CleanTalk's blog

    Sign up

    Category: CleanTalk

    • Our client’s review: CHECKLISTINSIDER.COM

      Our client’s review: CHECKLISTINSIDER.COM

      We continue sharing our clients’ reviews and today’s one is kindly brought to you by AK from checklistinsider.com on WordPress.

      Very useful plugin that helps you sit back and focus on other important tasks instead of dealing with those annoying spam user inputs from any and all the forms which are faced to public. So far I’m really happy with the performance of CleanTalk. It’s lightweight, performs its tasks perfectly well. Couldn’t expect anything more and don’t regret purchasing their anti-spam package.

      Another thing is their support. Had one minor issue with the plugin. Just had to raise a ticket and received pretty fast (within 24 hours) response from their technical engineer Serge. His proposed solution worked like charm.

      Hope to keep using it and never replace it for years to come.

      Screenshot 2025 07 28 at 10.22.06

    • Prevent for User Enumeration on WordPress

      Prevent for User Enumeration on WordPress

      I’m happy to announce option Prevent collecting of authors logins which you can find under settings,

      WordPress console -> Settings -> Security by CleanTalk -> General Settings

      This option disables users IDs enumeration in your WordPress. So, it stands against brute force for authors names. Here is example how the enumeration works in the plain WordPress,

      https://blog.cleantalk.org/?author=1

      By executing such links, an attacker brute forces users list on a site to get valid IDs and use it in further attacks.

      If you turn option Prevent collecting of authors logins on, the plugin disable enumeration by showing a blank page instead of valid page of author. URL for the blank page like this,

      https://blog.cleantalk.org/author/honeypot_login_1753432662.9124

      That’s it! Drop questions in the comment form down below.

    • Updates to api.cleantalk.org – July 22, 2025

      New Method email_check_one

      Our regular method email_check is focused on getting result no matter the cost. Due to this fact email_check could take up to a couple of minutes to process a request which is way to much for most website solutions.

      To remedy this a new method to check email existence available under Blacklist Database License has been added.

      The method’s called email_check_one and full documentation is available here: https://cleantalk.org/help/api-email-check-one

      The method guarantees a response in 60 seconds and in case the process exceeds 60 seconds – the method returns a special status which signifies the process will be finished in the background and the actual result might be retrieved later via polling.

      Here’s a quick example of a request (don’t forget to use your own license key):

      https://api.cleantalk.org/?method_name=email_check_one&auth_key=123456&email=st********@*****le.com

      And here’s a possible response:

      {"data":{"st********@*****le.com":"EXISTS"}}
    • CleanTalk Anti-Spam Added Direct Integration for WPZOOM Forms Plugin

      CleanTalk Anti-Spam Added Direct Integration for WPZOOM Forms Plugin

      We are glad to announce that CleanTalk Anti-Spam now offers direct integration for the WPZOOM Forms plugin, providing effortless and effective spam protection for WordPress users.

      What’s New?


      Starting from the latest version 6.60 for WordPress, CleanTalk Anti-Spam automatically protects WPZOOM Forms from spam submissions without the need for additional setup. The integration is designed to work out of the box and silently block spam bots before they even reach your inbox.

      How It Works


      CleanTalk uses its cloud-based spam detection service to analyze form submissions in real time. When a visitor submits a form via WPZOOM Forms, CleanTalk checks the request for spam activity. If the submission is deemed suspicious or spammy, it is blocked immediately — all without using CAPTCHA or annoying puzzles.

      Key Benefits

      • Advanced email validation — CleanTalk checks if the email address is real, disposable, or blacklisted
      • Spam bot behavior analysis — Detects bots by analyzing how the form is filled out (JavaScript, time of submission, etc.)
      • IP reputation check — Every submission is checked against CleanTalk’s global spammer IP database
      • No CAPTCHA required — Invisible protection for a better user experience
      • Fast and lightweight — Does not affect form or page speed
      • Automatic logging — Every blocked or allowed request is logged in your CleanTalk dashboard

      How to Enable Anti-Spam protction for WPZOOM Form

      Install the Anti-Spam plugin
      CleanTalk Anti-Spam for WordPress is a powerful plugin that blocks spam silently in the background. It also has direct integration with WPZOOM Forms, and here’s how to set it up:

      Go to your WordPress admin panel → Plugins → Add New.
      In the search box, type “CleanTalk” and click Install on the result
      called “Spam protection, Anti-Spam, FireWall by CleanTalk”.

      Search Results for “cleantalk” WordPress org 07 22 2025 05 17 PM
      Search Results for “cleantalk” WordPress org 07 22 2025 05 17 PM

      After installation, click the “Activate” button.
      Then go to the plugin settings and click “Get Access Key Automatically” to activate protection.

      That’s it! CleanTalk will now start protecting all WPZOOM Forms on your website without any extra setup.

      How to Test Spam Protection of Your WPZOOM Forms

      Use this simple test to confirm that CleanTalk is active:

      • First, open a WPZOOM form on your site in an Incognito/Private browser tab
      • Enter this test email: st********@*****le.com
      • Submit the form
      wpzoom anti-spam protction
      wpzoom anti-spam protction

      You’ll see a message that the submission was blocked.
      That means the Anti-Spam plugin is now actively protecting your WPZOOM Forms from spam!

      Screenshot 2025 07 18 115513
      wpzoom spam block

      Enjoy the clean results!

      🔔 Important: You must test in Incognito mode because logged-in administrators are not blocked by default.


      If you have any questions, feel free to leave a comment — we’ll be happy to help.

      Protect your WPZOOM Forms from spam in minutes — with no extra setup and no CAPTCHA headaches.
      CleanTalk continues to expand its compatibility with popular WordPress plugins to keep your site clean, secure, and user-friendly.

      🔗 Learn more about CleanTalk Anti-Spam here: https://cleantalk.org/help

    • CleanTalk for WordPress Updates: New Features and Improvements in Anti-Spam and Security

      CleanTalk for WordPress Updates: New Features and Improvements in Anti-Spam and Security

      We have released fresh updates for two of our plugins — CleanTalk Anti-Spam and CleanTalk Security for WordPress. In the new versions (v6.59 and v2.159 respectively), we have not only added useful features, but also fixed some issues to make your protection against spam and threats even more effective and stable.

      What’s new in CleanTalk Anti-Spam v6.59 for WordPress


      We have improved the plugin and made several important changes:

      1. Fixed a bug with a honeypot on the WordPress search form
        Starting with WordPress 6.3.0, the search form can be rendered dynamically via JavaScript. This prevented the honeypot field used to detect bots from working correctly. In the update, we have adapted our code to this new logic — now everything works correctly.
      2. Improved Anti-Crawler
        The Anti-Crawler (Bot Protection) function is designed to block suspicious bots that:

      scan the site for vulnerabilities,

      aggressively parse content or images,

      load the server and cause a decrease in site speed.

      Anti-Crawler helps protect site resources from bots. In the new version, we have fixed the issue due to which blocking could not work when using an alternative mechanism for storing data in the database (Store data in the website database).

      More about the function: Anti-Crawler (Bot Protection) checks the visitor on the first visit, and if it is determined to be a suspicious bot, it receives a blocking screen on the second request. Trusted bots (Google, Bing, etc.) are automatically whitelisted.

      1. Added a constant to exclude feeds from Anti-Crawler
        Now you can exclude WordPress feeds from bot checking. How to use https://cleantalk.org/help/anti-crawler-exclusion
        This is useful if you actively use RSS/Atom feeds on your site.
      2. Mailchimp embed forms support
        We have adapted the replacement of Mailchimp embed form values, which made anti-spam protection compatible with these subscription forms.
      3. New hook for anti-spam widget visibility
        Previously, only the administrator could see anti-spam statistics in the admin panel. Now, with the new hook, you can extend access to this data to other roles (for example, editors or SEO specialists).
      4. Integration with QuickCal (Escapion theme)
        If you use the Escapion theme, which includes the QuickCal plugin, the QuickCal form is now automatically protected from spam by CleanTalk.
      5. Improved integration with RegistrationMagic
        Previously, every time a value was entered in a RegistrationMagic form field, a request was made to the anti-spam service, which created an extra load. Now everything is optimized – the request is sent only when the form is fully submitted.
      Dashboard ‹ CleanTalk s blog — WordPress 07 11 2025 03 04 PM
      Dashboard ‹ CleanTalk s blog — WordPress 07 11 2025

      What’s new in CleanTalk Security v2.159 for WordPress

      1. New feature – File editor blocking
        When malicious code is detected, the WordPress file editor is automatically blocked. This helps prevent further infection and prevents attackers from changing other files through the built-in editor. You can manage the modes:
      Security by CleanTalk Settings ‹ CleanTalk s blog — WordPress 07 11 2025 03 11 PM
      Security by CleanTalk Settings ‹ CleanTalk s blog — WordPress 07 11 2025 03 11 PM

      Auto – the editor is blocked only when there is a threat;

      On – the editor is always disabled;

      Off – blocking is disabled.

      1. SecurityLog – changing user role
        In the security log, you can now change the role of users directly from the interface. This is especially useful for administrators when investigating suspicious activity.
      2. New signature for JS files
        The scanner has been improved for analyzing and detecting malicious code in JavaScript files. This increases the depth and accuracy of site analysis.
      Security by CleanTalk Settings ‹ CleanTalk s blog — WordPress 07 11 2025 03 30 PM
      Security by CleanTalk Settings ‹ CleanTalk s blog — WordPress 07 11 2025
      Screenshot 2025 07 11 153046
      CleanTalk changes its role

      How to update
      The update is available in the WordPress.org repository. Just go to the admin panel → Plugins → Update CleanTalk Anti-Spam and Security to the latest versions.

      You can track the changelog here
      https://wordpress.org/plugins/cleantalk-spam-protect/#developers
      https://wordpress.org/plugins/security-malware-firewall/#developers

      If you have any ideas, wishes or want to share feedback – we are always in touch via support. Just write your opinion, questions or suggestions in the comments

    • CleanTalk Anti-Spam is now available for Everest Forms users

      CleanTalk Anti-Spam is now available for Everest Forms users

      I’d love to announce that CleanTalk Anti-Spam technology is now available to Everest forms users as a built-in Anti-Spam solution.

      You can find it under Settings,

      WordPress console -> Everest Forms -> Settings -> Integrations -> CleanTalk
      CleanTalk settings under Everest forms.
      Screenshot 2025 07 11 at 12.53.52 PM

      CleanTalk with Everest forms supports almost same stack of technologies like native Anti-Spam plugin by CleanTalk,

      • Automated filtration bots.
      • Filter spammers by IP, Email, IP networks.
      • Real-time email verification for existence, fake or real email.
      • Anti-Spam logs up to 45 days.
      • Tech support, 27/7.
      • Customize message to forbidden visitors.
      • Delegate control of your websites to other accounts at CleanTalk.org.

      We’ve been testing this integration since May 12th, 2025, it’s firm and stable by now. Anyway, if you have any questions or issues, just drop a message in the comment section down below.

      In order to activate the protection, add a new website to the Dashboard or sign up for an account.

      Have questions? Just drop a message in the comment form down below.

    • Spam Bot xr*******@*****ok.com

      If you have noticed a recent surge in spam from xr*******@*****ok.com, you are dealing with one of the oldest spam threats. Active since May 4, 2018, this spambot continues to attack thousands of websites around the world, flooding forms such as comment sections, registration pages, and contact forms.

      Spam messages from this bot typically contain aggressive advertising content, including offers of suspicious services, questionable products, and outright scams. The bot uses various languages ​​and advertising phrases to attract attention and tries to mislead website visitors.

      The main goal of these spam attacks is to push website visitors to external malicious or fraudulent links, compromise user security, or collect personal data for further spam campaigns.

      xr*******@*****ok.com Spambot – Why it is dangerous

      This spambot uses a vast network of IP addresses around the world, making IP-based blocking ineffective. It uses automation scripts designed to fill out various website forms, bypass major spam filters, and overload your site with unwanted content.

      Current Stats:

      First discovered: May 4, 2018

      Last active: June 25, 2025

      Total websites attacked: 12,789

      Daily spam requests blocked by CleanTalk: ~1,100

      Possible consequences of spam content on your site

      Allowing spam content to appear on your site or responding to spam emails can cause you to face serious problems, including:

      Reputation damage: Visitors who see spam or suspicious content may lose trust in your website and brand.

      Security risks: Spam links often lead to malware, phishing sites, or scams, putting your visitors at risk.

      SEO penalties: Search engines may penalize your site for hosting spam content, significantly reducing your site’s visibility.

      Data Security Threats: Replying to spam emails can expose your email address to further targeted attacks or phishing attempts.

      An effective way to stop spam xr*******@*****ok.com

      CleanTalk Anti-Spam Integration

      CleanTalk works in the background, automatically filtering spam content, fake registrations, and offensive submission forms without annoying CAPTCHAs or complicated settings.

      CleanTalk supports:

      WordPress, Joomla, Drupal, OpenCart, Magento and other popular CMS platforms

      Custom website creation with CleanTalk’s robust API integration

      👉 View CleanTalk installation guide

      Beware of spam with CleanTalk

      CleanTalk provides comprehensive spam protection with:

      ✅ Real-time spam filtering

      ✅ Protection against automated bot submissions

      ✅ No CAPTCHAs or annoying puzzles

      ✅ Real-time email address verification whether the email address exists or not

      Protect your website effortlessly. Install CleanTalk in less than 5 minutes and protect your site from threats like xr*******@*****ok.com.

      👉 Get Started Now

      Stop worrying about spam – let CleanTalk protect your site.

    • Phone numbers encoded by WordPress plugin

      Phone numbers encoded by WordPress plugin

      We’ve extended protection against crawling personal data on public pages. Since version 6.55 plugin encodes phone numbers as well as emails on any public page in your WordPress.

      Encoding works by two switches. Either you turn on global encoding for all content on the site,

      WordPress console -> Settings -> Anti-Spam by CleanTalk -> Advanced Settings -> Encode contact data -> Encode phone numbers.

      Here are full manual how to use this option https://cleantalk.org/help/email-encode

      Or use short code below to encode a specific phone number in article,

      [apbct_encode_data] +1 11*********44 [/apbct_encode_data]

      Here are more details for the short code https://cleantalk.org/help/using-shortcodes-hooks-to-encode-contact-data

      Here is an example of encoded phone number,

      We are happy to assist you at  +1***********30.

      That’s all, phone number is encoded and protected against crawling by spam bots!

      Finally, In the Anti-Spam log track interactions (encoding contact data by real visitors) with contact data on a website. There you find date, time and location of visitors who saw your phone number on a site https://cleantalk.org/my/show_requests

      Track contact data interaction on a site.
      Screenshot 2025 06 20 at 12.49.53 PM

      Have a question? Just drop the comment in the form down below. Cheers!

    • ya**********@***il.com is Sending Spam and Malicious Requests – How to Stop it

      ya**********@***il.com is Sending Spam and Malicious Requests – How to Stop it

      If your site is suddenly inundated with spam from the address ya**********@***il.com, you are not alone. This email is part of a large-scale spam botnet targeting thousands of sites worldwide. The spam it sends is disguised as legitimate customer messages, in different languages, messages like “I would like to know your price”:

      Xin chào, tôi muốn biết giá của bạn.
      Sveiki, aš norėjau sužinoti jūsų kainą.
      Sveiki, es gribēju zināt savu cenu.
      Hola, quería saber tu precio..
      Ciao, volevo sapere il tuo prezzo.
      Hola, volia saber el seu preu.

      Perhaps they are expecting a response from you by email and to receive your email for some further actions with it.

      At CleanTalk, we have detected and blocked this bot since October 10, 2024, and since then it has become one of the most active spammers. Every day, we block about 16,000 spam requests associated with this address on our clients’ websites.

      This email address have been stuck on your blacklist for a while now:

      ya**********@***il.com on **********@***il.com“>CleanTalk blocklist

      yawiviseya gmail com Email spam report 06 26 2025 06 28 PM
      yawiviseya gmail com Email spam report 06 26 2025 06 28 PM

      What is the ya**********@***il.com spambot?


      This spambot is part of an automated system (botnet) that sends spam using rotating IP addresses and scripts. It imitates real users to bypass basic site protections and fills forms with spam content.

      Its purpose: to promote suspicious links, overload your site’s forms, and potentially inject malicious data — all using a disposable email address like ya**********@***il.com.

      Current stats:

      • Detected: October 10, 2024
      • Last seen: June 23, 2025
      • Websites attacked: 8,572
      • Spam requests blocked daily: ~16,000

      How to stop spam from ya**********@***il.com


      The fastest way: use CleanTalk Anti-Spam.
      CleanTalk works silently in the background to filter out spam comments, contact form abuse, fake registrations, and more. It blocks spam email addresses like ya**********@***il.com before they even reach your site.

      CleanTalk is available for:

      WordPress, Joomla, Drupal, OpenCart, Magento, etc.

      Custom websites via API integration.

      👉 CleanTalk Installation Guide

      ya**********@***il.com is part of a widespread spam campaign. Using CleanTalk Anti-Spam and the Personal Blacklist feature, you can block him and similar bots before they harm your site.

      🧩 Want full protection?

      ✅ Blocks fake registrations and spam submissions
      ✅ Filters bots and fake emails in real time
      ✅ No CAPTCHAs or puzzles – clean and fast

      Stay ahead of spam – let CleanTalk handle the bots so you can focus on your content. Protect your site in under 5 minutes.
      👉 Start now

    • WP CLI support in Security by CleanTalk (WordPress plugin)

      WP CLI support in Security by CleanTalk (WordPress plugin)

      We’ve added to Security by CleanTalk support of WP CLI commands. The list of commands,

      • Service setup, including interactions with cloud to get an API key and synchronization.
      • Various settings of the plugin.
      • Settings for templates.
      • Malware scanner commands.

      Full guide with examples is here https://cleantalk.org/help/security-wp-cli

      It works on plugins starting version 2.156 which has been released on May 19, 2025.

      Have questions? Please drop us a message in the comment form down below.

    CleanTalk

    About

    Dashboard

    Pricing

    Sign up / Sign in

    Solutions

    Anti-Spam for websitee

    Blacklists

    Filter fake emails

    Gantt charts

    Hide contact data

    Stop spam emails in Contact form 7 (CF7)

    Stop spam in Elementor form builder

    Stop spam in WPForms

    Website malware scanner

    WordPress Security & Firewall Plugin

    Documentation

    API

    Help

    License agreement

    Privacy Policy

    Refund Policy

    Signs of Malware

    Contact us

    Create a support ticket

    Telegram

    Contact us