. Hackers attempt to log in to the website using thousands of possible username and password combination through automated scripts. Security plugins block the users with the attempt of too many login attempts or clicking on forgot password option. It also prevents WordPress from giving sensitive information like username or password hints etc. or multiple entry point options to the hackers.

      3. Zero Day Exploits: There are some obvious vulnerability issues in WordPress websites or any kind of website. Hackers attack those using bots. The security plugins use known algorithms and security firewall for these already published vulnerabilities and stop them.

      4. Spear Phishing and Social Engineering: Spear phishing & social engineering are among some techniques through which hackers can crack the most difficult password too. Security plugins provide a two-factor authentication which can neutralize the risk of password cracking. This facility is used by banks, financial institutions or websites with very sensitive data.

      5. Rate Based Throttling: This type of attack is the most critical type till date. Hackers overwhelm your website, database, servers and network, all resources using bots or automated scripts. This will prevent your genuine customers from accessing your website and search engine crawlers. Also, script crawlers aggressively crawl the website to overwhelm the website contents and resources. Security plugins provide security through IP blocking. If access request exceeds the accepted threshold of a maximum number of requests from any IP address, security plugin blocks that specific IP address. It also prevents the bot crawlers from aggressive crawling.

      6. Country attacks: Hackers using IPs of different countries and networks attack the WordPress websites to find vulnerabilities and overwhelm its resources with aggressive crawling. Security plugins use the same mechanism as rate based throttling, blocks the specific countries from accessing the website.

      7. Password Cracking: Security plugins use password auditing to find out the password of your admin account is weak or strong; suggest changing the password or making a rule to change the password monthly etc. This will prevent attackers to use password cracking or brute force attacking using the similar script.

      8. Spam Ads: Hackers often use the website they have compromised to post spam ads. These ads include a link to some other malicious website or simply a virus to download. Security Plugins scan your site regularly to check if there is any kind of spam ad that has been posted, identify and remove it.

      9. Hacker Reckon: Hackers find vulnerabilities using the information like software version, operating system version, and software installed etc. and security plugin prevents your WordPress website from giving this information anyhow to these hackers.

      What is WordPress Security Plugin by CleanTalk? 

      WordPress Security Plugin by CleanTalk is a premium security plugin for WordPress Site. This is an end to end protection system for a WordPress site which helps to prevent and securing a site from brute force attacks, brute force account counting, blocking IPs and users using a firewall, providing security for WordPress forms and backend filter malicious IPs, networks or countries.

      It also sends daily security logs, audit logs and reports through emails to the users so that user can analyze and monitor vulnerabilities to their WordPress Websites.

      How to Install Security Plugin by CleanTalk?

      Installation of Security Plugin by CleanTalk is very easy both through the automated and manual way. Following are the steps to follow to install WordPress Security by CleanTalk into your WP.

      Automated Installation

      1. Go to ‘Plugin’ option at the left panel of your WordPress and click on it.
      2. Search ‘WordPress Security by CleanTalk’.
      3. It will show the plugin on the page.
      4. Click on ‘Install Now’ button.
      5. Now click on the ‘Activate’ button
      6. Click on ‘Get access key Automatically’
      7. This will take you to the ‘Security Log’ page of the plugin.
      8. Click on ‘Save Changes’ option.

      Manual Installation

      Installation can be done manually too.

      1. You need to go to ‘https://wordpress.org/plugins/security-malware-firewall/#description’ and click on Download button.
      2. Zip file with an Installer will be downloaded. Save the installer and login to your site’s WP Admin.
      3. Click on ‘Add New’ button and then click on ‘Upload Plugin’
      4. Select the Zip file from the Dialog Box and click OK.
      5. The plugin will be installed. Then click on Activate
      6. The rest of the steps are similar.

      Features of WordPress Security Plugin

      Brute force attacks

      Brute force attacks are very different from cracks or in layman words ‘hacks’. Brute force attackers try to login into the WP admin using the easiest method of login, i.e., the username and password. They use permutations and combinations of common and most possible username and password to try logging in until they are successful. The easiest attack is the weakest link and username like ‘admin’ and password like’12456′.

      1. Brute force attacks come from different countries and IPs. If you have single access and IP, it is easy to block all the IPs other than your IP using the .htaccess file. But, if you have multiple users, log in from multiple locations, it is very difficult to identify the IP of the attacker and prevent it.
      2. WordPress Security plugin, blacklists all the IPs and users with too many attempts of login, scripts, failed attempts of forgot passwords. It also prevents WordPress from providing users multiple login points and giving away login information to the hackers. WordPress security plugin blocks or locks out any user who is using an invalid username and password.
      3. It sends email to the user as soon as a brute attack attempt is done. It also shows the attacker’s IP, location, and country through the email.

      Cleantalk Security Log

      Along with the plugin, Cleantalk security log is the additional feature which helps the user keep track on the logs for different events performed on their website.

      The security log consists of Date, Status, IP, Country and other details for the Admin Login for the user’s website for events like Login, Logout, Invalid Username, Invalid Email, Authentication Failed and Invalid Email. Logs can be filtered for different services like Anti- Spam, Hosting Anti-Spam, Database API, Site Security or SSL Certificates.

      Email Notifications

      Email notifications are very important and must have feature for any security firewall to have. Emails are sent to registered admin user’s email whenever an activity is logged in a WordPress site. WordPress Security by Cleantalk sends email for the following activities:

      Admin Login:
      It sends email to the registered admin user’s email so that the user is aware that an admin login has taken place on his website.

      New installation and Signup:

      Cleartalk WordPress Security plugin sends a notification to the user’s email when he installs and signs up for the plugin.

      Access Key:

      Email notification is sent when a user opts to get access key manually.

      Daily Security Report:

      Daily security Report email notification is sent to admin user which includes information about the SITE Time, Username, IP and Country and a number of brute attacks, failed login and authentication failures have taken place.

      CleanTalk Security Firewall

      The WordPress Security plugin security firewall works like a fence against the security attacks to a WordPress website. It uses CleanTalk database of bad IP’s and blocks the vulnerabilities from compromised IP’s. Firewall runs even before other codes run including the WordPress site and this prevents the security threats to attack the WordPress site. The firewall shields the site and blocks the threats even before they appear.

      And provides the WordPress sites security features like

      • Personal Blacklist Management
      • Country and IP blocking
      • Protection from aggressive users and web crawlers

      Traffic Control Analysis

      Traffic analysis is one of the important features for any WordPress website, in terms of security and CPU overloading. From which IP, country and location traffic is coming, the users that are online, who is on your page and how much time they have spent, etc. information is easily provided by the WordPress Security Plugin to the admin user.

      Unlike other plugins, it enables traffic control analysis to all the visitors even if they have not enabled javascript in their browsers. It gives information about visitors on traffic parameters like:

      • Date and Time of the visit to the website
      • Visitor’s spent time on the website
      • Source Country
      • Visitor’s IP Address
      • Browser
      • Operating System and version
      • Type of the visitor – Person, Bot, Search Bot or suspicious bot, script etc.
      • Number of page hits

      Cleartalk Traffic control can block the IP addresses from any country or any network from the interface itself. IP addresses will be automatically blocked by the Traffic Control if they exceed the threshold of the average page visit quantity. This helps the monitoring and blocking of the traffic real time.

      BlackIP Database

      This is the new feature launched by CleanTalk. BlackIP database is the collection of blocked or blacklisted IP addresses. This database helps to analyze which type of IPs, locations or countries from which the most frequent brute attacks come from. You can also manage the blacklisted IPs from your CleanTalk Dashboard-> “Use CleanTalk Database of Dangerous IP Addresses”. If you want to add an exception to your blacklisted IP addresses, you may add any IP to the whitelist IPs and it will not be blocked.

      Generic Tips and Tricks to keep your WordPress website safe:

      Other than using CleanTalk’s WordPress Security plugin and its advanced features, you can use these simple tricks to keep your WordPress website safe and secure all time:

      • Use email for login other than username. Usernames are easy to predict but hackers can’t easily guess any unique email ID. WordPress use unique email Id as login identifier for each user.
      • The default login URL for all the websites are similar. For example: wp-login.PHP, /wp-admin/ etc. You should change them to something your unique and own. This will prevent the hackers to get the admin logged in page’s URL or the dashboard URL.
      • Password of a WordPress site should consist capital letters, small letters, numeric and all type of symbols. Generally, an eight character password is considered as a strong password. Make it 16, it will be stronger and permutation and combination will be difficult.
      • Secure the WP-Admin directory from getting accessed by hackers.
      • SSL should be used to encrypt your sensitive data.
      • If your site has multiple admins, add them carefully after thorough scanning.
      • Admin username should not be kept as “Admin”.
      • Keep backup of your site regularly. You may buy professional services for backup and recovery routine.
      • Protect your wp-config.php file from hackers by keeping it one step higher than the root directory.
      • If you have multiple admin access, just do not allow the dashboard to be edited, by changing it in the wp-config.php file.
      • You should disable the directory listing using .htaccess.
      • Update your plugins and themes regularly.
      • Do not download or install any theme from an unknown site or provider. You do not know what is written in their code.
      • Plugins and WordPress itself should be updated regularly to get all the new security features.
      • Last but not the least, take precaution before installing any plugin. You should check the documentation, ratings, and reviews before installing them and that should be from a trusted source.

      Conclusion

      WordPress Security Plugin by CleanTalk is one of the best world-class security plugins for WordPress which facilitates your WordPress Website an end to end security solution and helps to grow your business without getting the headache of being attacked. CleanTalk’s Security Feature plugin is regularly updated with new features to cope with the new type of attacks and threats and to provide you smooth and flawless security services. Follow the tips and tricks and install a good security plugin will provide all round your WordPress website.

    • CleanTalk Anti-Spam Launches IPv6 Support for WordPress

      Hello!

      The latest version of WordPress CleanTalk Anti-Spam (5.77) just added support for IPv6 to protect for spam.

      This version that includes a number of improvements with the main one being the introduction of IPv6 support.

      Since IPv6 is becoming more and more popular there have been more requests for CleanTalk to include support for it, and it is now available, ensuring that your site is protected against IPv6-specific attacks.

      Also, we will add IPv6 support for every CleanTalk feature quite soon.

      Download the latest CleanTalk Anti-Spam for WordPress here.

      Don’t hesitate to let us know if you have any questions or comments.

    • CleanTalk Released an Extension for the Protection of OpenCart Against Spam and Spam Bots

      CleanTalk Released an Extension for the Protection of OpenCart Against Spam and Spam Bots

      CleanTalk completed the development extension for the OpenCart, to protect your online store against spam and spambots.

      The anti-spam extension is compatible with OpenCart versions v3.x. and approved on the OpenCart official marketplace.

      This extension allows users to quickly and easily connect to CleanTalk anti-spam service. Its service provides 100% protection from spam bots and provides a simple and convenient commentary/sign-up form for visitors.

      This extension allows protection from automatically distributed spam, as well as from spam bots registrations. The protection method offered by CleanTalk allows users to switch from the methods that trouble the communication (CAPTCHA, question-answer etc.) to a more convenient one.

      CleanTalk saves time and resources spent on moderation and verification of questionable users or comments. Unnoticeable Protection from spam and registration forms, which does not require the visitor to prove who they are, increases the conversion in registration and is not annoying.

      CleanTalk is a cloud service, security module, installed on a website, which sends the behavior parameters of the visitor or spambot. These parameters are estimated, and the service makes a decision – to post a message or to define it as spam and reject.

      On the basis of such checks, the service forms its own list of email addresses used by spambots. Likewise, the registration of visitors is checked. The service adds not only email addresses to the blacklist but also IP addresses and domains of the websites that are promoted through spam mailout. The CleanTalk company developed unique algorithms to assess the behavior of the visitor, and with 100% accuracy, we keep spam messages at bay. All of this happens automatically and requires no action from the administration of the website.

      You can now download CleanTalk Anti-Spam for OpenCart from the official catalog.

      The Company provides automatic spam protection services for popular CMS: WordPress, Joomla, phpBB, Drupal, DataLife Engine, IP Board, vBulletin, MediaWiki, SimpleMachinesForum and API for PHP, Perl, Python, NET.

    • CleanTalk becomes more convenient for mobile users

      Recently we have applied changes to our spam filters. They are about separation of users by their devices: desktops or mobile gadgets.

      Visitors more often surf through websites with smartphones and tablets, so it is necessary to separate them, besides spambots became to use mobile device parameters often as well.

      The changes made it better to detect mobile devices since their parameters of conduct and parameters of messages differ from desktop browsers. Moreover, human/spambot detection for sent messages from mobile devices was improved too.

    • CleanTalk Traffic Control — analyze web traffic in real-time

      CleanTalk Traffic Control — analyze web traffic in real-time

      We are happy to inform you about launching our new feature for the WordPress CleanTalk Security plugin.

      One of the most important component of Traffic Analysis is ability to monitor traffic in real time.

      Tracking of your website activity in real time. You can see how many visitors of your website or blog are online and what pages they are on, plus how much time they spent being there.

      Many tools only track traffic of visitors who enabled JavaScript in their browsers, thus they are not capable to show you the whole picture. CleanTalk Traffic Control will track every single visitor no matter if they are using JavaScript or not and provides many valuable traffic parameters such as:

       • Date and time of the visit to your website;
       • Spent time on your website;
       • IP-addresses;
       • Source country;
       • Browser;
       • Operational System;
       • Type of the visitor — Visitor, Search Bot, different bot, suspicious bot and so on;
       • A number of visited pages.

      Abilities:

       • Block specific IP-address, network or country directly from the interface.
       • Block IP-address automatically if the threshold of average quantity of visited pages was exceeded.

      This is great monitoring tool to see attacks in real time and to block them if necessary.

    • Checking Existing Comments and Users for Spam in Joomla CMS

      Checking Existing Comments and Users for Spam in Joomla CMS

      CleanTalk adds new features in CleanTalk Anti-Spam for Joomla. The work of the plugin is absolutely invisible for visitors and allows users to renounce forever the ways of protection complicating communication on the website (CAPTCHAs, questions, and answers, etc.). CleanTalk allows you to automate protection from spam and the registering of spam bots.

      We released a new version of the anti-spam plugin for Joomla, the new version has a function of automatic check for spam of the existing comments on the site.

      This allows administrators of the Web sites to automatically check and identify spam bots comments and registrations, which were not detected by conventional anti-spam tools.

      To start a scan, go to plugin settings: Extensions -> Plugin Manager -> Anti-spam by CleanTalk then click the button “Check spam users” or “Check Spam comments”.

      “The team CleanTalk has been developing a cloud spam protection system for five years and has created a truly reliable anti-spam service designed for you to guarantee your safety”.

    • AI will play an increasing role in online security

      AI will play an increasing role in online security

      Neural Networks were introduced as far back as the 40’s of the 20th century and first works about them started in the 50’s. Nowadays this technology is being used in different fields. We believe that the CleanTalk machine teaching technologies of spam detection could be upgraded with the help of Artificial Intelligence and the CleanTalk features could be expanded to define an emotional aspect of a comment.

      Theoretical researches of spam filtering with Neural Networks say that these algorithms could achieve 100% efficiency.

      The CleanTalk Company has started to develop Neural Networks Algorithms for spam presence analysis of comments and messages which could provoke negative effects, rudeness, abuse or fraud in discussions.

      There is a big data safety problem in online security. There are too much data to process anomalies that could be the signs of spambots presence.

      There are about 1.5 millions of requests the CleanTalk Cloud processes every day and each request contains set of about 40 parameters. The Cloud uses them to decide whether a request should be approved or blocked so AI could improve our possibilities in spambot patterns detection.

      We intend to supplement technology of spam protection and moderation with more reliable feature and take into account such things as slang, typos, context and other traits of a visitor behavior.

      About CleanTalk

      CleanTalk is a SaaS spam protection service for Web sites. CleanTalk uses protection methods which are invisible for site visitors. Connecting to the service eliminates needs for CAPTCHA, questions and answers and other methods of protection, complicating the exchange of information on the site. Their solutions are reliable, easy and efficient. The module is completely invisible to the visitors and allows you to permanently abandon the ways of protection that impede the communication of visitors to the site (CAPTCHA, question-answer, etc.). CleanTalk allows you to automate protection against distributed from spam and registration spam bots.

      The CleanTalk team has been developing a cloud spam protection system for 5 years and has created a truly reliable anti-spam service designed for you to ensure your safety.

    • Keeping Your Business Safe From Hackers in 2017 [INFOGRAPHIC]

      Resolute cyber hackers have many tools at their disposal to cause havoc in your systems while remaining undetected for a long period of time. More than a few high-profile companies have learned this the hard way. 2017 has been the year of high-profile cyber-attacks, with a growing list of victims that include the NSA hack, CIA’s Vault 7 data leak, Macron email hack, the Petya ransomware attack – the list goes on.

      It is fair to say that cyber-attacks are on the rise. Yet, it is interesting to find that many businesses openly admit that they lack sufficient defenses against such attacks, despite the damaging financial and reputational repercussions.

      Whether it is a denial of service attack, ransomware or email leak, investment in customer data protection and advanced early-detection systems is key for businesses.

      You may like to visit software directory to compare IT & security software after you have a look at the rundown we have compiled in the infographic below, outlining what you need to know about the looming cyber security threat businesses face.

      This infographic is based on ‘How to raise your organization’s security maturity level‘ by Bloor Senior Software Analyst, Fran Howarth. (Some data has been updated and new data has been included in the infographic.)

      Nabeel Khalid | Marketing Manager at CrozdeskBased in London with over 6 years of experience in Digital Media and Marketing, Nabeel is a regular contributor to the Crozdesk Blog.