CleanTalk's blog

    Sign up

    Category: CleanTalk

    • How to Find Email Addresses

      The hunt to find email addresses can be overwhelming. It is not easy to know where to look and who to contact. Having the right contact is the most important part of sending any email, so you definitely want to make sure that you follow through. There could be many reasons as to why you are searching for an address. You might have a general inquiry, need sales contacts, or be on the job hunt. This article will go over how to search for email addresses through a variety of useful methods. Your information is valuable, and you want to make sure it gets into the right hands without wasting your time.

      Do not fret about the time consumption that searches will take. It truly does not have to be a frustrating process. There is a multitude of ways to search for email addresses. If one method does not work, move on to the next, and you are most likely going to find what you are looking for. Start with the method that seems like it would work best for your specific situation. This could be using company websites, email lookup tools, google or bing, or even social media.

      Table of contents 

      • Finding the Right Email Address is Important
      • Try looking into the Company Website
      • Extrapolating Based on Known Email Addresses
      • Try Getting in Contact with the Admin of a Company
      • Check Social Media
      • Find Blogs and Personal Websites
      • Use People Search Sites
      • Try An Email Lookup Tool
      • Try An Email Lookup Tool
      • Try the @domainname.com search with DuckDuckGo
      • Subscribe to Your Prospects Email List
      • Utilize the Generic Email Address
      • Try Contacting Companies through the “Contact & About Us” Pages
      • Try Scouring the Internet with Websites Such as WHOIS
      • When All Else Fails, Take a Guess
      • Conclusion

      Finding the Right Email Address is Important

      When contacting someone who is at the top of your list, it is necessary to find email addresses that are correct. The right email address will transform your inquiry into an answer in the fewest amount of steps. Your main goal is to find the decision-maker for your specific question. For example, if you are aiming to contact a company, there are many employees that can be contacted. How do you know which person to email? Do your research. Look into the different departments and/or job titles to find someone’s email address who is most likely going to have an answer for you. 

      If you attempt to use an email address for just anyone, you might find yourself making your way through a chain of email transfers before you get to the right person. It would save you loads of time to find the correct contact in the first round. There are many ways to search for an email address. You could try searching through a company website, using social media, or even regular search engines. Just remember that it is worthwhile to complete your research ahead of time instead of relying on the wrong contact to get you to where you need to be.

      Try Looking into the Company Website

      If you are looking to find an email address, the company website might be one of the first places to look. Many people are hunting email addresses for business-related purposes, so company contact information simply makes the most sense. The next question is how to find the right place to look once you get to the correct website. This will usually be under specific tabs. The name of the tab will somehow be related to contact info or employees. Examples of tab names include but are not limited to “Meet the Team,” “Contact Us,” “Our Employees,” or “Departments.” 

      Once you find the tab that correlates the most with what you are looking for, you might luck out and see contact info right then and there. If not, you will most likely have to dig a little deeper. Think about the department that you are presumably looking for. It could be marketing, accounting, client services, etc. Once you find the right spot, you might be able to scroll through a list of company employees and their email addresses. If you still do not know which employee to choose, try checking job titles. For inquiries that need to go to the person in charge, look for higher titles. Smaller inquiries can go to lower titles. Typically job titles are quite descriptive, so you should not have too much of a problem after this.

      Try Using a Search Engine Such as Google

      Search engines are a go-to way to find someone’s email. Google is the holder of all information, and it will give you a generated selection of links that match the information that you are looking for. The question of how to use search operators does not come along with a complicated answer. 

      When searching for someone’s email address, all you have to do is type in relevant information into the search bar. This could be their name, company, specific job titles, etc. This search entry will typically take you to a relevant site that may contain the information you are looking for. There will be many options presented to you, so you can click through each one to see if you are ever able to find specific email addresses. A precise google search could result in finding the contact information of the registrar of a company’s web server.

      To make your search even more accurate, try using advanced Google search. The Google tool allows you to be more specific in your search so that you can get more authentic results. You can select the type of media that you are looking for and make sure specific keywords are definitely included or excluded from your search results. Many people prefer this method because they feel as though the results are more reliable. If you do not find what you are looking for by searching regularly, try the advanced search method before giving up.

      Extrapolating Based on Known Email Addresses

      Once you have an existing email address, you might be able to find others. When using this method, you might not even have to search online for the address that you are looking for. Most companies have specific formatting when it comes to their employees’ email addresses. This can be combinations of their first names, last names, and initials. The domain will always remain the same. For example, a company could use this format. Fi****************@do****.com

      If you know the name and email address of an existing person of the company, study the format of their email address. You will be able to extrapolate the pattern. Interchange the information in that email address with the information of the contact you are looking for. This method is only useful if you have the exact name of the person you are trying to reach. If you do not have your desired contact’s information, you may have to try using a different method instead. If you know parts of the person’s name you can do your best to create an email address that might work. You might run into some difficulties or accidentally contact the wrong person. Even so, if you are lucky, they will help lead you in the right direction.

      Try Getting in Contact with the Admin of a Company

      The administrative assistant of a company is always a good person to connect with. They usually have access to information such as company databases. The admin of a company is typically in charge of company structure and organizational material. They tend to be the most knowledgeable employees regarding company information. 

      This is the best person to reach out to with general questions, but you can still go through them to get in touch with someone else. If you are struggling to find a specific email address when you know the company, consider contacting the admin for assistance. You can usually find the company phone number on their website. The phone number will most likely take you directly to the admin. If not, you can follow the keypad instructions of the automated call. 

      After calling, you can explain your situation. If you know the name of the person you are trying to reach, you can ask for their contact information directly. If you still do not have a specific person in mind, you can ask the admin who they believe is the best person to contact. You might be able to acquire their phone number as well.

      Check Social Media

      A great place to find email addresses on the internet is social media. How to find these addresses depends on what platform you’re searching on. Whether it’s LinkedIn, Facebook, or Twitter, finding email addresses is not a difficult task.

      On a professional social networking site like LinkedIn, emails are normally very accessible. The first step should be to go to someone’s account and check their contact information. When looking for the email addresses of people already in your LinkedIn network, you can export your connections by going to the My Network page. On the page, click Your Connections and then Manage. Under the advanced actions, you will have the option to export your contacts. 

      If you are looking for someone outside of your network without a public email address, there are plenty of tools designed to help you get the information. LinkedIn Premium and Sales Navigator are built by LinkedIn and designed to make outreach easier. If you don’t want to pay the subscription price for these tools, however, there are plenty of free third-party browser plugins that can be used. LinkedIn is a great place to start, but if you can’t find a company’s or person’s email address there, other social media platforms may help.

      Twitter and Facebook may also help you locate someone’s email address. On Facebook, people have the option to make their contact information, both phone and email, public. People and businesses with professional accounts will also normally have a contact button on their page to allow for easy communication. Also, some people will share their email addresses out in tweets and Facebook posts, so keep an eye out for those as well.

      Find Blogs and Personal Websites

      If someone’s social media profiles don’t help, another good tool is to check if they have a personal website or blog page. In today’s world, the amount of personally branded sites is continuously growing and you may be able to reach out that way. The easiest way to find someone’s personally branded site is to start with a search engine and their name. From there, you may be able to find blog posts they have written or their site’s landing page. Normally these sites will have a contact section, which is a great starting point to find an email address. 

      Reaching out will usually come with either an automated response from the email address or one from the person themselves. However, not all sites will have a contact page, which can make finding an email address this way a little more challenging. If you find yourself desperate for this email address and have located a personal website, you can use one of many free services to find the domain’s owner. These databases are full of up-to-date information on people who own the domains, so taking this step could lead you to the email address that the domain is registered under.

      Use People Search Sites

      People search sites have been around for a long time and continue to be a quick option for reliable contact information. Most users are familiar with reverse phone lookups and other tools of that nature, but there are many more options to match a person to their email address. The one catch is that only a few sites will give you the results for free, most of them will have you pay before giving you the information. 

      These sites tend to start off by having you provide the person’s first and last name as well as city, state, and country of residence. From there, the site will start searching records for people who match the data that was provided. These sites can be useful but do not always supply you with the most accurate results. The data that these sites give to you always has the potential to be outdated or belong to another person. 

      Try an Email Lookup Tool

      One of the simplest ways to find an email address online is to use a service to do it for you. There are plenty of email search tools, both free and paid. These tools are either browser extensions or websites designed to help people efficiently find the email addresses they want.

      Email lookup tools are a more refined version of people search tools and they all work in a similar fashion. You just input a name and narrow down the possibilities as much as possible, refining by location and other factors. From there, these services will work to provide the most probable outcome. There are dozens of platforms to help you get started; some of the premium platforms offer free trials while others will give free searches every month until you hit the cap.

      If you want to use the premium tools in trial mode, check out:

      These sites offer 50 free searches, then, use a monthly or annual subscription method ranging from three to five cents per search.

      These services offer free searches every month and then charge for anything beyond the free amount:

      These platforms offer between 50 and 300 free searches per month and then offer an extension of those searches to up to 5,000 per month for as inexpensive as under one cent ($0.0098) per search.

      If you do not want to pay at all for the search service, we have also found some options for you. These browser extensions are totally free to use:

      No matter what scale you will be using this for, with a little bit of research you can find the best platform for you.

      Try the @domainname.com Search with DuckDuckGo

      Google is synonymous with the term search engine but it is not the only one. The alternative search system DuckDuckGo is focused on protecting the privacy of its users; it also has some unique functions such as the @domain exact search to help find email addresses. To find the contact information you want is a very simple process. On the DuckDuckGo search screen, you need to type in “@wanteddomainname.com” contact and perform an exact search. For example, ““@duckduckgo.com” contact” will return a top result with the email address in the option’s description. From there, you can contact the company, and if you are looking for a specific employee of that company, ask to be put in touch with them.

      Subscribe to Your Prospects Email List

      It is common for companies and even personal websites and blogs to have mailing lists and newsletters. When looking to get in touch with your prospects, it is crucial that you get on their list. Doing this allows you to stay up to date on their dealings as well as open a line of communication between them and yourself. Meanwhile, you will be getting their email address and also gaining a competitive edge of information at the same time.

      It is also important to start your own mailing list if you haven’t done so yet. If you have, make sure to check it frequently and remain active and interesting regarding the information you send out. By checking your mailing list, you may see that somebody you are trying to reach out to is already in your contact book. By using mailing lists, you give yourself another opportunity to connect meaningfully with more people.

      Utilize the Generic Email Address

      Almost every company these days has a contact form on their website that goes into a general inbox. These inboxes are normally handled by administrators that may not seem useful at first glance. However, by asking the right questions through the generic email address, it should be fairly easy to get the contact information of the potential prospect you are trying to reach out to. By doing this, you and your prospect will both (ideally) have each other’s contact information, and you can start a dialogue this way. 

      It may take a little bit of time to get a response, but this is a fairly low-effort measure to execute. With the right wording and a little bit of patience, you can receive the email address by simply filling out a form.

      Try Contacting Companies through the “Contact & About Us” Pages

      On most company websites, you can find special pages that are called “Contact us” or “About us”. These pages do not only have some contact info, but they can sometimes have a fillable form to ask any pressing questions. You have the option of filling out the form including your personal information and information about your request. The data from that form will go to a general inbox, and an employee will reach out to you sometime soon. Be aware that this can sometimes take a number of days since the request does not go to a private inbox.

      This is a good way for you to ask about your question and see if anyone is able to assist. If you do not want to ask your personal, specific question through this form, you are always able to request the email address of the person that would be best to help you. When filling out the form, make sure you are including all necessary information and even URLs if you think they might help. It is essential to avoid leaving anything out. You do not want them to get back to you with irrelevant information. 

      Try Scouring the Internet with Websites Such as WHOIS

      There are many websites on the internet that can help you look up information such as names, email addresses, and phone numbers. This method is only helpful if you already have existing information regarding the email addresses. These websites typically find information from reports that are already existing on the internet. Here is a list of websites that can do just that. 

      • WHOIS is very user-friendly. As soon as you visit the site, you will be faced with a big search bar that can help you out. All you need to do is enter any information that you already know such as name or company, and they will search in their online database.
      • NameCheap is another website that scans the internet for existing domains and contact information associated with them. When you search for information that is already in your possession, the website will give you a list of other information that it has associated with your keywords.
      • DomainTools also has the capability of scouring the internet in search of helpful information. You will be able to find email addresses if they are associated with an existing domain on the internet.
      • Nominet basically does the same things as the previous tools, but it is primarily used in the United Kingdom. It scans the internet for British domains, so it can be helpful if you are specifically looking for an email address coming from the UK.
      • DMCA0s free WHOIS tool is oddly specific. If you know that the email address you are looking for is associated with a digital millennium copyright act, you can search your keywords here.

      When All Else Fails, Take a Guess

      Have you tried every single method, checked every nook of the internet, and are still not able to figure out how to find the email addresses that you are looking for? When all else fails, you always have one last approach. You can always take a guess to the best of your abilities. Of course, an educated guess is better than creating something from scratch. Needless to say, this method should only be used in worst-case scenarios when one is desperate to reach someone. It is rarely successful, but it could still be worth a try.

      If you know the name of the person you are trying to reach, you can make experienced suggestions from that information. You could also deduce a more likely guess if you are sure of their domain name. If you are okay with potentially emailing the wrong person, this method might work for you. If that is something you are hesitant about, you might be out of luck. Try out different combinations of their names followed by @domain name. If you are willing, you could think of as many combinations as you’d like and attempt sending out an email to each one. Hopefully, you end up finding the person you are looking for!

      Conclusion

      With all the need of finding proper email addresses comes the hassle of doing so. As time-consuming as this process is, it is nonetheless crucial to do your search at the end of the day. Finding the correct contact information will ultimately save you time and energy in the future. There is no need to jump through hoops and obstacles later on when you can follow these simple steps. Think about what methods will work best for your situation and start from there.

      Every person’s scenario is different, but make sure you are using this to gain personal information. Do not use these methods for harmful purposes such as spamming people or selling their information. We hope that these methods of searching proved useful in your hunt for contact details. With so many tactics, it is almost impossible to fall flat and empty-handed. Good luck with your search!

    • How to Disable all WordPress Comments

      How to Disable all WordPress Comments

      If you get spam through your comments forms you can always use our Anti-Spam plugin for complete spam protection. But if you decided to disable all WordPress Comments on your website we also have a simple decision for you.

      Follow our guide to disable all the Comments fields you don’t need in less than 5 minutes.

      How to install CleanTalk Anti-Spam plugin

      To install the Anti-Spam plugin, go to your WordPress admin panelPluginsAdd New.

      Then enter «СleanTalk» in the search box and click the Install button for «Spam protection, Anti-Spam, FireWall by CleanTalk».

      After installing the plugin, click the «Activate»‎ button.

      After it is done go to the plugin settings and click the «Get Access Key Automatically» button. Then just click the «Save Changes»‎ button.

      Disable all WordPress Comments in 3 steps

      Step 1: Go to Plugins Installed Plugins.

      Then go to Settings link next to CleanTalk Anti-Spam plugin.

      Step 2: Click on «Advanced settings» button at the bottom of the screen. More setting will appear.

      Then find Disable all comments in Comments and Messanges section.

      Step 3: Choose wherever you want to disable comments (1) and then press the Save Changes button (2).

      Done! It really is that simple.

      If you have any questions, add a comment and we will be happy to help you.

      Create your CleanTalk account – Register now.

      Additional features

      • CleanTalk protects all forms at once: comments, registrations, feedbacks, contacts, reviews.
      • Installation takes about 1-2 minutes.
      • Smart 99% protection against spambots.
      • Always online – 24/7 technical support.
      • Logs, SpamFireWall, personal lists, country filters, stop-words, and many others.

      Discover the complete list of CleanTalk Anti-Spam plugin features here.

    • WordPress Security Audit: 8 Steps For Securing WordPress Website

      WordPress Security Audit: 8 Steps For Securing WordPress Website

      One of the most important things about protecting your website from hackers is understanding that one-time setting the security settings for your site is not enough. Taking care of your website protection is a permanent process like advertising or helping your clients with their issues.

      Security tools for your website become stronger and more progressive every day but so do hacking technologies. The most simple way to find out if your site is in danger is to proceed through a complete WordPress security audit and figure out if your security measures are up-to-date.

      If you do not go through a regular WordPress security audit every 3 months this may cause a breach in site security and your business can get a lot of damage.

      But this risk can be avoided – just check if your security measures are up-to-date. In this instruction we will describe how to do a complete WordPress security audit to fully protect your website from hackers using standard security tools.

      Sometimes the problem of security issues may be caused by missing security patch or update, some plugin vulnerability or a flaw in WordPress core that may result into a hack. Actually, only about 36% of users run up-to-date WordPress versions.

      What is a WordPress Security Audit?

      A WordPress security audit is a regular procedure that will inspect your website for different security vulnerabilities like weak admin passwords and outdated plugins. This audit also offers some steps for fixing these potential dangers. 

      Some website owners know how to perform a WordPress security audit but see it only as a one-time thing – it is a very popular mistake that may result in a threat to your site’s security. So it is highly recommended to perform the security audit of your WordPress site regularly to avoid hacker attacks and keep your website safe.

      Without regular security audits performed your website becomes much more vulnerable to hacker attacks. You can use special WordPress plugins to automatically analyze and find security breaches for you. But vost security audits are performed manually by following 8 steps. Only several steps to find out how to perform WordPress security audit and fully protect your website from any attacks.

      Why do you need a WordPress Security Audit?

      Actually there is no magic about the main reasons to perform a WordPress security audit. In case you are a website owner and you don’t look after it’s security – no surprise it is vulnerable and can be hacked. It leads us to an easy conclusion that a security audit is necessary to find security breaches and vulnerabilities in your site until it becomes a problem. Without this procedure hackers may detect this vulnerabilities before your and so they can:

      • Hack your website;
      • Sell your and your client’s data via dark web;
      • Inject spam to your WordPress site pages so that will lead the website to search engine blacklist;
      • Steal your credit card info from your WordPress site that may result lawsuits and hefty fines against you;
      • Use your website to infect other users;
      • Many other bad things.

      How to perform a complete WordPress security audit

      1. Estimate the efficiency of your security service plugin

      2. Give a test to the backup system of your WordPress site

      3. Analyze your administrator setup

      4. Delete any installed and active plugins you don’t use

      5. Remove any additional themes for WordPress that are Installed

      6. Estimate the provider of your hosting and current tariff

      7. Inspect any users with FTP access granted to your site

      8. Check out WordPress secure Hardening measures

      1. Estimate the efficiency of your Security plugin

      It all starts with your website’s security plugin. In case you still don’t use one, be sure to connect it and activate on your site as soon as possible. Security plugin protects all the WordPress sites from bots and hackers. Different security plugins offer various options to protect your site and not all of them guarantee a safe work for your website. When you choose a plugin during WordPress Security Audit, be sure it includes the following features:

      • Brute-force Protection
        Adds a delay of a few seconds for any failed attempt to login to the WordPress back-end. It makes your website security tougher and doesn’t waste the server’s resources on these IPs.
      • Daily Security Report
        Every day the plugin sends a Security report to your email. The report provides data on the number of incorrect password entries and the IP addresses from which they tried to sign in.
      • Login Attempts and Password Searching Log
        Security log keeps online a log of attempts to log in. Security log includes IP / Country / data / time, username and action result, was authorization successful or failed.
      • User actions log
        Keeps track of actions in the WP Dashboard to let you know what is happening on your site. With the Security Audit Log is very easy to see user activity in order to understand what changes have been done and who made them. Security Audit Log shows who logged in and when and how much time they spent on each page.
      • Security FireWall
        This option may significantly reduce the risk of hacking and reduces the load on your web server. Always use personal BlackList to block IP addresses with suspicious activity to enhance WordPress security. It also allows you to block access to your website by HTTP/HTTPS for individual IP addresses, IP networks, and e-mails.
      • Compatibility
        It should be compatible with the most popular VPN services and search engines like Google, Bing, Yahoo, Baidu, MSN, Yandex and etc.
      • Malware scan
        Scans WordPress files for hacked files or hacker code. Every day Malware Scanner will launch scanning automatically for files that have been changed from the last scanning or found new files. The scanner works in the background and doesn’t affect performance. All detailed results must be sent to your Security Dashboard so you are able to investigate them and see if those were legitimate changes or some bad code was injected. If any files were changed in your WordPress system you will be able to delete them or restore the original WordPress files.

      We recommend using CleanTalk as it covers all these features. It has one of the best malware scanners that can detect any kind of malware. And more of that, you can clean up any malware infection in under a few minutes!

      2. Give a test to the WordPress backup solution

      In case something goes wrong with your website, having a backup may be very useful. You may get your site back to work with no problem. Any fail in a backup process may be critical and may cause a lot of trouble restoring your website.

      That is the main reason you need to give a regular test for your site backup solution. Even if you use host backup it may not always include any test options.

      So we recommend some actions to test your backup:

      1. Go to your WordPress plugins page and install BlogVault backup plugin. This plugin automatically initializes a complete backup procedure for your site.
        If it is the first backup it may take a bit more time as it will copy the whole site to it’s servers. After that every backup will copy only files that were changed from the previous backup process.
      2. After completing the backup, the option “Test Restore” will appear in the BlogVault dashboard.

      After it is done the system will notify you about a successful restore.

      3. Analyze your administrator setup

      WordPress has a smart system of user access options to let them collaborate and work together to be more efficient themselves and WordPress maintenance and development. Though not all WordPress users need to have complete access to your website. For example, a person who writes news, articles, and other materials only needs access to writing and publishing content. They don’t need to have access to other website options like managing plugins and changing WordPress themes.

      In order to avoid giving complete access to every website user WordPress has 6 different user roles that can be assigned to them:

      • Super Admin
      • Administrator
      • Editor
      • Author
      • Contributor
      • Subscriber

      Each role has different levels of permissions for your website.

      While providing your WordPress Security Audit one of the first things you should do is to check all of the users who are added to your WordPress.

      1. Be sure to recognize all of the users on your dashboard. If you don’t recognize any of them – you should immediately delete this user because it may be created by hackers.
      2. Check the number of users who have admin access to your site.
      3. Decide how many of them really need that access level.
      4. Change roles for users and lower permissions for those who doesn’t need that access level.

      After that ensure that none of your website administrators uses the “admin” username. This is the most popular username for all of the administrators. Hackers know about this and may obviously try to use it to get access to your website.

      If you decide to change the admin name you have to create another user account for that person. After that, you have to grant all the content access to this new user. And finally, just delete the old admin account.

      Another important thing for you to protect your admin setup from hackers is hiding your admin’s username. If you leave settings unchanged it may cause some troubles.

      All of the hackers know that the only thing that should be done to retrieve your most likely admin username is to add ?author=1 at the end of your URL. It is how easily hackers can brute force a website’s admin panel after they know the admin’s username.

      The easiest way to avoid it is to hide all usernames with code in functions.php file:

      add_action(‘template_redirect’, ‘bwp_template_redirect’);

function bwp_template_redirect()
{
  if (is_author())
  {
    wp_redirect( home_url() ); exit;
  }
}

      If you use the CleanTalk Security plugin it already has a special field that automatically hides all of the usernames on your site.

      This may seem a very easy step but it also makes a hacker’s work more difficult. 

      4. Remove unused plugins installed and active

      Different WordPress plugins are one of the most vulnerable places on your website. It may be the main reason for you site to be hacked.

      WordPress plugins are always created, maintained, and updated by their developers. But like any other software, these plugins may have vulnerabilities. So developers always fix these vulnerabilities and release updates. When you download this update it removes vulnerability from your website.

      But in case you skip or delay downloading the newest update your site may remain vulnerable.

      • Do you still use these plugins?
        While performing a complete WordPress Security Audit check the list of plugins that are installed in your WordPress. In case you already don’t use them, they still have access to your website. So, at first, delete the plugins that you don’t use. It should reduce the chance of being hacked using one of them.
      • Do you recognize all of the plugins?
        In case you and your colleagues do not recognize some of your plugins it would be better to delete them. It is because when hackers break into your site they may install their own plugins that can cause even more damage as they contain backdoors which actually is a secret access to your website.
      • Do you have any nulled version or pirated plugins?
        If yes, then you should delete them at once. Hackers often use pirated software to spread their malware. Any quantity of such malware is contained in these plugins and it may infect your website at the moment you install the plugin.

      From the moment you left only the plugins you use, be sure to update them right after developers release updates.

      5. Remove any additional themes for WordPress that are Installed

      A complete WordPress Security Audit is also about themes. It is no surprise that all the WordPress site owners install different themes in order to find the ones that they like. Favorite themes are used but others are often  But most of these users don’t know that just like plugins, themes may contain different vulnerabilities.

      Our recommendation is to delete all the themes except the one you already use. Also, be sure you use the most up-to-date version available of your active theme.

      6. Estimate the provider of your hosting and current tariff

      Nowadays you can create a website without serious money investment. Shared hosting allows you cheaper plans for small WordPress sites. Also hosting is an important part of a proper WordPress Security Audit.

      But everything has its pros and cons. Shared hosting means that you share a server with other users and sites. It is out of your vision what happens with other websites on your hosting. If someone other’s website was hacked it may consume a large amount of server’s resources. It may obviously slow down your website and lower its performance.

      That is also a slight chance of a malware infection will spread to different websites on the same hosting. So if you can afford to switch to a dedicated server – it will be our recommendation to do so – to evaluate your hosting plan. In case some hosting doesn’t fit you well, you may look through a better one, comparing some of them that cost your attention.

      7. Inspect any users with FTP access granted to your site

      As you already know FTP is a File Transfer Protocol. It provides your computer to your site on the server. Using FTP you may access all the website folders and files and change them.

      As FTP has almost full control of your website you should be very careful and grand that kind of access to only users that you trust the most and only in case they really need that access.

      In order to increase the protection of your website we strongly recommend you reset FTP passwords if necessary and check the list of your FTP users. You can make it if you go to your hosting account → cPanel → FTP accounts.

      Check all the users in this list and just delete the ones you already do not need.

      8. Check out WordPress secure Hardening measures

      While providing a WordPress Security Audit there are several recommendations for your WordPress site to become more secure. What are these steps:

      1. Switch off file editor for themes and plugins
      2. Switch off installation of different plugins
      3. Reset salts and keys on your WordPress website
      4. Use stronger password
      5. Set a limit of login attempts available
      6. Enable two-factor authentication

      Also we strongly recommend giving these steps a regular test. For example, if you use a two-step authentification or login attempts limit – be sure to use the actual up-to-date plugin. Or if it is not so, just switch to another solution that is updated more often.

      Some of these hardening steps need some skill for the appliance. Or in case you use the CleanTalk Security plugin most of these features are enabled in a few seconds.

      Conclusion

      After reading this article you know how to perform a WordPress Security Audit by yourself. Just be sure to deal with all of these 8 steps and you will prevent most of the bad things that could happen with your website.

      For example, if you will regularly check your site backup system and will be sure that it works well, you will avoid a lot of troubles in case of a security breach or something more serious happens to your website.

      The process of Security audit involves a lot of steps and takes some skill and time. But some of the most important processes are just about keeping all the components of your website up-to-date, being sure that your login page is well-protected, and using very strong passwords.

      So in the cost of a few hours spent for this WordPress Security Audit, you can avoid a lot of security issues and guarantee the best protection for your website.

    • CleanTalk and Follow.it Subscription Form compatibility

      CleanTalk and Follow.it Subscription Form compatibility

      In case you use both CleanTalk Anti-Spam and Follow.it Subscription Form simultaneously it becomes impossible to protect this form. It happens because the form itself is external and the data doesn’t go to the site itself, but is sent to an external resource and will not be possible to check it.

      So in order to avoid conflicts between services, it is necessary to exclude the page from CleanTalk plugin protection. And that’s how you can do it: 

      How to exclude your URL from anti-spam check

      Step 1: Go to Plugins Installed Plugins.

      Then go to the Settings link next to CleanTalk Anti-Spam plugin.

      Step 2: Click on the «Advanced settings» button at the bottom of the screen. More settings will appear.

      Step 3: Find the «URL exclusion» field in the Exclusions section and input your URL (or several URL’s) into it.

      Step 3: Then just press the «Save changes» button.

      Done! From that moment there should be no problems with checking your form.

      If you have any questions, add a comment and we will be happy to help you.

      Update

      The protection works only for website visitors, not for website admins. Be sure to test the form protection using Incognito mode.

    • Hiding your WordPress username from bad bots

      Hiding your WordPress username from bad bots

      Do you know how to hide your WordPress usernames from bad bots? We are glad to introduce you a new Security plugin improvement: from now CleanTalk allows you to hide WordPress username from bad bots brute-force.

      Before this improvement became available some bots could learn WordPress usernames by their ID and use it to brute-force these accounts later. For example, a request like «‎https://blog.cleantalk.org/?author=007»‎ could return the username «https://blog.cleantalk.org/author/james_bond».

      This option is switched off by default so in order to avoid vulnerabilities like that we highly recommend to switch it on.

      Step 1: Go to PluginsInstalled Plugins.

      Step 2: Go to Settings beneath the Security plugin.

      And after that choose General Settings.

      Step 3: Go to Miscellaneous section and find checkbox ‎«‎Prevent collecting of authors logins» and just check this box.

      Step 4: Press the «Save Changes» button.

      Success! That’s how quickly CleanTalk allows you to hide WordPress username from bad bots

      If you have any questions, add a comment and we will be happy to help you.

      Create your Cleantalk account – Register now and enjoy while CleanTalk Anti-Spam plugin protects your Clean and Simple Contact Forms from spam.

    • Hiding PHP Notices and Warnings in WordPress

      Hiding PHP Notices and Warnings in WordPress

      Sometimes you can see some PHP notices and warnings on your WordPress page. So we created this post to help hiding PHP Notices and Warnings in WordPress

      Most of them don’t worth your attention. But if you are the plugin or theme developer then you should know about this so that you may fix them in next release. And some of this warnings and notices are sent to you just because the developer has to keep WordPress and PHP older versions compatible.

      The easiest way of hiding PHP Notices and Warnings in WordPress

      Just go to your wp-config.php file and set WP_DEBUG to false. This will not cause any changes to your website.

      But sometimes this solution may not do the thing. Mostly this happens when you use shared cheap shared hosts. Usually hosts like this force various PHP notices and warnings. So if previous solution doesn’t work you may replace it with the next linen your wp-config.php file.

      define('WP_DEBUG', false);

      with this lines:

      ini_set('display_errors','Off');
ini_set('error_reporting', E_ALL );
define('WP_DEBUG', false);
define('WP_DEBUG_DISPLAY', false);

      Great! We hope this tips will be useful for you!

      Create your Cleantalk account – Register now!

    • Introducing: CleanTalk Pixel

      Introducing: CleanTalk Pixel

      Our mission is to protect your website from spam. In order to do so we need to firstly identificate visitor’s IP address. But detecting IP address sometimes may go wrong because it may be substituted by some bots. So we decided to exclude the probability of false triggering and here comes the CleanTalk Pixel that improves your website spam protection.

      What is CleanTalk Pixel and how does it improve your site spam protection

      It is an «invisible» 1×1px image that Anti-Spam plugin integrates to your WordPress website. And when someone visits your website the Pixel is triggered and reports this visit and some other data including true IP address.

      This Pixel is not located on some server but is created in HTML every time you load your website page. This exactly helps our system to get the most true IP address and not be confused by CDN or plugins caching site requests. And that’s exactly how CleanTalk Pixel improves your website spam protection.

      How to connect Pixel to your website

      Step 1: Go to Plugins Installed Plugins.

      Then go to Settings link next to CleanTalk Anti-Spam plugin.

      Step 2: Click on «Advanced settings» button at the bottom of the screen. More setting will appear.

      Then find Add a CleanTalk Pixel… field in Data Processing section.

      Step 3: Choose, how exactly Pixel will act:

      • Via direct output – insert Pixel code into HTML from the backend.
      • Via Javascript – insert Pixel code into HTML from the frontend.
      • Auto – insert Pixel code into HTML from the backend if pixel detects a caching plugin (Recommended).
      • Off – Pixel if disabled.

      After that just press the Save Changes button.

      Done! It really is that simple.

      If you have any questions, add a comment and we will be happy to help you.
      Create your Cleantalk account – Register now

      You can see a complete list of CleanTalk Anti-Spam plugin features here.

      WordPress spam protection

    • How to hide Website URL Field From WordPress Comment Form

      How to hide Website URL Field From WordPress Comment Form

      How many useful website URL’s did you get through comments on your website lately? Not too many, we believe. But it really is a good way for spammers to send spam websites using this form. This «Website URL» field is frequently used by spammers to place spam links in it. CleanTalk helps you protect your WordPress website comments by hiding this field off.

      So we improved CleanTalk’s integration to Comments and from now you can just remove «Website URL» field from all of the comment forms on your website. This feature is disabled by default, but it will take less than a minute to enable it using your WordPress dashboard. This option does not completely remove the field but hides it on the page.

      At the moment this feature works only with default WordPress Comments. So if your comments form is made with another plugin it will not be able to hide it’s «Website» field for now. If you use another comments plugin and still need to remove «Website URL» field – just let us know in the comments below.

      How to hide «Website» field to protect your WordPress site comments

      Step 1: Go to Plugins Installed Plugins.

      Then go to Settings link next to CleanTalk Anti-Spam plugin.

      Step 2: Click on «Advanced settings» button at the bottom of the screen. More setting will appear.

      Then find Hide the «Website» field in Comments and Messanges section.

      Step 3: Just switch it to «On» and press the «Save changes» button.

      Done! It really is that simple.

      Now just go to your WordPress site page and see the difference while CleanTalk helps you completely protecting your WordPress website comments

      If you have any questions, add a comment and we will be happy to help you.
      Create your Cleantalk account – Register now

      Additional features

      • CleanTalk protects not only comments, but also registrations, feedbacks, contacts and reviews.
      • Installation takes about 1-2 minutes.
      • Smart 100% protection against spambots.
      • Always online – 24/7 technical support & free mobile app.
      • Logs, personal lists, country filters, stop-words and many another.

      A complete list of CleanTalk Anti-Spam plugin features can be viewed here. https://cleantalk.org/help/introduction 
      WordPress spam protection

    • Access key rotation for Anti-Spam and Security

      Access key rotation for Anti-Spam and Security

      In case your website is connected to CleanTalk it uses a special Access key to exchange information. We have improved its functionality to guarantee you the safest user experience.

      Connect your website to CleanTalk in 5 minutes and forget about spam.

      Improved Access key safety

      Your Anti-Spam and Security Access keys don’t have any expiration date. So don’t worry, you don’t have to do anything about it.

      Access key doesn’t need to be manually renewed except several cases:

      • In case you gave your website access to web developer or a freelancer and it may be compromised.
      • When your website had been hacked.
      • When you expect your CleanTalk access being given or copied to a third party.
      • In case you have any other issues and risks with CleanTalk account access.

      Also you can always change your password or email in CleanTalk dashboard.

      How to update your Access key

      Step 1: Add your website to dashboard using the button below. If your site is already connected to CleanTalk pass to Step 3.

      Step 2: Input your website URL in “Site URL” field.

      Step 3: Click on “Settings” button under your website name.

      Step 4: Go to “Change the Access key”.

      Step 5: Click on “Generate key” to create new safe Access key.

      Step 6: Then Apply the key by pressing the button below.

      Step 7: And just close the window after you are finished.

      Well done! Your new Access key is successfully generated and applied to your website. From now it will be active and if needed, you may change it again to guarantee its safety.

    • New feature: Settings and Personal lists templates for Anti-Spam and Security

      New feature: Settings and Personal lists templates for Anti-Spam and Security

      For our clients with more than one website used by Anti-Spam and Security protection we created Templates to save your website settings and personal lists – you can find it in your «Tools» menu. Using Templates you can easily copy any quantity of personal lists and filters, that you have already created for one of your websites, connected to your CleanTalk account.

      How to connect your website to CleanTalk

      In order to connect your website to CleanTalk just register via register link and follow the instructions from email. It may take you about 5 minutes to fully protect your website from spam.

      How to use Templates

      Step 1: If you want to use personal lists template, create at least one list. For more details about adding and working with personal lists use our guide. Website settings for templates are always created automatically when the site is connected to CleanTalk.

      Step 2: After that go to «Tools»«Templates» and press «Add template» button.

      In the dialog window name your Template and select a website that has at least one personal list using «Copy settings from site» field.

      Use «Set as default» checkbox to automatically add personal lists to all the new websites you connect to your CleanTalk account and «Copy personal list from…» checkbox to add personal lists from selected site to this template. If the checkbox is not marked, the template will only copy website settings.

      Step 3: Apply Settings and Personal lists template to your new website. In order to apply the template to any site use «Apply» link under the template that you wish to use.

      After that just use «Apply to services» field in order to select website that you wish to use this template with.

      That’s it! Feel free to use as many templates as needed to save time while protecting your websites from spam and security issues.

      If you’re looking from where to start – create your first template.

      In case you got any problems while using CleanTalk you can always open a private ticket.