CleanTalk's blog

    Sign up

    Category: WordPress

    • Email Notifications when administrators are logged in

      Email Notifications when administrators are logged in

      Do you want to receive a notice each time a user with administrator rights is logged into the WP Dashboard?

      We added this option to our security plugin. Now you can receive notifications if you want to know about an unauthorized entrance to your WP Dashboard.

      Notification will be sent only when a user was able to authorize entering login and password. If you are logged into the admin panel from the saved session, then the alert won’t be sent.

      You can enable the option “Receive notifications for admin authorizations in your CleanTalk Dashboard. Choose “Site Security” in the “Services” menu, then click “Settings”.

      Download Security & Firewall by CleanTalk.

    • A new online tool to automatically boost the best Facebook posts

      Over the past years, the demand for boosting Facebook posts has increased dramatically. With Facebook decreasing the organic reach continually, Facebook marketers need to pay for getting the desired reach and support engagement. In Facebook, you can no longer boost all new posts automatically. Neither you can set up rules that would select the posts that will be boosted.

      How Boosterberg Idea Originated

      Digital marketing agencies, Facebook marketers and marketing managers in organisations had to go to Ads Manager and boost each post manually by clicking the Boost Post button. This approach has taken a lot of time, and what is worse, they did not typically have enough information to decide what budget should they allocate and which posts should they boost. If they dug into the analytics and selected the best posts, it took them hours that could be spent more efficiently. To solve these problems, Boosterberg tool has been developed to take the burden away from Facebook marketers. It is an online tool, or SaaS software, that enables automatic boosting of Facebook posts. Once a user creates a new account, he will select a Facebook page and create a set of rules for it. Once they are saved, all new posts will be evaluated, and based on the criteria and their performance, they will or won’t be boosted. Everything is fully automated, and there is no need to check anything in Facebook Ads Manager anymore manually. There are basic or advanced settings to be used and several presets, and individual triggers are available to fine-tune the campaign. With Boosterberg, everyone can become a Facebook Advertising Pro. Moreover, Boosterberg has launched a Facebook Ads Academy for its fans and users, publishing the new expert advice on Facebook advertising practices written by Boosterberg staff members and other experts on social media marketing.

      Developing Boosterberg

      The development started approximately two years ago. At the beginning, two digital marketing agencies – PS:Digital and Kremsa Digital team up for this project to develop a platform that would help them to manage their Facebook clients more efficiently. PS: Digital was spending dozens of hours weekly just assessing the posts of their clients, selecting the best ones and boosting them. This is how the idea and specifications of Boosterberg came to live: We need to have a tool that automates this process of boosting Facebook posts. After searching on the market and finding nothing useful, a decision was made to develop an own tool. From the beginning, the primary aim was to save own time and make the process more efficient, however, Boosterberg was developed with the vision of its commercialisation from the beginning. Since the main development was ready and the project was tested by users outside PS:Digital and Kremsa, a long time went by. Moving the product from an alpha version to beta version, which was offered for testing to several other digital agencies, took about 12 months. In this time, mainly usability was tweaked. The product was already used by the two founding agencies in their real projects, however, the user interface was not optimised for using it by a third party. Several rounds of testing the user interface were followed by implementation of the findings and testing it again. In October 2016, the redesigned website was launched and the content was fine-tuned to reflect the current state of the product. In November 2016, a promotion was started to drive traffic to Boosterberg website and get people from all over the world to sign up for the trial. By this time, the major development was finished and the product development was switched to a maintenance mode which also includes further improving usability and some details and implementing new features based on the long-term product roadmap. In the roadmap, requests from Boosterberg users are considered along with the possibilities of the development team and rentability of the implementation.

      Teaming up with Clean Talk

      With the launch of Boosterberg, its support team needed to cover high numbers of requests, both from website users and new Boosterberg clients. Except for the standard contact form, there is an option to chat with Boosterberg representative directly using live chat. Registered users have different kinds of support available in their Boosterberg account as well. Also, the possibility of posting comments by unregistered users on the website requires a lot of support staffs’ attention. To make the time spent with the support as efficient as possible, Boosterberg has decided to implement CleanTalk as an ultimate solution that minimises the amount of spam, both in emails and comments. CleanTalk was recommended by Andrej Miklosik, who is in charge of SEO for Boosterberg and has a positive experience with the CleanTalk WordPress plugin from numerous installations. As he states, “We believe that implementing CleanTalk is the best way to move forward and optimise our time-to-support and experience for our website users.”

    • Strengthening brute force protection

      We added the new logic to prevent brute force attacks. Service will check your log in status once per hour and if some IP’s have 10 and more attempts to log in, then these IP’s will be banned for next 24 hours.

      It makes the brute force protection tougher and doesn’t waste the server’s resources on these IP’s.

      Download Security & Firewall by CleanTalk.

    • Feature update for spam comment management in WordPress

      Feature update for spam comment management in WordPress

      We launched the update for possibilities to manage spam comments.

      The new option “Smart spam comments filter” divides all spam comments into Automated Spam or Manual Spam.

      For each comment, the service calculates probability — was this spam comment sent automatically or was it sent by a human.

      All automatic spam comments will be deleted permanently without going to the WordPress backend except for comments with Stop-Words. Stop-Word comments will be always stored in the “Pending” folder. Both blocked and banned comments can be seen in the Anti-Spam Log.

      To manage the actions with spam comments, go to the Control Panel, select the website you want to change the actions for and go to “Settings” under the name of the website. On the website settings page, select the desirable item from the “SPAM comment action” menu and click “Save” button at the bottom of the page.

    • New anti-spam checks for WordPress, XenForo, phpBB 3.1, SMF, Bitrix

      We are pleased to announce that we have released new versions of plugins for WordPress, XenForo, phpBB 3.1, SMF, Bitrix.

      In the new version, we have added some new checks for spam to improve anti-spam service.

      Mouse tracking and Time zone monitoring give good results against spam bots which simulate the behavior of real visitors.

      These checks for other CMS will be added soon.

      Please, update your anti-spam plugins for latest version:

      WordPress
      XenForo
      phpBB 3.1
      Simple Machines Forum
      Bitrix

    • Breeding Business: from ordinary blog to extraordinary magazine

      Geek at heart, I always have been coding littles projects on localhost and a few failing websites. I guess I never really took Internet seriously.

      Then, I realized these jobs I was doing in luxury hospitality were not making me happy. I just loved coming back home and writing, developing and designing. It’s just what I love. So I started looking at opportunities to generate a very small income that could make a website sustainable. And I had zero money to invest.

      Over the last years, WordPress and blogging have been a huge hit and a lot of people go for it. They think about the monetization before having thought of their content, I took it the other way around.

      Why Blogging About Dog Breeding?

      When I set my mind to start an online blog, I looked at the usual ways of finding the perfect “keyword”, “topic”, “niche”. These include Google Keyword Planner, Google Trends and some paying softwares. I managed to have three topics that seemingly were searched for and that I was happy to write posts on.

      Then, I picked the best topics and started writing. And this is when I realized I couldn’t write on anything else than what I truly loved — responsible and ethical dog breeding. I was writing one article after another. It just felt right.

      Breeding dogs is something that has been running through several generations in my family and although I haven’t done it extensively myself, I am passionate by the canine genetics and mechanisms that make you have the best bloodline of all.

      Dog breeding is a passion of mine and it would be hard for me not to write about it.

      What Is Breeding Business?

      Breeding Business was born after I wrote a few articles. I was going on Facebook Groups at the time to promote my articles (and eventually got suspended!) because Google wasn’t sending me enough traffic at first.

      The website consists of a lot of articles written and published in different categories: how-to’s, interviews of breeders, reviews of dog breeding supplies, and obviously in-depth articles on how to breed dogs.

      After just a few weeks, some visitors started asking what books were we recommending. Unfortunately most books are either too narrow in their topics or too breed-specific. A dog is a dog and the principles remain the same for a Chihuahua or a Rottweiler.

      Therefore, we created our very own ebook, The Dog Breeder’s Handbook. It was created on iBooks Author since it’s a free application built by Apple and at the time, I didn’t know if the ebook was going to be a hit, or a miss. I like to be in motion, try things and if they fail, move on to the next one.

      The Dog Breeder’s Handbook offers all the theoretical knowledge dog breeders need and a lot of actionable tips for them to put into practice. Yet, the launch was slow because the traffic was low. It was definitely generating a few hundred dollars every month. This is what kept me going and made me believe in it even more.

      From then on, I thought I was going to add another product many visitors were hinting at: a WordPress plugin for dog breeders. I built it in few weeks and it is today a very good seller. I release updates using the feedback loop and have a similar project to be released soon.

      Challenges When Growing a Simple Blog Into an Online Magazine

      Being alone and seeing the traffic (and revenue) growing, questions start to pop in your mind.

      It’s time for some business decisions

      A blogger and solo-entrepreneur always strives for steady growth. I do not identify myself with mega-growth startups we read about everywhere. To each their own!

      With Breeding Business, the growth has been great especially since Google sent traffic our way. No specific strategy that we followed, we just put out great content. Often.

      Yet, we’re still asking ourselves a million of questions…

      • Should I add another product or should I focus and grow these?
      • Communities around blogs are hype, should I make one?
      • Is the traffic growth normal or too slow?
      • Subscriptions are so popular these days, but what to offer?

      These are business decisions to make. I added another product: a course. It never took off mainly because it was kind of duplication what was in the ebook. We’re thinking a new use for courses for the future because I could see people were interested.

      Communities are great but there is nothing worse than a dead forum so we never took that risk and are waiting to have a bigger email list to perhaps one day launch a community. Subscriptions are great but just not for us right now. A lot of blogs start charging a monthly or yearly fee for members to be part of a special club but most of them see a huge churn and give that model up after a few months.

      Growth requires a technical overhaul, too

      Our traffic has been growing very well thanks to search engines. This is why we needed a quality anti-spam and CleanTalk has been doing a sublime job at keeping these fake user accounts and comments away.

      With traffic growth comes a whole new set of interrogations:

      • Why am I not converting more visitors into optins or customers?
      • GTmetrix and page speed tests are giving me low scores, how can I optimize my website?
      • Why so many people read one article and leave?

      These are technical issues that truly take time to be fixed. There are mainly two ways we could tackle these:

      1. Patch each little issue one by one
      2. Build a brand new website from scratch with these issues factored in

      After a few months, we were patching issues one by one but today, I am almost finished with a brand new version of the website to be released in two or three months after extensive testing. We’re also pairing that new website with a move from cloud hosting to a VPS (ten folding the monthly hosting cost…)

      Restructure the tree of information

      Our current website was up and running when we had around 20-30 articles. We have over 300 articles today. People aren’t visiting other pages because the information is badly structured and they can’t find their way around.

      Categories are being completely revamped. Stuff we thought was going to attract a lot of people, ended up being a graveyard and vice versa. So we’re cleaning the way the posts are categorized and tagged while updating old pages as well.

      Speed and page load

      Google is apparently using your website’s loading speed as a signal to decide on your ranking. My website is currently performing very poorly in terms of page load speed.

      And these results are after several fixes here and there. So it’s the second main focus for the update. We’re also making sure the website loads much much faster on mobile devices thanks to wp_is_mobile(), the WordPress function to detect mobile devices. We load lower-quality images, less widgets.

      Another WordPress optimisation is the use of the Transients API for our most repeated and complicated queries such as our top menu, footer, home queries, related posts, etc. The way it works is simple and allows you to store cached data in the database temporarily. Instead of retrieving the full menu at each page load, using a transient only requires a single database call for the menu to be fetched.

      Add new UX features

      The new version of Breeding Business brings its own set of new UX features. More AJAX calls, less page refreshes. More white spaces and an easier scroll through our entire page. We’ve also decluttered the article’s footer so our calls to action can jump to my visitors’ eyes.

      Conclusion is… One man can only do so much!

      Everything is wrote here is what I do daily. Article writing, support emails, plugin updates, website updates, email outreach, designing illustrations, social media promotions, bookkeeping and accounting, strategizing and long-term planning, etc. And I’m not helping myself by adding a new recurring item to our new upcoming version: biweekly giveaways!

      Over the last weeks, I realized how stupid it is to rely on your own self only. It’s self-destructive and counterproductive. I genuinely believe that delegating any of these tasks will result in a loss of quality and will cost me money.

      Yet, I have to leave my ego at the door and put some faith in other people. Sure, I may work with some disappointing people at first but it is also my duty to teach them how I want them to work.

      This is my focus for 2017 — learn how to surround myself with the right people (or person) to free some time for me to focus on what I do best.

       

      About the author

      Lazhar is the founder of Breeding Business, a free online magazine educating responsible dog breeders all around the world through in-depth dog breeding articles, interviews, ebooks and comprehensive guides.

    • What is AMP (Accelerated Mobile Pages)? How to setup CleanTalk for AMP

      What is AMP?

      Accelerated Mobile Pages — it’s the tool for static content web-page creation with almost instant load for mobile devices. It consists of three parts:

      1. AMP HTML — it’s HTML with limitations for reliable performance and some extensions for building rich content.
      2. AMP JS — is library which ensures the fast rendering of pages. Third-party JavaScripts are forbidden.
      3. Google AMP Cache — is a proxy-based content delivery network for delivering all valid AMP documents.  It fetches AMP HTML pages, caches and improves page performance automatically.

      Advantages

      • Lightweight version of standard web-pages with high speed load.
      • Instant multimedia content load: videos, animations, graphics.
      • Identical encoding — the same fast rendered website content on different devices.
      • AMP project is open source, it enables free information sharing and ideas contribution.
      • Possible advantage in SEO as page load speed is one of the ranking factors.
      • There are plugins for popular CMS to make AMP usage easier in your website.

      How to use it in WordPress

      When you choose what AMP plugin to use keep in mind the following:

      — Integration with SEO plugin for attaching corresponding metadata.

      — Analytics gathering with traffic tracking of your AMP page.

      — Displaying ads if you are a publisher.

      Available plugins in the WordPress catalog:

      1. AMP by Automattic
      2. Facebook Instant Articles & Google AMP Pages by PageFrog
      3. AMP – Accelerated Mobile Pages
      4. AMP Supremacy
      5. Custom AMP (requires installed AMP by Automattic)

      As example let’s install and activate AMP by Automattic and create a new post with multimedia content. Please, take note that not page but post. Pages and archives are not currently supported.

      AMP by Automattic plugin converts your post into accelerated version of the post automatically and you don’t have to duplicate by yourself. Just add /amp/ (or ?amp=1) to the end of your link and that would be enough.

      How to setup CleanTalk for AMP

      Please, make sure that the option “Use AJAX for JavaScript check” is disabled as it will prevent regular JavaScript execution.

      The option is here:

      WordPress Admin Page —> Settings —> CleanTalk and uncheck SpamFireWall.  

      Then, click on Advanced settings —> disable “Use AJAX for JavaScript check” —> Save Changes.

      Other options will not interrupt AMP post functioning. The CleanTalk Anti-Spam plugin will protect all data sending fields that were rendered after the conversion.

      For now, most AMP plugins remove the possibility to comments and send contact form data on accelerated pages.

      Google validation

      Now you need to validate your website structured data using the tool “Google Validator”:

      https://search.google.com/structured-data/testing-tool/

      If you don’t do this a search bot will not simply pay its attention to your post and no one will see it in the search results.

      Copy and paste the link to your AMP post and see the result. Fix the problems you will be pointed at.

      After that your AMP version of the post will be ready to use.

      Links

      AMP project:
      https://www.ampproject.org/

      AMP blog:
      https://amphtml.wordpress.com/

      AMP plugins in the WordPress catalog:
      https://wordpress.org/plugins/search.php?q=AMP

      Google Search recommendations of how to create accelerated mobile pages:
      https://support.google.com/webmasters/answer/6340290?hl=en

    • How to reduce a possibility of brute force attacks on WordPress

      How to reduce a possibility of brute force attacks on WordPress

      Until the moment when CleanTalk launched a security plugin, I didn’t pay much attention to the security of the admin account of WordPress and relied only on the complexity of the password.

      The most dangerous thing is when the bots use brute-force; pick up the password to the administrator account of the site. This can lead to very serious problems, as the attacker gets full access to the administrator account. On your website can be added malicious code, the site can be added to a botnet and participate in other attacks or the spread of viruses. The consequences for the reputation can be very sad.

      When the security plugin was launched I began to receive reports on the work of the plugin in which specify the statistics of failed login attempts to the admin account of WordPress. And for each day of such attempts was from 4 to 25, from different IP addresses. These were attempts of bots password guessing.

      What I noticed:

      1. Bots knew my login and password was selected to it.
      2. I do not use the default username Admin and changed it.
      3. In the blog there are other admin accounts, but attempts to break them for a few days of observation did not happen.

      Wondering how the bots found out my account and why not try to hack other accounts of administrators? Quite simply, under my account I place posts and write comments, and other accounts are made for employees, host and other people that perform actions only in the dashboard of the website.

      Based on this, I realized that the bots find out the login via the parsing of pages. Many publish posts and comments from the admin account.

      For example, you publish a blog post; the link to the author will be like this http://example.com/author/admin***/. Bots browsing the code of your website looking for recordings of this type on all pages of the website and collect links from all accounts.

      The same thing will happen if you write a comment from the admin account, only the link will be a bit of a different kind http://example.com/members/admin***/

      Even if you once published a post or comment from admin account, then the bots will find it and will try to crack it.

      I described one of the possible scenarios of obtaining a list of accounts for hacking, there may be others. But experience has shown that if the WordPress administrator account is not used for publications and comments on the website, its bots do not know.

      What to do in order to minimize the possibility of hacking the account of the administrator of the website.

      1. Not to publish posts and comments from the administrator account.
      2. Create an account for each administrator with another role such as Author or Editor. It all depends on your needs.
      3. Change the current administrator user. Attention! Before that, you need to backup your website and databases. I can’t recommend this and if you do this at your own risk, as this may lead to undesirable consequences.

      You will need to create a new user with administrator rights and a user with another role such as Author. Login to the dashboard with the new account and test the capabilities of the Administrator to manage site, settings and users.

      Go to the “Users” and delete the previous admin account, WordPress will ask you to whom to reassign the articles and comments, here is useful pre-created user Author. Reassign articles on it and in the future use to publish posts and comments.

      These actions can be done for other accounts administrators. But for most WordPress users would rather to install one of the plugins for protection from brute-force attacks, such as plugin Security & Firewall from CleanTalk.

    • CleanTalk launches a project to ensure the safety of websites

      CleanTalk launches a major project to create a cloud service for the safety of websites. The project will include several functions: protect the site against brute force attacks, vulnerability scanner and virus removal.

      Each function will have a number of features which help you easily keep the website safe from hackers.

      (more…)

    • SpamFireWall – prohibition of access to the site for spambots

      Every owner of the website or the webmaster is faced with such a scourge as spam in the comments or contact forms, registration by spambots in the guise of users. As a result, the form in the website processes these messages, which spend resources on the server. Some spam bots load the page to bypass the anti-spam protection, because of what resources are spent even more. In small amounts it is imperceptible, but when the web site per day receives thousands of such requests, this may significantly affect the CPU load of the server.

      Now we will tell you about a new option in the anti-spam plug-in for CleanTalk, which can effectively repel the attacks of spambots on your website. The option is called SpamFireWall (SFW), it blocks POST- and GET-requests from the most active spambots and does not allow them to download the server.

      How it works

      1. The user visits the website.
      2. His IP-address is checked against a database that contains records about more than two million IP-addresses that belong to the spambots.
      3. If the IP-address is contained in the database, the site displays a special page. Ordinary users will not notice anything, as the protection works in an invisible mode.
      4. All information about the process is stored in the database and available in the dashboard.

      The special page, which is displayed when suspected spam activity, not time-consuming for users who saw her by mistake. After 3 seconds, this user goes to the page automatically or sooner after clicking the link.

      This blocks all HTTP/HTTPS-traffic from spam active IP-addresses. Thus, in addition to spam attacks, from these IP-addresses will no longer able to be carried out and other types of attacks on the websites: bruteforce, DDoS, SQL injection, scanning of site by spambots, referral spam, etc.

      SpamFireWall allows users to configure their own “black lists” and allows you to add as a separate IP-address and a network.

      Currently SpamFireWall available for WordPress, Joomla, Drupal, Bitrix, SMF, MediaWiki, IPS Community Suite. In addition, you can use API-method to get a list of spam-active network https://cleantalk.org/help/api-spam-check).

      Logging requests SFW

      All the queries that triggered the SFW option, are stored in a log and then available in the control dashboard.

      In the statistics you can see the number of blocked requests as well as requests that have been blocked, but went to the site. At this point in the base SFW is 3.22 million IP-addresses. During 7 days, from 3 to 10 May, the SFW blocked 3,858,562 requests.

      About the service CleanTalk

      CleanTalk is a cloud service to protect websites from spam bots. CleanTalk uses protection methods that are invisible to the visitors of the website. This allows you to abandon the methods of protection that require the user to prove that he is a human (captcha, question-answer etc.).

    CleanTalk

    About

    Dashboard

    Pricing

    Sign up / Sign in

    Solutions

    Anti-Spam for websitee

    Blacklists

    Filter fake emails

    Gantt charts

    Hide contact data

    Stop spam emails in Contact form 7 (CF7)

    Stop spam in Elementor form builder

    Stop spam in WPForms

    Website malware scanner

    WordPress Security & Firewall Plugin

    Documentation

    API

    Help

    License agreement

    Privacy Policy

    Refund Policy

    Signs of Malware

    Contact us

    Create a support ticket

    Telegram

    Contact us