CleanTalk's blog

    Sign up

    Category: WordPress

    • CleanTalk Web Application FireWall for WordPress Security Plugin

      Hello,

      We are happy to announce CleanTalk Web Application FireWall for WordPress Security Plugin. The main purpose of WAF is to protect the Web application from unauthorized access, even if there are critical vulnerabilities.

      It allows you to protect Web applications from known and unknown attacks. Its use is transparent to all visitors to the website and does not require knowing how is HTTP working and allows very accurate filtering, supports both GET and POST methods, requests to dynamic resources.

      So, hackers use additional HTTP parameters to use vulnerabilities that allow them to get access to a website or prevent changes on your website.

      WAF catches all requests to your website and checks HTTP parameters that include: SQL Injection, Cross Site Scripting (XSS), uploading files from non-authorised users, PHP constructions/code, the presence of malicious code in the downloaded files.

      So, if HTTP request contains these parameters then this request will be blocked. The special page and reason for blocking will show for blocked requests.

      In addition to effective information security and information security applications are required to know what is quality of protection and CleanTalk is logged all blocked requests that allow you to know and analyze accurate information. You can see your Cleantalk Logs in your Control panel. https://cleantalk.org/my/logs_firewall

      CleanTalk Web Application FireWall for WordPress is the proactive defense against known and unknown vulnerabilities to prevent hacks in real-time.

      Learn more, how to set up and test
      https://cleantalk.org/help/security-waf

    • “Feedback System” for analyzing suspicious files for WordPress Security

      Hello,

      We are happy to introduce our “Feedback System” for analyzing suspicious files. This is the client-server feature in CleanTalk Security Plugin that allows sending suspicious files from WordPress backend to CleanTalk cloud.

      So, CleanTalk WordPress Security Plugin includes a Malware Scanner and there may be situations after scanning when you don’t know, is there a bad code or not, especially if you don’t have a programming experience. Well, you will be able to send some files to CleanTalk and we will check them. After checking we will send you an email notification with results.

      Please, look at our guide How file analyzes works.

    • BlackList by Language

      Spam spreads not only in English. Many spam messages are written in Chinese, Arabic, Japanese or Korean languages.

      If your website isn’t aimed at an international audience, and you don’t expect comments/users from other languages. For example, your website is about fishing in Ireland and you don’t want to have comments from the Chinese language.

      We added a new filter to block comment/messages by languages. That allows you to automatically block comments, messages from languages for which you have set a ban.

      At the moment, the blacklist of languages allows adding for blocking next languages:

      • Chinese
      • Korean
      • Japanese
      • Hindi
      • Arabic

      This option is useful in cases of protection from manual spam and enhances protection.

      CleanTalk informs you about the occurrence of an opportunity to manage personal black/white lists. You can view, add, and delete their items in the Control Panel. You can add languages to the blacklist in dashboard CleanTalk -> Black&White lists or use the link https://cleantalk.org/my/show_private.

    • CleanTalk Malware Scanner — heuristic code analysis

      CleanTalk Malware Scanner — heuristic code analysis

      We have already talked about the launch of security service for WordPress in the previous article. Today we want to talk about the launch of heuristic analysis to detect malicious code.

      The very presence of malicious code can lead to a ban in search results or a warning in the search for that the site is infected, to protect users from potentially dangerous content.

      You can find malicious code on your own, but it’s a lot of work and most WordPress users do not have the necessary skills to find and remove unnecessary lines of code.

      Often, the authors of malicious code disguise it, which makes it difficult to determine by its signatures. The malicious code itself can be located anywhere on the site, for example the obfuscated PHP-code in the logo.png file, and the code itself is called by one inconspicuous line in index.php. Therefore, the use of plugins to search for malicious code is preferable.

      CleanTalk on the first scan scans all WordPress kernel files, plugins and themes. When rescanning, only those files that have changed since the last scan were scanned. This saves resources and increases scanning speed.

      How heuristic analysis works

      One of the main disadvantages of heuristic analysis is that it is quite slow, so we use it only when it is really necessary. First of all, we divide the source code into lexemes (the minimal language construct) and remove all unnecessary:

      1. Space symbols.
      2. Comment of different types.
      3. Not PHP code (outside of tags <?php ?> )

      Next, we recursively simplify the code until there are no “complex constructs”:

      1. Perform concatenation of strings.
      2. Substitution of variables into variables.
      3. and other

      Also, in the process of simplifying the code, we monitor the origin of the variables and many others.

      In the end, we get a clean code that can be analyzed. It is very important that we get the code not in the form of a string, but in the form of lexemes. Thus, we know where the lexeme is a string with the desired text, and where the lexeme function is.

      In the sense of finding “bad constructs” eval for us there is a difference:

      <?php echo 'eval("echo \"some\"")'; ?>

       

      — in this case there will be no lexeme T_EVAL,

      there is a lexeme T_CONSTANT_ENCAPSED_STRING ‘eval (“echo \” eval\”)’

      <?php eval('echo "some"'); ?>

      – and here it is. And this is the version we will find.

      We look for such constructs, we break them down into degrees of criticality:

      Critical:

      • eval
      • include* и require*
        • with bad file extension
        • non-existent files (will be deleted in the next  versions)
        • connecting deleted files

      Dangerous

      • system
      • passthru
      • proc_open
      • exec
      • include* и require*
        • with the error suppression operator (will be deleted in the next versions)
        • with variables depending on POST or GET.

      Suspicious

      • base64_encode
      • str_rot13
      • syslog

      And other.

      We are constantly improving this analysis: adding new constructions to search, reducing the number of false alarm, optimize the simplification of the code.

      In the plans to teach it to detect and decode strings encoded in URL and BASE64 and others.

      The plugin itself is available in the WordPress directory.

    • Anti-Spam Filter for IP Networks

      Dear customers!

      CleanTalk has expanded the functions of personal blacklists.

      We’ve just added a support in your private blacklists to block separate IP networks.

      This will allow you to use the service to block IP networks that use spammers. Very often spammers buy servers from hosting companies or virtual servers and use them to send a spam. So, your website hasn’t to receive a comments/registrations from hosting IPs because a real people never use their IPs. There can be only XML-PRC requests but it is not important because this protocol is using for other attacks such as brute-force and DDoS via XML-RPC pingbacks.

      The instruction of how to add entries to your personal blacklists can be found here:
      https://cleantalk.org/help/I-want-to-block-ip

    • Automating CleanTalk Anti-Spam Updates for WordPress

      Automating CleanTalk Anti-Spam Updates for WordPress

      If you serve a couple of sites, then updating the plugins does not cause any difficulties. Difficulties appear if you serve a few dozen, or even hundreds of sites.

      CleanTalk Anti-spam requires frequent updates (we have to release a new version every 1-2 weeks), there are many reasons for this.

      WordPress, as a designer, has a huge number of plugins, themes, widgets, etc. which are not always designed with WordPress Codex, have different architecture and event handling. Therefore, CleanTalk integration errors can occur with different components, especially rare ones.

      Each complex service that uses a large amount of data, changes backend, changes in logic and a lot of the rest, require changes in the plugin.

      At our update rates for the plugin, the auto-update option is required. If this option is done in the plugin’s settings, then the user will still need to go to each site in the plugin’s settings and install it. But what to do in a situation where the user does not want to include auto-update, but you need to update the plug-in immediately on one hundred sites?

      For the convenience of service management, the auto-update option was implemented in the Service Control Panel.

      Auto-update allows you to update the plugin one time at a single site, a group of sites, or enable auto-update on all sites.

      How it works

      Historically, we are monitoring the client version of the plugin, and when clients are contacted and feedback analysis, we need to know the version of the plugin that is being used. Each anti-spam plugin, with each request, sends its version in the parameters. The version number is compared with the number in the repository, and if the versions are different, then in the Control Panel we show a warning about the need for an update.

      Next, when clicking on a link, a modal window opens with options for updates.

      When the option is selected, the server makes a special request to the plugin on the client’s site.

      The plugin, having received the call, checks the parameters of the call for authenticity and starts work. Auto-update is implemented through a modified class of auto-update plugins WordPress. After the class is finished, the plugin checks the version of the updated files and makes a request to the site (itself). If the HTTP response code is 200, it reports this to the server by displaying it on the “OK” page and makes a special API call, reporting on the new version. If the response code is different from 200, the plugin does a rollback of the files to the previous version and responds north with a string with an error code and technical parameters.

      After a successful update, the status in the Service Control Panel changes to “App has been updated”.

      How to set up an auto-update

      Please, go to your CleanTalk Dashboard.

      • Choose a website that needs to update the plugin.
      • Click on the link Update app.
      • Next step, in pop-up you can choose:
        do a manual update and the plugin will be updated immediately. You can do this action for all websites
        or
        set auto-update, in the next time plugin will be updated automatically.

    • Auto-Update for CleanTalk Anti-Spam Plugin

      Updating plugins and themes on the site can be a problem for website owners. This is especially true for webmasters who support several websites, you have to go to every website and make an update, and it takes your time. We have released an update that will perform this routine task and will update CleanTalk Anti-Spam on all sites at once.

      CleanTalk Dashboard allows you to select several websites and update the plugin at once on all sites one click or you can setup auto-update for all websites or separate websites.
      Note: there is 24 hours delay before auto-update will do. This delay allows needing to avoid any issues. All updates that made through CleanTalk Dashboard manually will do immediately.

      How does it work?

      • Manual update on all or selected websites at once.
      • Auto-update on all or selected websites at once.

      Please, go to your CleanTalk Dashboard.

      • Choose a website that needs to update the plugin.
      • Click on the link Update app.
      • Next step, in pop-up you can choose:
        do a manual update and the plugin will be updated immediately. You can do this action for all websites
        or
        set auto-update, in the next time plugin will be updated automatically.

      In the end, enjoy you saved your time.

      Auto-updating system will work from CleanTalk Anti-Spam version 5.88

    • Spammers attack by using CleanTalk’s email

      Hello,
      We have to inform you that today we have been attacked by spammers who used our email for sending spam comments/registrations/subscriptions. At the moment, a total of about 4,000 websites were affected.
    • Checking Outbound Links with CleanTalk Security

      Checking Outbound Links with CleanTalk Security

      Outbound links have an effect on your SEO and when search crawls your web pages all of the outbound links may be an important thing for page ranking.

      We have added the option “Scan outbound links” in our WordPress Security Plugin.

      This option allows you to let know the number of outgoing links from your website and websites on which they linking to. All websites will be checked by our Database and will show results if they were used as links in spam messages. It allows you to check your website and find hidden links or spam links.

      You should always remember if you have links to other websites which have a bad reputation, it will be able to have an effect your on visitor’s trust and your SEO.

      To launch External Links Check go to your WordPress admin panel -> Settings -> Security by CleanTalk -> General Settings and pick Scan Links option. Next step, go to the tab “Malware Scanner” and press the button “Perform Scan”.

      The first step in the scanning is searching for malware in WordPress files, the second step is searching for links in your whole website including theme files, posts, and comments.

      The result of the scanning will be the list of each link you have. You can look it through and decide what links are unnecessary and delete them.

    • 18 ways to improve Speed of your WordPress Website

      18 ways to improve Speed of your WordPress Website

      If your e-commerce website makes the customer wait for more than 3 seconds, don’t expect any sale; says a study. Things are very similar for the business and blogging websites, where website speed significantly affects conversion rate. If your site does not have a quicker approach to load and performs against the other available sites then it will automatically not deliver results you want. Therefore, you must always look for the ways by which you can improve your website’s speed.

      18 best tips to optimize WordPress website’s speed are mentioned here:

      1. Taking Pingdom Test

      One of the effective ways that you can try is doing the Pingdom Website Speed Test for your website. This test will help you in knowing the speed of your website along with finding the reasons that are responsible for the slow speed. This is the ultimate speed test that you can take for your WordPress site.

      All you have to do is to enter the URL of your site and then selecting the location before clicking on the ‘start test’ option.

      With this test, you can get the complete insights of your website with all the facility to access all the amazing features that it offers to your website.

      This performance metrics, in turn, will improve the speed of your website.

      From content to site structure, Pingdom will analysis everything from you.

      2. Select a good host

      One of the major reasons for the slow speed of the sites is due to the insufficient and incapable host provider. Thus to better up the speed of the WordPress website, it is important to hunt for the best host. Considering the shared hosting option may seem good in the beginning but with time it will eventually cost you way too much. The shared host will make the speed of your website really slow or may keep the site down most of the time. It, therefore, becomes a must to have a high-speed host for your WordPress. You may ask the other bloggers which host are they using or you can search the market with the good reputed names by yourself to get the best host that can make things easy, simple yet effectively fast for your WordPress website.

      3. Minimizing the widgets

      Having some amount of ads, widgets and badges are oaky for any blog. No doubt they add a little personality to the blog. Some of the users find the extra ads, widgets, etc. on the blog useful as they can get some beneficial information for them. But most of the users get really annoyed if there are too much of widgets, badges, and ads on your WordPress website.

      The users when encounters too many ads feel that they are being used for no reason. Also, your users are not interested in knowing from where the other visitors are coming on your site. Therefore you must try and keep these ads and widgets on a very minimal note.

      4. Choose a relevant theme

      Having the right framework, theme or template for the website – This may not get your attention in the beginning but sooner you will realize that the template you choose for your website is one of the contributing factors that affect the loading and response time of the website. Don’t go for too much of everything; rather be specific and limited in reaching to your customers with your vision.

      If you have chosen the template or theme that has a lot of extra factors that are of no use those factors will take a significant amount of time to load and hence will reduce the performing time of your site by reducing its speed. Thus don’t go for glitters but choose the real gold for your website.

      5. Image optimization

      All the marketers that work hard for attracting the customers know how important the role of an image is in attracting and retaining the customers. An image with clear and smooth pixels will speak and convey your message way louder than using many words. Thus you must be very specific in choosing the images that you will be uploading on your websites.

      Choosing only the relevant images will also help in reducing the loading time of those images. Unnecessary uploading any type of images on your site will enhance the overall loading time of the site by combining the loading time of all those images. Therefore you must use a minimum number of images that can be uploaded within a specified time limit.

      6. Remove excess buttons for sharing

      It is quite obvious that we all want our website to reach to as many people as possible and to achieve this we are always ready to experiment with a number of options, ways, and methods. In order to improve the visibility of our site, we often tend to do too much on the site. One such thing is using too many share buttons on the website hoping to reach a huge amount of people.

      Using too many sharing options on the website destroy the speed of the site like anything. With too many linking to the various other platforms, you cut down the loading and performing time of the website. Rather you can try and use only the sharing buttons of those sites from where you expect a huge amount of traffic and leads. After doing this, you can remove all the other buttons and can focus on optimizing the use of the available buttons on your website.

      7. Content management

      Website is not a place where you can put each and everything about your business or work. It is a place that gives an idea to your audience about the type of work that you are doing along with the manner in which you target it. Therefore, the role of content management comes into the picture. Knowing and managing the content that you are uploading on your website will help the audience to understand your business and working more effectively and easily.

      Content management will also reduce the efforts and time that you would have to invest for managing, balancing and correcting the data on your website. Along with this basic benefit, you also get the benefit of reduced uploading time of the content which directly affects the loading and response time of your website. Hence, you must only put the relevant data on your website to avoid the unnecessary delays in uploads.

      8. Reduced number of comments

      Your audience will be very much interested in knowing the information that you are putting on your WordPress site in the form of the article. Having some comments on your post is okay and acceptable but allowing any type of comment to be visible in your posts is not acceptable.

      Rather you must reduce the number of comments that appear on your post and manage it to only a relevant number with relevance to the post. This will cut short the time the post will take to upload and also will help the readers to get the genuine idea about the content of the post’s information.

      9. Compressed format

      Remember how easy it is to use the compressed form of data for uploading, transferring, etc. The same ease can be felt when you are dealing with your website. Compress the entire data that you are sending, uploading or transferring from the website. This will reduce the overall time that you require and thereby increasing the loading and response time of your website by making it perform better and effectively.

      10. Enable content delivery network

      It is a not so common fact but the speed of your website depends upon the two major locations. First is the location where you are locating and the second is from where the website is hosted.  If there is not a balance between these two then there will be certain delays in the performance of the website’s loading time.

      A content delivery network helps in managing all the data of your website and putting the files on the static servers which are located very near to the client side. Whenever the client request for any of the service from your site, these servers will help the files reach to the clients as fast as possible. It is just like reaching your destination via the shortest route.

      11. Homepage optimization

      The very first thing that the visitors will notice about your WordPress site is your homepage. The visitors will get the very first impression of your website from the homepage of your website. Thus you must always take necessary steps when optimizing the homepage for the website. Optimizing the homepage and making it relevant to your work will help it get loaded easily and quickly and thereby increasing its speed.

      One of the ways by which you can optimize your website is by removing the irrelevant and unnecessary data from your site. Only keep the data and things that contribute to the relevance of your work.

      12. Ditch hotlinking

      Hotlinking is the process when the other sites directly link from their articles the various links on the images which are available on your website. This direct linking to the various sites adds to the loading time of your website and thereby reduces your performance. This can also cause unnecessary scrap posts being linked with your site’s images that have no relevance to your site and this will downfall your reputation in the market.

      Thus, you must reduce the use of hotlinks as much as you can in order to avoid unnecessary of the linking of other sites to your websites. This will automatically increase your site’s speed.

      13. Optimize database

      This is something that most the people ignore and don’t take into account. As most of the people concentrate only on the outer side of the website and don’t really bother with what’s going on inside. But along with managing the outer performance of the website, it is equally important to balance the internal functioning of the site.

      Optimizing the database of your website is one of the tasks that you must take care when trying the various ways of improving the speed of your WordPress site. You can try the plugins like WP-Optimize or WP-Database Manager for enhancing the process of database management.

      14. Fix all broken points:

      One of the easiest ways to make your website work and load really fast is by fixing all the broken points that it has. For this you would have to analyze the website on regular basis and then to note down all the points where you find the performance of the website is lacking. This can help in fixing the damaging part and thus to make the website perform better on those fronts.

      15. Minify your CSS and JS files:

      You can make your website perform faster and better by minifying the various CSS and JS files available. The process to minify the CSS and JS helps in removing the white space, combining the various files along with reducing the number of unnecessary comments on the posts. This in return helps the site to get rid of the not so necessary complications and help it to load and perform at a much faster speed than ever.

      16. Try faster plugins

      To improve the speed of your website, it is recommended to use less number of plugins. No doubt plugins are important for the speed of the website but that does not mean that you have to use each and every plugin that you know or come across. Rather you should select and reduce the number of plugins to only those that actually contribute in the enhancement of the website’s speed.

      17. Disable trackbacks

      If your WordPress site is accessing the trackbacks, then it is obvious that it will interact with the other blogs and blogging sites that are equipped with the same. However, this interaction may not seem any trouble initially but will increase the loading time after some time. Whenever any of the other blogs and blogging site mentions your site anywhere, you will get a notification for the same. This will keep updating the data in the post. It doesn’t require much of an explanation that too much of data on the post can reduce its performing time by increasing the loading time.

      Thus to avoid any such problem, it is always advisable to turn off the trackbacks by making adjustments in the settings of your website.

      18. Use the best plugin for cache

      Plugins are one of the essential factors that help any site to reduce its loading time and enhance its speed. Just like the other sites, WordPress also uses a number of plugins for the same. However, it is always beneficial to use those plugins that are in the caching category. These plugins provide all the required benefits to the sites that it need to improve their speed and reduce the loading time.

      Out of the many, W3 Total Cache is the most popular one that is trending in the market and is being used by all the leading blogging sites. The other popular cache plugins that are used are WP Rocket, WP Super Cache, Comet Cache, etc. These can be easily installed along with offering easy and reliable use.

      These are some of the basic ways that can enhance the speed of your WordPress site along with delivering you better and optimized results. How do you keep your website speed and load optimized, any other way? So, CleanTalk optimizes their anti-spam and security plugins to improve your website speed and these plugins are one of the fastest.