CleanTalk's blog

    Sign up

    Category: CleanTalk

    • Hiding your WordPress username from bad bots

      Hiding your WordPress username from bad bots

      Do you know how to hide your WordPress usernames from bad bots? We are glad to introduce you a new Security plugin improvement: from now CleanTalk allows you to hide WordPress username from bad bots brute-force.

      Before this improvement became available some bots could learn WordPress usernames by their ID and use it to brute-force these accounts later. For example, a request like «‎https://blog.cleantalk.org/?author=007»‎ could return the username «https://blog.cleantalk.org/author/james_bond».

      This option is switched off by default so in order to avoid vulnerabilities like that we highly recommend to switch it on.

      Step 1: Go to PluginsInstalled Plugins.

      Step 2: Go to Settings beneath the Security plugin.

      And after that choose General Settings.

      Step 3: Go to Miscellaneous section and find checkbox ‎«‎Prevent collecting of authors logins» and just check this box.

      Step 4: Press the «Save Changes» button.

      Success! That’s how quickly CleanTalk allows you to hide WordPress username from bad bots

      If you have any questions, add a comment and we will be happy to help you.

      Create your Cleantalk account – Register now and enjoy while CleanTalk Anti-Spam plugin protects your Clean and Simple Contact Forms from spam.

    • Hiding PHP Notices and Warnings in WordPress

      Hiding PHP Notices and Warnings in WordPress

      Sometimes you can see some PHP notices and warnings on your WordPress page. So we created this post to help hiding PHP Notices and Warnings in WordPress

      Most of them don’t worth your attention. But if you are the plugin or theme developer then you should know about this so that you may fix them in next release. And some of this warnings and notices are sent to you just because the developer has to keep WordPress and PHP older versions compatible.

      The easiest way of hiding PHP Notices and Warnings in WordPress

      Just go to your wp-config.php file and set WP_DEBUG to false. This will not cause any changes to your website.

      But sometimes this solution may not do the thing. Mostly this happens when you use shared cheap shared hosts. Usually hosts like this force various PHP notices and warnings. So if previous solution doesn’t work you may replace it with the next linen your wp-config.php file.

      define('WP_DEBUG', false);

      with this lines:

      ini_set('display_errors','Off');
ini_set('error_reporting', E_ALL );
define('WP_DEBUG', false);
define('WP_DEBUG_DISPLAY', false);

      Great! We hope this tips will be useful for you!

      Create your Cleantalk account – Register now!

    • Introducing: CleanTalk Pixel

      Introducing: CleanTalk Pixel

      Our mission is to protect your website from spam. In order to do so we need to firstly identificate visitor’s IP address. But detecting IP address sometimes may go wrong because it may be substituted by some bots. So we decided to exclude the probability of false triggering and here comes the CleanTalk Pixel that improves your website spam protection.

      What is CleanTalk Pixel and how does it improve your site spam protection

      It is an «invisible» 1×1px image that Anti-Spam plugin integrates to your WordPress website. And when someone visits your website the Pixel is triggered and reports this visit and some other data including true IP address.

      This Pixel is not located on some server but is created in HTML every time you load your website page. This exactly helps our system to get the most true IP address and not be confused by CDN or plugins caching site requests. And that’s exactly how CleanTalk Pixel improves your website spam protection.

      How to connect Pixel to your website

      Step 1: Go to Plugins Installed Plugins.

      Then go to Settings link next to CleanTalk Anti-Spam plugin.

      Step 2: Click on «Advanced settings» button at the bottom of the screen. More setting will appear.

      Then find Add a CleanTalk Pixel… field in Data Processing section.

      Step 3: Choose, how exactly Pixel will act:

      • Via direct output – insert Pixel code into HTML from the backend.
      • Via Javascript – insert Pixel code into HTML from the frontend.
      • Auto – insert Pixel code into HTML from the backend if pixel detects a caching plugin (Recommended).
      • Off – Pixel if disabled.

      After that just press the Save Changes button.

      Done! It really is that simple.

      If you have any questions, add a comment and we will be happy to help you.
      Create your Cleantalk account – Register now

      You can see a complete list of CleanTalk Anti-Spam plugin features here.

      WordPress spam protection

    • How to hide Website URL Field From WordPress Comment Form

      How to hide Website URL Field From WordPress Comment Form

      How many useful website URL’s did you get through comments on your website lately? Not too many, we believe. But it really is a good way for spammers to send spam websites using this form. This «Website URL» field is frequently used by spammers to place spam links in it. CleanTalk helps you protect your WordPress website comments by hiding this field off.

      So we improved CleanTalk’s integration to Comments and from now you can just remove «Website URL» field from all of the comment forms on your website. This feature is disabled by default, but it will take less than a minute to enable it using your WordPress dashboard. This option does not completely remove the field but hides it on the page.

      At the moment this feature works only with default WordPress Comments. So if your comments form is made with another plugin it will not be able to hide it’s «Website» field for now. If you use another comments plugin and still need to remove «Website URL» field – just let us know in the comments below.

      How to hide «Website» field to protect your WordPress site comments

      Step 1: Go to Plugins Installed Plugins.

      Then go to Settings link next to CleanTalk Anti-Spam plugin.

      Step 2: Click on «Advanced settings» button at the bottom of the screen. More setting will appear.

      Then find Hide the «Website» field in Comments and Messanges section.

      Step 3: Just switch it to «On» and press the «Save changes» button.

      Done! It really is that simple.

      Now just go to your WordPress site page and see the difference while CleanTalk helps you completely protecting your WordPress website comments

      If you have any questions, add a comment and we will be happy to help you.
      Create your Cleantalk account – Register now

      Additional features

      • CleanTalk protects not only comments, but also registrations, feedbacks, contacts and reviews.
      • Installation takes about 1-2 minutes.
      • Smart 100% protection against spambots.
      • Always online – 24/7 technical support & free mobile app.
      • Logs, personal lists, country filters, stop-words and many another.

      A complete list of CleanTalk Anti-Spam plugin features can be viewed here. https://cleantalk.org/help/introduction 
      WordPress spam protection

    • Access key rotation for Anti-Spam and Security

      Access key rotation for Anti-Spam and Security

      In case your website is connected to CleanTalk it uses a special Access key to exchange information. We have improved its functionality to guarantee you the safest user experience.

      Connect your website to CleanTalk in 5 minutes and forget about spam.

      Improved Access key safety

      Your Anti-Spam and Security Access keys don’t have any expiration date. So don’t worry, you don’t have to do anything about it.

      Access key doesn’t need to be manually renewed except several cases:

      • In case you gave your website access to web developer or a freelancer and it may be compromised.
      • When your website had been hacked.
      • When you expect your CleanTalk access being given or copied to a third party.
      • In case you have any other issues and risks with CleanTalk account access.

      Also you can always change your password or email in CleanTalk dashboard.

      How to update your Access key

      Step 1: Add your website to dashboard using the button below. If your site is already connected to CleanTalk pass to Step 3.

      Step 2: Input your website URL in “Site URL” field.

      Step 3: Click on “Settings” button under your website name.

      Step 4: Go to “Change the Access key”.

      Step 5: Click on “Generate key” to create new safe Access key.

      Step 6: Then Apply the key by pressing the button below.

      Step 7: And just close the window after you are finished.

      Well done! Your new Access key is successfully generated and applied to your website. From now it will be active and if needed, you may change it again to guarantee its safety.

    • New feature: Settings and Personal lists templates for Anti-Spam and Security

      New feature: Settings and Personal lists templates for Anti-Spam and Security

      For our clients with more than one website used by Anti-Spam and Security protection we created Templates to save your website settings and personal lists – you can find it in your «Tools» menu. Using Templates you can easily copy any quantity of personal lists and filters, that you have already created for one of your websites, connected to your CleanTalk account.

      How to connect your website to CleanTalk

      In order to connect your website to CleanTalk just register via register link and follow the instructions from email. It may take you about 5 minutes to fully protect your website from spam.

      How to use Templates

      Step 1: If you want to use personal lists template, create at least one list. For more details about adding and working with personal lists use our guide. Website settings for templates are always created automatically when the site is connected to CleanTalk.

      Step 2: After that go to «Tools»«Templates» and press «Add template» button.

      In the dialog window name your Template and select a website that has at least one personal list using «Copy settings from site» field.

      Use «Set as default» checkbox to automatically add personal lists to all the new websites you connect to your CleanTalk account and «Copy personal list from…» checkbox to add personal lists from selected site to this template. If the checkbox is not marked, the template will only copy website settings.

      Step 3: Apply Settings and Personal lists template to your new website. In order to apply the template to any site use «Apply» link under the template that you wish to use.

      After that just use «Apply to services» field in order to select website that you wish to use this template with.

      That’s it! Feel free to use as many templates as needed to save time while protecting your websites from spam and security issues.

      If you’re looking from where to start – create your first template.

      In case you got any problems while using CleanTalk you can always open a private ticket.

    • CleanTalk updated the 2FA (two-factor authentication) option

      CleanTalk updated the 2FA (two-factor authentication) option

      Two-factor authentication is still one of the most effective methods of protecting your account. One of the most common ways to hack WordPress sites is to brute force passwords.
      CleanTalk Security plugin for WordPress already has two-factor authentication by sending an authorization code to the email account.
      We have now expanded the two-factor authentication options and added the Google Authenticator option.
      Now you can choose the most convenient 2FA option for you.
      You can learn more about how to set up two-factor authentication in WordPress here https://cleantalk.org/help/two-factor-auth
      You can further strengthen the protection of accounts and change the URL address of the authorization page. You can read more here https://blog.cleantalk.org/how-to-change-wp-login-url/.


      If you have any questions, we will be happy to help you.
      You can leave a comment below or create a private ticket here.

    • New option. Settings templates

      New option. Settings templates

      Dear customers, we are pleased to present you a new option that simplifies management settings if you have a lot of sites. CleanTalk allows you to create templates for the control panel and plugin settings.

      Templates for the control panel settings

      If you need the same site settings in the control panel, you can select the site whose settings you want to apply to all other sites and create a template based on it. Next, you can apply this template to one, all or several sites and the control panel settings will be applied to the selected sites.

      You can also set a default template and this template will be automatically applied to all new sites that you add to the service control panel.

      You can create several templates and apply the desired template when adding a new site. You can see detailed instructions on how to use control panel templates here https://cleantalk.org/help/dashboard-template

      Templates for Anti-Spam and Security plugins

      A new Import/Export settings option has been added to the plugin. With this option, you can create a plugin settings template and transfer the settings to your other site. When installing the plugin on a new site, you can import settings from an existing template. Import/Export option works only in the WordPress plugin.

      You can add control panel settings and site settings to one template and apply them to multiple sites at the same time, or set a default template.

      You can see detailed instructions on how to use plugin templates here
      https://cleantalk.org/help/plugin-template

      If you have any questions, add a comment and we will be happy to help you.

    • How to change wp-login URL

      How to change wp-login URL

      Hello,

      We have updated the WordPress CleanTalk Security plugin and added a new option that allows you to change the URL of the authorization page wp-login.

      This option helps you change the default wp-login URL. Hackers use scripts for massive brute-force attacks, and since most sites use a default login page URL, hackers configure scripts for such URLs. When you change the URL of the authorization page, hackers will not have the opportunity to perform brute-force attacks in scripts in automatic mode.

      How to enable option to change wp-login URL

      The option allows you to easily change the address of the authorization page to any desired one.
      To enable the option, go to the WP Dashboard plugin settings -> Settings -> Security by CleanTalk -> General Settings and check box Change address to login script. Then add a new URL and click Save Settings.
      You can customize the URL of the page to redirect users who visited the page with the default URL of the wp-login page.

      This option does not change files and does not rewrite URLs in system files. To return the address of the default authorization page, it is enough to disable the option in the plugin settings or set a new value.

      Using an authorization page with a non-default address significantly increases the security of your site’s accounts from hacking using brute-force attacks.

      If you are using caching plugins, then you need to add a new authorization page in the caching exceptions.

      Don’t forget to bookmark your new wp-login page URL.

      If you have any questions, add a comment and we will be happy to help you.

    • Download the Blacklist IPs Database

      Download the Blacklist IPs Database

      Hello,

      We are pleased to announce the expansion of the BlackList API capabilities. We have automated the process of gaining access to downloading spam IP/Email addresses that are on the CleanTalk blacklists.

      We have supplemented the BlackList API packages and added the ability to download the blacklist database, and when purchasing the BlackList API package, you are given access to the SFTP server. You can see the price list here https://cleantalk.org/price-database-api.

      The server uploads spam data to active IP/Email addresses that currently have the BlackListed status. You can select the required level of spam activity for download addresses. The data is provided in CSV and IPSet formats and is updated once an hour.

      Offline BlackList Database is included in the BlackList API package and you can use both the spam_check API and download files with spam active addresses for use in your applications or firewall.

      See our instruction, How to connect CleanTalk IPSet spam IP Database to IPtables.

      If you have any questions, add a comment and we will be happy to help you.