CleanTalk Security Plugin Tools for WordPress

Protection against brute-force attacks is essential to prevent unauthorized access to systems and accounts. Brute-force attack is a method where attackers sequentially try all possible combinations of account passwords and sometimes gain access to the system. The CleanTalk plugin has options such as:
1.1. Number of unsuccessful authorizations before blocking occurs.
1.2. Lockout time of the visitor which is the time period between login attempts.
1.3. Time period the IP will be blocked for when the limit of unsuccessful authorizations is reached.
User Actions Log is designed to track user actions in the WordPress Dashboard and ensure security. It allows you to record and display user actions in real time, to see which pages of the website backend and at what time they were visited. This tool is useful for detecting and preventing hacking attempts, unauthorized access, and other suspicious activities on the website.
Security Firewall is designed to block access to the site under certain conditions:
3.1. CleanTalk Database of Dangerous IP Addresses is being used to block access to the site for those IP addresses that have already participated in hacking attempts into other sites.
3.2. Your Personal Lists of IP Addresses is being used to block access to the site.
You can add custom IP addresses, networks, and countries on your CleanTalk Dashboard.
Visitors that were blocked by the Security FireWall will not be able to pass it and get to your site.
Security Report provides a summary of how the plugin works on your websites. The report is being sent once a week to your email address and provides the following statistics:
4.1. Blocked requests in Security FireWall
4.2. Number of brute-force attempts
4.3. Successful admin logins
4.4. Malware scanner statistics
The option “Notifications of administrator users authorizations” sends you a notification by email every time you successfully log in with an administrator account. This allows you to quickly receive information about unauthorized users.
Real-Time Traffic Monitor feature provides you with real-time traffic information on your website. It helps you in tracking visitors activity and detect potentially malicious traffic — these can be password cracking attempts, SQL injections, DDOS attacks, and other threats.

The feature also allows you to see bots activity on your site. Bots can have different intentions, but it’s important to be able to distinguish real users from automated bots. You can view the list of bots and take action to block unwanted activity.
You can see data such as IP address, location, country, and other information that will help determine if a visitor is a suspicious or unwanted bot. It will also help you make the appropriate security settings.

The feature works In real time, meaning you can see the activity immediately without a delay. You can view the current users on the site, as well as which pages or sections of the site are currently being viewed.
Malware Scanner is one of the features of the CleanTalk Security Plugin for WordPress that is designed to detect and remove malicious code on your website.
Daily automatic site scanning. The plugin scans your site once a day and you will receive up-to-date information about your site cleanness. You can choose the time period for the automatic site scanning — every 12 hours, 24 hours, 3 days, 7 days, 14 days, or every 30 days.

The Malware Scanner feature analyzes all files on your site, including the WordPress core files, themes and plugins. It looks for vulnerabilities, malicious scripts, and other suspicious elements that may be related to malicious code.

When Malware Scanner detects malware or suspicious files, it alerts you instantly via email. You will receive a detailed report of the found threats, including the file names. This will help you quickly respond and take necessary actions to remove malware.

Automatic Malicious Code Removal: The CleanTalk Security Plugin for WordPress provides this feature to automatically remove malicious code. If there is a known signature for the detected malicious code, the file will be disinfected automatically.
The option “Collect and send PHP log” allows you to automate the process of checking your PHP logs for errors that occur while your site is running. Errors could appear for a short period of time and only when one specific function is running, they can’t be spotted in other circumstances so sometimes it’s hard to catch them. The CleanTalk Scanner will check your website backend once per hour. Statistics of errors are available in your CleanTalk Dashboard.
2FA: WordPress Two-Factor Authentication is a tool to provide an additional level of security for the website administrator account.
The main purpose of 2FA is to protect user accounts from unauthorized access, even if an attacker knows the user’s password.
When a user enters their password to log into their WordPress account, 2FA requires them to provide a second authentication code. The code is being sent to the WordPress account email address.

The CleanTalk Security plugin allows administrators to set up 2FA for various user roles. So they can grant 2FA to certain groups of users.
The option “Custom WP-Login URL” in the CleanTalk Security Plugin for WordPress allows you to change the default login URL of your WordPress Dashboard (wp-login.php). This is useful for several reasons:

• Protection against brute-force attacks: Changing the login URL of the admin panel makes it less predictable and harder for attackers to determine. Most brute-force scripts and bots look for the standard URL, so using a custom URL improves security.
• Hiding the fact that WordPress is being used: Many hackers and attackers specifically look for sites built on WordPress in order to gain access to them. Changing the login URL makes your site less vulnerable for attacks that are being made by the principle “Default WordPress Login URL Search” .
• If you use a custom login URL, this may be more memorable and convenient for you. You can choose an URL that is easy to remember or related to your brand.
• Prevent spam and DDoS attacks: Changing your login URL can help you prevent spam bots and DDoS attacks that often target a standard URL. This can significantly reduce the amount of unwanted activity and improve the performance of your site.
The option “Prevent collecting of authors’ logins” in the CleanTalk Security Plugin for WordPress is an additional tool to protect your site from malicious attacks and unauthorized access.

One of the most common ways of attacking websites is by attempting to hijack the accounts of the administrator or content authors. A hacker can use various methods to gain access to usernames and passwords and use them for malicious purposes such as injecting malicious code, modifying website content, and even stealing user data.

The option in the CleanTalk Security Plugin can greatly reduce the risk of such attacks. This feature allows you to hide the names of your authors (logins) from public view on the site, storing them in the database for administrative access only.

Firstly, it will prevent attackers from accessing authors’ data, which will significantly complicate the hacking process. Secondly, the site will look more secure and inaccessible to hackers. Thirdly, using this option reduces the likelihood of data leakage and privacy violations.
The option “Disable XML-RPC” in the CleanTalk Security Plugin is an important step to increase security and prevent potential attacks on your site.

XML-RPC is a protocol that allows you to remotely interact with your WordPress site. It was created to facilitate data transfer and information exchange with other platforms. However, due to several vulnerabilities, XML-RPC can become an entry point for hackers.

One of the main reasons for disabling XML-RPC is the possibility of an attack called brute-force. This attack involves attempts to forcefully input different random passwords for administrative accounts in a rapid succession. XML-RPC, by its very nature, allows attackers to carry out such attacks because it allows iterative validation of multiple passwords without restrictions. Disabling XML-RPC greatly reduces the risk of such attacks and prevents unauthorized access to your site.

In addition, XML-RPC can also be used to carry out DDoS (Distributed Denial of Service) attacks. Attackers can use XML-RPC to send a large number of requests to your site at the same time, which can lead to server overload and temporary site denial of service. Disabling XML-RPC protects your site from such attacks and helps keep it running for your visitors.

Disabling XML-RPC in WordPress is quite simple. You can do this with the CleanTalk Security Plugin and enable the option “Disable XML-RPC”. It is recommended to disable XML-RPC unless you are using it to communicate with other platforms or services.
The option “Disable REST API for non-authenticated users”. The REST API is a set of programming interfaces that allow you to interact with your WordPress site and access data and functionality. However, access to the REST API can become a vulnerability for attackers if the option “Disable REST API for non-authenticated users” is not enabled. Examples: getting a list of all posts, creating a new post or updating an existing one, deleting a post, getting/creating users and comments.

Disabling the REST API for unauthenticated users has several benefits. First, it reduces the risk of an attack on your site. If an attacker gains access to the REST API, they can use this opportunity to obtain sensitive data, change site content, or perform other unwanted actions. Disabling the REST API for unauthenticated users helps in preventing these potential attacks.

Second, disabling the REST API for unauthenticated users helps improve the performance of your site. The REST API can put a load on the server, especially when trying to process many requests from unauthenticated users. Disabling this feature for these users reduces the server load and speeds up your site response.

Enabling the option “Disable REST API for non-authenticated users” in the CleanTalk Security Plugin is very simple. Just activate this option in the plugin settings and save the changes. It is important to note that this option will not affect authenticated users, and they will be able to continue using the REST API without any issues. If you only use the WordPress Dashboard to work with the site and want to increase the security level of your resource, then it is recommended to disable the WP REST API.
The option “Forbid to show your website in <iframe> tags on third-party websites” in CleanTalk Security prevents your site from being embedded in an <iframe> on other websites. An <iframe> is an HTML element that allows you to embed one web page inside another. Technically speaking, <iframe> can be used to display your site on other third-party sites while still maintaining visual and functional content. However, this can also lead to security risks and undesirable consequences.

This has several advantages. First, it protects your site from potential fraudulent activities. Some attackers may create embedded iframe-copies of your website to fraudulently collect personal information from your visitors or malicious targets. Disabling <iframe> prevents this possibility and protects your users.

Second, opting out of showing your site in an <iframe> on third-party websites helps you control content and prevent copyright loss. If your site is embedded in another website’s <iframe> without your consent, this may result in improper display and control of your content. Disabling <iframe> allows you to retain full control over how and where your site is displayed.

Enabling the option “Forbid to show your website in <iframe> tags on third-party websites”in the CleanTalk Security Plugin is very simple. It is enough to activate this option in the plugin settings, and your site will be protected from embedding in <iframe> tags on third-party websites.
The option “Add these headers to the HTTP responses on the public pages: X-Content-Type-Options, X-XSS-Protection” in CleanTalk Security allows you to add the X-Content-Type-Options and X-XSS-Protection security headers to the HTTP responses on your site’s public pages. These headers tell browsers how to process the content of the page and prevent possible XSS-based attacks and malware downloads.

XSS (cross-site scripting) and drive-by download attacks are among the most common and dangerous threats in the online environment. XSS attacks can allow attackers to inject and execute malicious code on your site, while drive-by download attacks attempt to download and install malicious software without the admin’s knowledge.

The X-Content-Type-Options header tells the browser that page content should only be processed according to the specified MIME type (Multipurpose Internet Mail Extensions). This helps prevent possible attacks based on the content type and provides an additional layer of protection.

The X-XSS-Protection header is designed to protect against XSS (cross-site scripting) attacks. It includes built-in protection mechanisms in the browser that allow you to detect and block attempts to execute malicious scripts in a timely manner.
Enabling the option “Add these headers to the HTTP responses on the public pages: X-Content-Type-Options, X-XSS-Protection” in the CleanTalk Security Plugin is very simple. Just enable this option in the plugin settings and headers will be automatically added to the HTTP responses on public pages of your site.

In this article we have tried to tell you about the main and most useful options of the CleanTalk Security Plugin for WordPress. You can install the plugin from the official WordPress directory here: https://wordpress.org/plugins/security-malware-firewall

If you have any questions about the CleanTalk Security Plugin functions, feel free to ask them in the comments and we will be happy to assist you.