CleanTalk's blog

Category: WordPress

Two-Factor Authentication for WordPress

CleanTalk has launched Two-Factor Authentication for WordPress admin accounts that will improve your website security and make it safer, if not impossible, for hackers to breach your WordPress account.

Two-Factor Authentication works via e-mail. It makes the Two-Factor Authentication more reliable. The reason is that if an intruder knows your password they also need to know your e-mail address that is being used to get an authorization code and the password to your e-mail.

This method almost eliminates the possibility for strangers to get access to your account.

It requires a bit of your time but Two-Factor Authentication immediately gives a much higher level of protection.

With your first authorization, the CleanTalk Security plugin remembers your browser and you won’t have to input your authorization code every time anymore. However, if you started to use a new device or a new browser then you are required to input your authorization code. The plugin will remember your browser for 30 days.

To activate Two-Factor Authentication go to the settings of the CleanTalk Security plugin and enable the option “General Settings” -> “Miscellaneous” -> “Two-Factor Authentication”. The letter with your authorization code will be sent to your e-mail that you put into the general settings of your WordPress website.

You will be notified by e-mail each time the Two-Factor Authentication was successfully passed.

By spending a few minutes to set up Two-Factor Authentication you save your time and other resources by not having to deal with the consequences of the hacked website.

If you have any questions, we will be happy to help you.
You can leave a comment below or create a private ticket here.

January 29, 2019
CleanTalk Anti-Spam with White Label mode

Warning! The instruction is out-of-date. The current guide can be found here.

We have developed the White label mode to make usage of the service for hosting more comfortable and it virtually eliminates the interaction between CleanTalk and hosting clients. This option is available only for WordPress MultiSite.

It also allows changing logos, links to your own. Your clients don’t need to get an access key, and the anti-spam logs and statistics will be available in the plugin settings, in the admin panel.

How to enable White label Mode
You have to edit wp-config.php in WordPress and add this code:
define(‘APBCT_WHITELABLE’, true);
define(‘APBCT_HOSTER_API_KEY’, ‘YOUR_HOSTER_API_KEY’);

Where YOUR_HOSTER_API_KEY is a key from your CleanTalk’s hoster panel.

So, you can change other details of the plugin in your CleanTalk Dashboard.

Learn more, how to configure your own hosting service.

Let us know if you have any questions and we will be happy to help you.
Leave a comment below or Create a private ticket.

Thank you!

November 20, 2018
CleanTalk Web Application FireWall for WordPress Security Plugin

Hello,

We are happy to announce CleanTalk Web Application FireWall for WordPress Security Plugin. The main purpose of WAF is to protect the Web application from unauthorized access, even if there are critical vulnerabilities.

It allows you to protect Web applications from known and unknown attacks. Its use is transparent to all visitors to the website and does not require knowing how is HTTP working and allows very accurate filtering, supports both GET and POST methods, requests to dynamic resources.

So, hackers use additional HTTP parameters to use vulnerabilities that allow them to get access to a website or prevent changes on your website.

WAF catches all requests to your website and checks HTTP parameters that include: SQL Injection, Cross Site Scripting (XSS), uploading files from non-authorised users, PHP constructions/code, the presence of malicious code in the downloaded files.

So, if HTTP request contains these parameters then this request will be blocked. The special page and reason for blocking will show for blocked requests.

In addition to effective information security and information security applications are required to know what is quality of protection and CleanTalk is logged all blocked requests that allow you to know and analyze accurate information. You can see your Cleantalk Logs in your Control panel. https://cleantalk.org/my/logs_firewall

CleanTalk Web Application FireWall for WordPress is the proactive defense against known and unknown vulnerabilities to prevent hacks in real-time.

Learn more, how to set up and test
https://cleantalk.org/help/security-waf

August 1, 2018
“Feedback System” for analyzing suspicious files for WordPress Security

Hello,

We are happy to introduce our “Feedback System” for analyzing suspicious files. This is the client-server feature in CleanTalk Security Plugin that allows sending suspicious files from WordPress backend to CleanTalk cloud.

So, CleanTalk WordPress Security Plugin includes a Malware Scanner and there may be situations after scanning when you don’t know, is there a bad code or not, especially if you don’t have a programming experience. Well, you will be able to send some files to CleanTalk and we will check them. After checking we will send you an email notification with results.

Please, look at our guide How file analyzes works.

July 24, 2018
BlackList by Language
Spam spreads not only in English. Many spam messages are written in Chinese, Arabic, Japanese or Korean languages.

If your website isn’t aimed at an international audience, and you don’t expect comments/users from other languages. For example, your website is about fishing in Ireland and you don’t want to have comments from the Chinese language.

We added a new filter to block comment/messages by languages. That allows you to automatically block comments, messages from languages for which you have set a ban.

At the moment, the blacklist of languages allows adding for blocking next languages:
- Chinese
- Korean
- Japanese
- Hindi
- Arabic
This option is useful in cases of protection from manual spam and enhances protection.

CleanTalk informs you about the occurrence of an opportunity to manage personal black/white lists. You can view, add, and delete their items in the Control Panel. You can add languages to the blacklist in dashboard CleanTalk -> Black&White lists or use the link https://cleantalk.org/my/show_private.
June 4, 2018
Anti-Spam Filter for IP Networks

Dear customers!

CleanTalk has expanded the functions of personal blacklists.

We’ve just added a support in your private blacklists to block separate IP networks.

This will allow you to use the service to block IP networks that use spammers. Very often spammers buy servers from hosting companies or virtual servers and use them to send a spam. So, your website hasn’t to receive a comments/registrations from hosting IPs because a real people never use their IPs. There can be only XML-PRC requests but it is not important because this protocol is using for other attacks such as brute-force and DDoS via XML-RPC pingbacks.

The instruction of how to add entries to your personal blacklists can be found here:
https://cleantalk.org/help/I-want-to-block-ip

April 10, 2018
Automating CleanTalk Anti-Spam Updates for WordPress
If you serve a couple of sites, then updating the plugins does not cause any difficulties. Difficulties appear if you serve a few dozen, or even hundreds of sites.

CleanTalk Anti-spam requires frequent updates (we have to release a new version every 1-2 weeks), there are many reasons for this.

WordPress, as a designer, has a huge number of plugins, themes, widgets, etc. which are not always designed with WordPress Codex, have different architecture and event handling. Therefore, CleanTalk integration errors can occur with different components, especially rare ones.

Each complex service that uses a large amount of data, changes backend, changes in logic and a lot of the rest, require changes in the plugin.

At our update rates for the plugin, the auto-update option is required. If this option is done in the plugin’s settings, then the user will still need to go to each site in the plugin’s settings and install it. But what to do in a situation where the user does not want to include auto-update, but you need to update the plug-in immediately on one hundred sites?

For the convenience of service management, the auto-update option was implemented in the Service Control Panel.

Auto-update allows you to update the plugin one time at a single site, a group of sites, or enable auto-update on all sites.

How it works

Historically, we are monitoring the client version of the plugin, and when clients are contacted and feedback analysis, we need to know the version of the plugin that is being used. Each anti-spam plugin, with each request, sends its version in the parameters. The version number is compared with the number in the repository, and if the versions are different, then in the Control Panel we show a warning about the need for an update.

Next, when clicking on a link, a modal window opens with options for updates.

When the option is selected, the server makes a special request to the plugin on the client’s site.

The plugin, having received the call, checks the parameters of the call for authenticity and starts work. Auto-update is implemented through a modified class of auto-update plugins WordPress. After the class is finished, the plugin checks the version of the updated files and makes a request to the site (itself). If the HTTP response code is 200, it reports this to the server by displaying it on the “OK” page and makes a special API call, reporting on the new version. If the response code is different from 200, the plugin does a rollback of the files to the previous version and responds north with a string with an error code and technical parameters.

After a successful update, the status in the Service Control Panel changes to “App has been updated”.

How to set up an auto-update

Please, go to your CleanTalk Dashboard.
- Choose a website that needs to update the plugin.
- Click on the link Update app.
- Next step, in pop-up you can choose:
  do a manual update and the plugin will be updated immediately. You can do this action for all websites
  or
  set auto-update, in the next time plugin will be updated automatically.
March 26, 2018
Auto-Update for CleanTalk Anti-Spam Plugin
Updating plugins and themes on the site can be a problem for website owners. This is especially true for webmasters who support several websites, you have to go to every website and make an update, and it takes your time. We have released an update that will perform this routine task and will update CleanTalk Anti-Spam on all sites at once.

CleanTalk Dashboard allows you to select several websites and update the plugin at once on all sites one click or you can setup auto-update for all websites or separate websites.
Note: there is 24 hours delay before auto-update will do. This delay allows needing to avoid any issues. All updates that made through CleanTalk Dashboard manually will do immediately.

How does it work?
- Manual update on all or selected websites at once.
- Auto-update on all or selected websites at once.
Please, go to your CleanTalk Dashboard.
- Choose a website that needs to update the plugin.
- Click on the link Update app.
- Next step, in pop-up you can choose:
  do a manual update and the plugin will be updated immediately. You can do this action for all websites
  or
  set auto-update, in the next time plugin will be updated automatically.
In the end, enjoy you saved your time.

Auto-updating system will work from CleanTalk Anti-Spam version 5.88
February 19, 2018
Spammers attack by using CleanTalk’s email

Hello,

We have to inform you that today we have been attacked by spammers who used our email for sending spam comments/registrations/subscriptions. At the moment, a total of about 4,000 websites were affected.

February 19, 2018
Checking Outbound Links with CleanTalk Security

Outbound links have an effect on your SEO and when search crawls your web pages all of the outbound links may be an important thing for page ranking.

We have added the option “Scan outbound links” in our WordPress Security Plugin.

This option allows you to let know the number of outgoing links from your website and websites on which they linking to. All websites will be checked by our Database and will show results if they were used as links in spam messages. It allows you to check your website and find hidden links or spam links.

You should always remember if you have links to other websites which have a bad reputation, it will be able to have an effect your on visitor’s trust and your SEO.

To launch External Links Check go to your WordPress admin panel -> Settings -> Security by CleanTalk -> General Settings and pick Scan Links option. Next step, go to the tab “Malware Scanner” and press the button “Perform Scan”.

The first step in the scanning is searching for malware in WordPress files, the second step is searching for links in your whole website including theme files, posts, and comments.

The result of the scanning will be the list of each link you have. You can look it through and decide what links are unnecessary and delete them.

February 9, 2018

CleanTalk

Create a support ticket

Sign up / Sign in

Anti-Spam

Anti-Spam for Websites

Best Anti-Spam Plugins in 2026

Filter fake emails

Hide contact data

Security

Website Malware Scanner

WordPress Malware Removal

WordPress Security Plugin