CleanTalk's blog

    Sign up

    Author: Alexander

    • PHP Error Logging in the WordPress Backend

      CleanTalk has added a new function in their WordPress Security Plugin. With CleanTalk Security you will always know about any PHP errors on your website.

      Are you sure that your website doesn’t have PHP errors?
      Not all hosting companies enable PHP Log by default and you need some time to enable it and sometimes it looks difficult if you don’t have enough experience.

      Why is it important?

      Any PHP errors tell you that some of your website functionality doesn’t work correctly, furthermore hackers may use these errors to get access to your website.

      So, CleanTalk WordPress Security Plugin collects PHP errors and sends them to your CleanTalk Dashboard.

      PHP Log contains data/time and the type of error:
      NOTICE
      WARNING
      FATAL_ERROR
      UNKNOWN

      Each type has a short comment, what does it mean and our recommendations for how to resolve it. You can view your log in CleanTalk Dashboard.

      CleanTalk provides a simple and easy way to control all PHP errors and to prevent problems for your customers. You can enable this option on the settings page of CleanTalk WordPress Security plugin. Go to your WordPress Dashboard->Settings->Security by CleanTalk->General Settings->Miscellaneous and pick the option “Collect and send PHP logs”.

      If you have any questions, we will be happy to help you.
      Leave your comment below.

    • Two-Factor Authentication for WordPress

      CleanTalk has launched Two-Factor Authentication for WordPress admin accounts that will improve your website security and make it safer, if not impossible, for hackers to breach your WordPress account.


      Two-Factor Authentication works via e-mail. It makes the Two-Factor Authentication more reliable. The reason is that if an intruder knows your password they also need to know your e-mail address that is being used to get an authorization code and the password to your e-mail.

      This method almost eliminates the possibility for strangers to get access to your account.


      It requires a bit of your time but Two-Factor Authentication immediately gives a much higher level of protection.


      With your first authorization, the CleanTalk Security plugin remembers your browser and you won’t have to input your authorization code every time anymore. However, if you started to use a new device or a new browser then you are required to input your authorization code. The plugin will remember your browser for 30 days.


      To activate Two-Factor Authentication go to the settings of the CleanTalk Security plugin and enable the option  “General Settings” -> “Miscellaneous” -> “Two-Factor Authentication”. The letter with your authorization code will be sent to your e-mail that you put into the general settings of your WordPress website.


      You will be notified by e-mail each time the Two-Factor Authentication was successfully passed.


      By spending a few minutes to set up Two-Factor Authentication you save your time and other resources by not having to deal with the consequences of the hacked website.


      If you have any questions, we will be happy to help you.
      You can leave a comment below or create a private ticket here.

    • Security issue in the Drupal plugin

      Hello!

      We want to notify a security issue in the Drupal plugin. https://www.drupal.org/sa-contrib-2019-010

      We are working on this and after a couple of hours, a new release will be ready.

      Update

      The issue depends on the option “SpamFireWall”. We have fixed that and send the new version to the Drupal Team for approval.

      While they are approving it, you can disable the option: Drupal Admin Page —> Modules —> OTHER category —> Anti-Spam by CleanTalk (Configure) —> disable “SpamFireWall”

      The latest update on Feb 02 2019


      We received the last answer and we hope that this
      Monday new release will be approved. https://twitter.com/DamienMcKenna/status/1091507312056037377

      At the moment we still haven’t received a response and the fixed version is still on validation.
      Feb 06 2019.

      Latest news.
      We are pleased to inform you that the fixed version of our Drupal Plugin has been approved. https://www.drupal.org/project/cleantalk

      Please, update your plugin. 

      Thank you!

    • Real-Time Email Address Existence Validation

      Real-Time Email Address Existence Validation

      Today we launched a new and important parameter to evaluate spambots. According to our statistics, almost 30% of all spam requests are made with fake email addresses, i.e. such addresses do not exist.

      Previously, we could only check the existence of emails after the fact and use these data in the future; now we have started checking emails in real-time.

      This new feature of CleanTalk grants the ability to check email addresses for existence in real-time.

      Non-existing email addresses also entail several other problems for website owners:
      • You can never contact them by email,
      • The client will never receive any notifications from you (account activation letter, password recovery, email distribution, notifications, etc.),
      • If you use email marketing for your clients, then a large number of nonexistent emails in the mailing list may result in your IP address being added to various blacklists of email servers.

      The anti-spam service will block all requests with not real email addresses.
      You can control such requests in the anti-spam dashboard, non-existent emails will have the “Fake email” status.

      Checking emails for existence is available for all anti-spam plugins and is included in the standard package.

      Update 05/23/2022

      Encrypted SMTP support has been added,

      Spam filtering service improved

      You can leave a comment below or create a private ticket here.
      We will be happy to answer your questions.
      How to install CleanTalk Anti-Spam on your website.
      Create an account or log in.
      Thank you!

    • CleanTalk Anti-Spam with White Label mode

      Warning! The instruction is out-of-date. The current guide can be found here.

      We have developed the White label mode to make usage of the service for hosting more comfortable and it virtually eliminates the interaction between CleanTalk and hosting clients. This option is available only for WordPress MultiSite.

      It also allows changing logos, links to your own. Your clients don’t need to get an access key, and the anti-spam logs and statistics will be available in the plugin settings, in the admin panel.

      How to enable White label Mode
      You have to edit wp-config.php in WordPress and add this code:
      define(‘APBCT_WHITELABLE’, true);
      define(‘APBCT_HOSTER_API_KEY’, ‘YOUR_HOSTER_API_KEY’);

      Where YOUR_HOSTER_API_KEY is a key from your CleanTalk’s hoster panel.

      So, you can change other details of the plugin in your CleanTalk Dashboard.

      Learn more, how to configure your own hosting service.

      Let us know if you have any questions and we will be happy to help you.
      Leave a comment below or Create a private ticket.

      Thank you!

    • How to Stop Profanity and Obscene Words on Your Website

      CleanTalk makes possible to prevent comments and messages with obscene words to appear on your website. Stop-Words Option allows blocking comments which contain words and phrases from your stop-word list. Such comments will be held for moderation. Stop-Words Option could be enabled for comments and forum posts.

      How Stop-Words Work

      If you activated Stop-Words the CleanTalk service will check texts for having words you have put in your list of forbidden words, if any of the words or phrases are detected then the comment will be sent for moderation. Checking for stop-words is available for comments and nicknames.

      Using Stop-Words to Enhance Anti-Spam Protection

      You can prevent manual spam by adding words and phrases that are being used in spam mailing. In case of manual spam there are no spambots but real human beings who visit websites and post spam comments. To know what words you should block it’s enough to look at spam mailing texts or spam comments, most likely you will see some patterns or repeatable text parts.

      How to Add Stop-Words

      The option could be enabled on your Personal Lists page. Please, follow this guide:
      https://cleantalk.org/help/stop-word

      The Stop-Words Option is included in the Extra Package. Go to your CleanTalk Control Panel to see more details.
      https://cleantalk.org/my/bill/recharge

      Please feel free to contact us anytime, we will gladly answer your questions.

      Leave a comment here or Create a private ticket.

      Thank you!

      P.S.
      We have prepared our list of stop words and you can use it completely or edit it when adding it.
      Here is a list of stop words that we have prepared to stop some of the manual spam comments.

    • Data Encryption in the CleanTalk API method “spam_check”

      Data Encryption in the CleanTalk API method “spam_check”

      We are happy to inform you that we have supplemented our API method and now the “spam_check” method takes information in an encrypted form.

      How It Works

      Every piece of data for each IP or email is encrypted with the SHA256 algorithm and now if the method sends a SHA256 hash to the CleanTalk Cloud, then the search in the CleanTalk database will be processed in hash form.

      This will allow you to refuse forwarding of personal data (IP and email) and you will be able to send only hashes of these data.

      Please, look at this guide here:
      How to Use Encryption in “spam_check” API

      Please feel free to contact us anytime, we will gladly answer your questions.

      Leave a comment below or Create a private ticket.

    • Temporary email addresses – one of the attributes of spam

      Use of temporary email addresses for registration/comments and messages is one of the attributes of spam.

      What’s wrong with using temporary email addresses? You will never be able to contact this customer and your marketing will not work. If this user forgets login/pass he will never be able to restore them.

      CleanTalk Anti-Spam has added a new parameter that considers of using a temp email in posts and these email will have an additional spam score. We don’t use a strong filtration for these emails, there must be more than one of the spam parameters.

    • CleanTalk Web Application FireWall for WordPress Security Plugin

      Hello,

      We are happy to announce CleanTalk Web Application FireWall for WordPress Security Plugin. The main purpose of WAF is to protect the Web application from unauthorized access, even if there are critical vulnerabilities.

      It allows you to protect Web applications from known and unknown attacks. Its use is transparent to all visitors to the website and does not require knowing how is HTTP working and allows very accurate filtering, supports both GET and POST methods, requests to dynamic resources.

      So, hackers use additional HTTP parameters to use vulnerabilities that allow them to get access to a website or prevent changes on your website.

      WAF catches all requests to your website and checks HTTP parameters that include: SQL Injection, Cross Site Scripting (XSS), uploading files from non-authorised users, PHP constructions/code, the presence of malicious code in the downloaded files.

      So, if HTTP request contains these parameters then this request will be blocked. The special page and reason for blocking will show for blocked requests.

      In addition to effective information security and information security applications are required to know what is quality of protection and CleanTalk is logged all blocked requests that allow you to know and analyze accurate information. You can see your Cleantalk Logs in your Control panel. https://cleantalk.org/my/logs_firewall

      CleanTalk Web Application FireWall for WordPress is the proactive defense against known and unknown vulnerabilities to prevent hacks in real-time.

      Learn more, how to set up and test
      https://cleantalk.org/help/security-waf

    • “Feedback System” for analyzing suspicious files for WordPress Security

      Hello,

      We are happy to introduce our “Feedback System” for analyzing suspicious files. This is the client-server feature in CleanTalk Security Plugin that allows sending suspicious files from WordPress backend to CleanTalk cloud.

      So, CleanTalk WordPress Security Plugin includes a Malware Scanner and there may be situations after scanning when you don’t know, is there a bad code or not, especially if you don’t have a programming experience. Well, you will be able to send some files to CleanTalk and we will check them. After checking we will send you an email notification with results.

      Please, look at our guide How file analyzes works.