Author: Alexander

We have released fresh updates for two of our plugins — CleanTalk Anti-Spam and CleanTalk Security for WordPress. In the new versions (v6.59 and v2.159 respectively), we have not only added useful features, but also fixed some issues to make your protection against spam and threats even more effective and stable.

What’s new in CleanTalk Anti-Spam v6.59 for WordPress

We have improved the plugin and made several important changes:

1. Fixed a bug with a honeypot on the WordPress search form
   Starting with WordPress 6.3.0, the search form can be rendered dynamically via JavaScript. This prevented the honeypot field used to detect bots from working correctly. In the update, we have adapted our code to this new logic — now everything works correctly.
2. Improved Anti-Crawler
   The Anti-Crawler (Bot Protection) function is designed to block suspicious bots that:

scan the site for vulnerabilities,

aggressively parse content or images,

load the server and cause a decrease in site speed.

Anti-Crawler helps protect site resources from bots. In the new version, we have fixed the issue due to which blocking could not work when using an alternative mechanism for storing data in the database (Store data in the website database).

More about the function: Anti-Crawler (Bot Protection) checks the visitor on the first visit, and if it is determined to be a suspicious bot, it receives a blocking screen on the second request. Trusted bots (Google, Bing, etc.) are automatically whitelisted.

3. Added a constant to exclude feeds from Anti-Crawler
   Now you can exclude WordPress feeds from bot checking. How to use https://cleantalk.org/help/anti-crawler-exclusion
   This is useful if you actively use RSS/Atom feeds on your site.
4. Mailchimp embed forms support
   We have adapted the replacement of Mailchimp embed form values, which made anti-spam protection compatible with these subscription forms.
5. New hook for anti-spam widget visibility
   Previously, only the administrator could see anti-spam statistics in the admin panel. Now, with the new hook, you can extend access to this data to other roles (for example, editors or SEO specialists).
6. Integration with QuickCal (Escapion theme)
   If you use the Escapion theme, which includes the QuickCal plugin, the QuickCal form is now automatically protected from spam by CleanTalk.
7. Improved integration with RegistrationMagic
   Previously, every time a value was entered in a RegistrationMagic form field, a request was made to the anti-spam service, which created an extra load. Now everything is optimized – the request is sent only when the form is fully submitted.

What’s new in CleanTalk Security v2.159 for WordPress

1. New feature – File editor blocking
   When malicious code is detected, the WordPress file editor is automatically blocked. This helps prevent further infection and prevents attackers from changing other files through the built-in editor. You can manage the modes:

Auto – the editor is blocked only when there is a threat;

On – the editor is always disabled;

Off – blocking is disabled.

2. SecurityLog – changing user role
   In the security log, you can now change the role of users directly from the interface. This is especially useful for administrators when investigating suspicious activity.
3. New signature for JS files
   The scanner has been improved for analyzing and detecting malicious code in JavaScript files. This increases the depth and accuracy of site analysis.

How to update
The update is available in the WordPress.org repository. Just go to the admin panel → Plugins → Update CleanTalk Anti-Spam and Security to the latest versions.

You can track the changelog here
https://wordpress.org/plugins/cleantalk-spam-protect/#developers
https://wordpress.org/plugins/security-malware-firewall/#developers

If you have any ideas, wishes or want to share feedback – we are always in touch via support. Just write your opinion, questions or suggestions in the comments

If your site is suddenly inundated with spam from the address ya**********@***il.com, you are not alone. This email is part of a large-scale spam botnet targeting thousands of sites worldwide. The spam it sends is disguised as legitimate customer messages, in different languages, messages like “I would like to know your price”:

Xin chào, tôi muốn biết giá của bạn.
Sveiki, aš norėjau sužinoti jūsų kainą.
Sveiki, es gribēju zināt savu cenu.
Hola, quería saber tu precio..
Ciao, volevo sapere il tuo prezzo.
Hola, volia saber el seu preu.

Perhaps they are expecting a response from you by email and to receive your email for some further actions with it.

At CleanTalk, we have detected and blocked this bot since October 10, 2024, and since then it has become one of the most active spammers. Every day, we block about 16,000 spam requests associated with this address on our clients’ websites.

This email address have been stuck on your blacklist for a while now:

ya**********@***il.com on **********@***il.com“>CleanTalk blocklist

What is the ya**********@***il.com spambot?

This spambot is part of an automated system (botnet) that sends spam using rotating IP addresses and scripts. It imitates real users to bypass basic site protections and fills forms with spam content.

Its purpose: to promote suspicious links, overload your site’s forms, and potentially inject malicious data — all using a disposable email address like ya**********@***il.com.

Current stats:

• Detected: October 10, 2024
• Last seen: June 23, 2025
• Websites attacked: 8,572
• Spam requests blocked daily: ~16,000

How to stop spam from ya**********@***il.com

The fastest way: use CleanTalk Anti-Spam.
CleanTalk works silently in the background to filter out spam comments, contact form abuse, fake registrations, and more. It blocks spam email addresses like ya**********@***il.com before they even reach your site.

CleanTalk is available for:

WordPress, Joomla, Drupal, OpenCart, Magento, etc.

Custom websites via API integration.

👉 CleanTalk Installation Guide

ya**********@***il.com is part of a widespread spam campaign. Using CleanTalk Anti-Spam and the Personal Blacklist feature, you can block him and similar bots before they harm your site.

🧩 Want full protection?

✅ Blocks fake registrations and spam submissions
✅ Filters bots and fake emails in real time
✅ No CAPTCHAs or puzzles – clean and fast

Stay ahead of spam – let CleanTalk handle the bots so you can focus on your content. Protect your site in under 5 minutes.
👉 Start now

How does it work?

As soon as someone creates an issue in your GitHub repository, the integration automatically creates a task in the specified project and board in doBoard.

The task is created on behalf of the user specified in the settings, so the whole team immediately understands who is responsible for processing it.

Optionally, you can set up notifications in the Telegram chat so that the team immediately learns about all changes in issues.

A real example from our team

Previously, we received all notifications about new issues by email, and this was not the most effective solution. Dozens of different emails come every day, and some important tasks could get lost. Sometimes it took several weeks to respond, and this raised legitimate questions from users and slowed down our work.

In search of a solution, we considered several options and the most effective solution would be to create tasks in our doBoard project management system. We have developed an integration between GitHub and doBoard using API. Now every new issue immediately becomes a task in doBoard, where it is easy to see, discuss and assign a responsible person. As a result, our team’s response time has been reduced to 1-2 days, which is usually needed to evaluate proposals or discuss details.

Why do we recommend this integration?

1. No more missed issues: everything appears automatically in doBoard.
2. It is immediately clear who is doing what: no mess.
3. No more wasting time sorting mail: tasks appear on their own.

You can now also automate your work with GitHub Issues using our integration, you won’t need much time to connect your repositories, the package itself and instructions can be found here https://github.com/CleanTalk/github-to-doboard?tab=readme-ov-file.

Dear Users,

Earlier, we introduced the Holiday Form Decoration feature in the Anti-Spam plugin, allowing website owners to add festive designs to their WordPress comment forms. We have noticed that it did not receive the level of interest we initially anticipated.

After evaluating user feedback and adoption rates, we have decided to remove this feature from the Anti-Spam plugin in the upcoming release 6.51. This decision allows us to focus on developing and improving features that provide greater value to our users.

If you have any thoughts on this or would like to suggest new enhancements, feel free to share your feedback. We always strive to improve our plugin based on what truly matters to our users.

Thank you for being part of our community and for your continued support!

— The CleanTalk Team

We are always looking for ways to improve your experience with website security. As such, we will sunset the Frontend Malware Scanner within our plugin on December 1st, 2024.

Why the change?

• After evaluating the data we can certainly say that very few of you use the front-end malware scanner. While it is a nice feature, it has just not been that popular.
• Also, this scanner is not as effective as we expect it to be.
• So, we’re putting our energy into the stuff that counts. We will spend most of our time on the parts of the security tools that you use and love. This way, we can keep your website safe and sound without all that extra hassle.

Where will this take us?

We’re focusing our resources on making our Malware Web Scanner even more powerful! This robust tool scans and blocks threats in real time, ensuring your site stays protected from the latest online dangers. If you’ve been using our Frontend Malware Scanner, consider switching to the enhanced Malware Web Scanner to experience its full potential in safeguarding your site. To identify potential vulnerabilities and security risks, it will analyze websites for:

• Malware external links
• Public blacklists
• Exposed repositories
• Internal links
• SSL certificates
• CMS identification
• Server information

What does this mean for you?

• Don’t sweat! All the other security features within the plugin will continue to work just fine.
• Even more protection: We keep going further with the online scanner to make it even stronger in protecting your website.

Questions?

Our amazing support team is here for you. Just email them, and they will answer if anything crosses your mind. Thanks for your understanding! We look forward to serving you more with the best website security.