CleanTalk's blog

Sign Up

Tag: wordPress plugins

  • User Registration & Membership – Spam Protection Guide in 2026

    User Registration & Membership – Spam Protection Guide in 2026

    CleanTalk has added spam protection for the User Registration & Membership WordPress plugin by WPEverest through direct form integration. If you use this plugin, be sure to enable the highly effective CleanTalk Anti-Spam solution. In this post, we also review all anti-spam options available for User Registration & Membership.

    User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder

    First of all let’s see what this plugin is,

    User Registration & Membership by WPEverest is a powerful WordPress plugin for creating custom user registration forms, login pages, and membership websites without coding. It features a drag-and-drop form builder, user profile management, content restriction, and payment integrations for subscription-based sites. Ideal for communities, online courses, and client portals, the plugin helps website owners manage users and memberships efficiently while improving user experience.

    According wordpress.org, this plugin is installed on 60,000+ sites.

    Installing User Registration & Membership

    There are few steps to be this plugin installed,

    1. Go to WordPress console -> Plugins -> Add plugin, type ‘user’.
    2. Install ‘User Registration & Membership’ by WPEverest and activate the plugin.
    3. Next you see a setup screen, that can be skipped on this moment.
    4. That’s all the plugin is installed!

    On the next steps we work with page YOUR-SITE.COM/registration/.

    By the if you want place the registration form on another page,

    1. Follow to WordPress console -> User Registration & Membership -> Registration form.
    2. Copy shortcode like this [user_registration_form id=”8″] from the right/top corner of screen and place on any other page you want to.

    Anti-Spam plugin by CleanTalk for WordPress

    In beginning a few words about the plugin that we are going to use against spam,

    CleanTalk Anti-Spam plugin for WordPress automatically protects your website from spam comments, registrations, contact forms, and fake orders without using CAPTCHA. It uses cloud-based spam detection and real-time databases to block bots in the background while keeping the experience smooth for legitimate visitors.

    According wordpress.org, this plugin is installed on 200,000+ web sites. To install the plugin please follow this guide.

    The next step is testing the anti-spam protection.

    How to check spam protection for User Registration & Membership

    We are going to test protection and the most important step in this process to do it as a regular visitor, not as as authorized user/administrator in WordPress console!

    Follow this,

    1. Jump to YOUR-SITE.COM/registration/ in incognito mode in your browser.
    2. Fill up the form using test email address s@cleantalk.org. This is a service email, using which do not cause block listing your IP in CleanTalk’s cloud.
    3. You see response from the cloud like this,

    *** Forbidden. Sender blacklisted. Anti-Spam by CleanTalk. ***

    That’s all! The protection is active and ready to go. If you have any questions, add a comment and we will be happy to help you. In addition, in the Cloud Dashboard you can find extra details regarding all submissions for registration form.

    What additional anti-spam tools are available for User Registration & Membership?

    On this day on the market there are a few more tools to protect User Registration & Membership against spam bots. As well as this plugin has some built-in tools. Let’s see what we have,

    1. This plugin has built-in integration with Google reCaptcha version 2 and 3. reCAPTCHA by Google helps protect WordPress registration forms from spam by verifying that users are real people using behavioral analysis or interactive challenges. It blocks automated bot sign-ups and reduces fake registrations while allowing legitimate users to register securely.
      The settings located are here WordPress console -> User Registration & Membership -> Registration & Login -> Captcha. The Site and Secret keys are available on website.
    2. The next tool is hCaptcha. hCaptcha is a privacy-focused CAPTCHA solution that protects WordPress registration forms from spam by requiring users to complete human verification challenges, helping block automated bot sign-ups. Unlike reCAPTCHA by Google, hCaptcha places stronger emphasis on user privacy and data control, making it a popular alternative for websites that want effective spam protection with less tracking.
      The settings located are here WordPress console -> User Registration & Membership -> Registration & Login -> Captcha. The Site Key and Secret key are available on website.
    3. Next is Turnstile by Cloudflare. It protects WordPress registration forms from spam by automatically verifying visitors using browser and behavioral signals without showing CAPTCHA challenges. Unlike reCAPTCHA, Turnstile is designed to be privacy-friendly and frictionless, reducing spam registrations while keeping the signup process seamless for real users.
      The settings located are unde same path as tools before WordPress console -> User Registration & Membership -> Registration & Login -> Captcha. The Site Key and Secret key are available on website.
    4. There are also bunch of universal anti-spam plugins like Simple CAPTCHA Alternative by Elliot Sowersby, WP Armour and etc. All of them can be found on wordpress.org.

    As my research shows there is no plugins or direct integration with Akismet.

    I have questions…

    What if I don’t use User Registration & Membership plugin, but still have spam registrations (users)?

    In this case, Anti-Spam by CleanTalk is the best way to get rid of standard wordpress registration forms spam.

    Does this guide work for WPforo plugin?

    No, it does not. Read this guide instead to protect WPforo Forum against spam registrations.

    How about spam protection for s2Member plugin?

    Please use another guide in order of s2member spam protection.

    Final thoughts

    I hope this guide helped resolve all spam issues on your registration form. If not, Sign Up for an account and our CleanTalk team will be happy to help.

  • Spam Protection – S2Member Memberships

    Spam Protection – S2Member Memberships

    If you prefer to use s2Member Memberships & Subscriptions registration form be sure to use the most effective Anti-Spam plugin. Read the guide below and learn 4 steps to protect your s2Member Registration Forms from spam.

    Once the CleanTalk Anti-Spam plugin is installed it starts to protect all of the existing forms on your WordPress website. It may not only be registration forms but also contact forms and many others.

    Download CleanTalk Anti-Spam plugin | Download s2Member Registration Form plugin 

    How to install CleanTalk Anti-Spam plugin

    To install the Anti-Spam plugin, go to your WordPress admin panelPluginsAdd New.

    Then enter «СleanTalk» in the search box and click the Install button for «Spam protection, Anti-Spam, FireWall by CleanTalk».

    After installing the plugin, click the «Activate»‎ button.

    After it is done go to the plugin settings and click the «Get Access Key Automatically» button. Then just click the «Save Settings»‎ button.

    That’s it! From now you How to completely protect your s2Member Registration Form from spam.

    Check the result to save your s2Member Registration Form from spam

    You can test the work of Anti-Spam protection for your s2Member Registration Form by using a test email s @ cleantalk.org (without spaces). First, open the form in an Incognito browser tab. Fill in all the required form fields and send a form. After submitting the form, you will see a block message about the block on the form submission.

    If you have any questions, add a comment and we will be happy to help you.

    Create your CleanTalk account – Register now and protect your s2Member Registration Form from spam in 5 minutes

    Update

    The protection works only for website visitors, not for website admins. Be sure to test the form protection using Incognito mode.

    Additional features

    • CleanTalk protects all forms at once: comments, registrations, feedbacks, contacts, reviews.
    • Installation takes about 1-2 minutes.
    • Smart 99% protection against spambots.
    • Always online – 24/7 technical support.
    • Logs, SpamFireWall, personal lists, country filters, stop-words, and many others.

    Discover the complete list of CleanTalk Anti-Spam plugin features here.

  • wpForo Forum – Spam Protection

    wpForo Forum – Spam Protection

    CleanTalk added spam protection for wpForo Forum multi-layout bulletin board using direct form integration. So in case, you prefer using wpForo be sure to use the most effective Anti-Spam plugin. Read the guide below and learn 4 steps to protect your wpForo Forms from spam.

    Once the CleanTalk Anti-Spam plugin is installed it starts to protect all of the existing forms on your WordPress website. It may not only be wpForo forms but also many others.

    Download CleanTalk Anti-Spam plugin | Download wpForo Forum 

    How to install CleanTalk Anti-Spam plugin

    To install the Anti-Spam plugin, go to your WordPress admin panelPluginsAdd New.

    Then enter «СleanTalk» in the search box and click the Install button for «Spam protection, Anti-Spam, FireWall by CleanTalk».

    After installing the plugin, click the «Activate»‎ button.

    After it is done go to the plugin settings and click the «Get Access Key Automatically» button. Then just click the «Save Settings»‎ button.

    That’s it! From now you know how to completely protect your wpForo Forum plugin from spam.

    How to check spam protection for wpForo Forms

    You can test the work of Anti-Spam protection for your СonvertKit Forms by using a test email s @ cleantalk.org (without spaces). First, open the form in an Incognito browser tab. Fill in all the required form fields and send a form. After submitting the form, you will see a block message about the block on the form submission.

    If you have any questions, add a comment and we will be happy to help you.

    Create your CleanTalk account – Register now and protect your СonvertKit Forms from spam in 5 minutes

    Update

    The protection works only for website visitors, not for website admins. Be sure to test the form protection using Incognito mode.

    Additional features

    • CleanTalk protects all forms at once: comments, registrations, feedbacks, contacts, reviews.
    • Installation takes about 1-2 minutes.
    • Smart 99% protection against spambots.
    • Always online – 24/7 technical support.
    • Logs, SpamFireWall, personal lists, country filters, stop-words, and many others.

    Discover the complete list of CleanTalk Anti-Spam plugin features here.

  • A critical vulnerability in WP Statistics threatens over 600,000 websites: CleanTalk Research team discovers complete admin panel takeover method

    A critical vulnerability in WP Statistics threatens over 600,000 websites: CleanTalk Research team discovers complete admin panel takeover method

    The CleanTalk Research team has identified a critical vulnerability in the popular WP Statistics plugin (versions up to and including 14.15.3), which is installed on over 600,000 WordPress websites. The vulnerability allows unauthenticated attackers to perform Stored Cross-Site Scripting (XSS), leading to administrative session hijacking, admin panel compromise, and potential code execution on the underlying server OS.

    This Unauthenticated Stored XSS vulnerability operates through the HTTP User-Agent header. Attackers can execute arbitrary JavaScript in the WordPress admin panel, enabling them to steal session tokens and nonces, escalate privileges, create administrator accounts, and potentially expand access to the operating system if additional attack vectors are available. Most critically, no authentication is required—a single HTTP request is sufficient, making mass automated exploitation trivial.

    The WP Statistics development team has released a security update addressing this vulnerability. Website administrators are strongly urged to update WP Statistics to the latest version immediately.

    The CleanTalk Research team specializes in identifying and responsibly disclosing vulnerabilities in popular WordPress plugins and themes. We continue to actively audit plugins and publish technical reports on newly discovered vulnerabilities.

    Stay informed:
    📝 Research Blog: https://research.cleantalk.org/ 
    📱 Telegram Channel: https://t.me/cleantalk_researches/326 


    REFERENCES
    https://research.cleantalk.org/cve-2025-9816/ 
    https://www.cve.org/CVERecord?id=CVE-2025-9816 
    https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-statistics/ 
    https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N 

    CleanTalk Security Plugin automatically scans your plugins for known vulnerabilities. The plugin monitors the versions of all your installed plugins and themes and immediately alerts you if a vulnerability is detected in one. As soon as a problem is detected (like with WP Statistics), you receive a notification.

  • Client Review: Climate Change Dispatch

    Client Review: Climate Change Dispatch

    We are happy to share feedback from one of our clients — Thomas, the owner of climatechangedispatch.com

    Great support, even better spam killer

    I was using Akismet for WordPress for years until I found Cleantalk. I got an email from Automaticc, which owns Akismet and Jetpack, stating that because I had some ads on my site, I had to pay a ridiculous amount of money. They gave me 30 days. I switched to Cleantalk as it was cheaper, and the difference was amazing.
    Not only did it catch spam, but the personal blacklists are a timesaver. No more hits or misses from imprecise wording in the Discussion settings. And the support is absolutely superb. The few times I’ve needed them, they were prompt and fantastic. The firewall and bot-crawler features are also a timesaver. Did you know that auto-bots crawl your site and slow it down? I’m talking spammy bots looking for email addies. This plugin stops them. And also prevents spam after spam from getting through via rate limiting. Try it out, and I swear you will rarely, if ever, have to get rid of spam manually. It’s that good!

    We thank Thomas for his detailed feedback and trust in CleanTalk.
    It’s always a pleasure to hear that our service helps clients protect their websites and save time.

  • QuickCal Spam Protection for WordPress

    QuickCal Spam Protection for WordPress

    quickcal screenshot 03
    quickcal screenshot 03

    QuickCal forms is a good choice when you need to use a powerful booking calendar. Always be sure to use the most effective Anti-Spam plugin. For example CleanTalk Anti-Spam will guarantee your QuickCal booking form spam protection in about 5 minutes.

    Once CleanTalk Anti-Spam plugin is installed it starts to protect all of the existing forms on your WordPress website. It may not only be QuickCal forms but many others.

    Download CleanTalk Anti-Spam plugin | Download QuickCal plugin 

    How to install CleanTalk Anti-Spam plugin

    To install the Anti-Spam plugin, go to your WordPress admin panelPluginsAdd New.

    Then enter «СleanTalk» in the search box and click the Install button for «Spam protection, Anti-Spam, FireWall by CleanTalk».

    After installing the plugin, click the «Activate»‎ button.

    After it is done go to the plugin settings and click the «Get Access Key Automatically» button. Then just click the «Save Settings»‎ button.

    That’s it! From now your WordPress website and QuickCal forms are protected from spam.

    You can always use our detailed installation instructions.

    How to check your QuickCal forms spam protection in about 5 minutes

    You can test the work of Anti-Spam protection for your QuickCal forms by using a test email s @ cleantalk.org (without spaces). First, open the form in an Incognito browser tab. Fill in all the required form fields and send a form. After submitting the form, you will see a block message about the block on the form submission.

    If you have any questions, add a comment and we will be happy to help you.

    Create your Cleantalk account – Register now and enjoy your spam-free QuickCal forms.

    You may view a complete list of CleanTalk Anti-Spam plugin features here. https://cleantalk.org/help/introduction 

    WordPress spam protection

  • Our Client’s Review: DIYB.CA

    Our Client’s Review: DIYB.CA

    We love sharing feedback from our users — and today’s story comes from Paul at DIYB.CA, originally posted on WordPress.org.

    CliUnbelievably Happy!

    I have lost track of how many spam blockers & techniques I’ve tried on client sites to ensure real leads make it to their inbox — but nothing has come close to CleanTalk! We use FluentForms, and when they recommended CleanTalk, it turned out to be a perfect match. Clear reports show what’s been blocked and what’s allowed. Easy to install, works flawlessly — and most importantly, my clients are happy. That makes it a winning product in my eyes.

    Thanks, Paul — and welcome to the CleanTalk club!

    🔗 Learn more about how CleanTalk works with FluentForms

    Feature (New Employee Onboarding)

  • Protecting Your WordPress Website: A Backup Guide

    Protecting Your WordPress Website: A Backup Guide

    A robust backup strategy for any WordPress website is compulsory to store important content and keep the business running in case anything goes wrong. This guide reviews the best practices for WordPress backup and reviews some of the top-rated WordPress backup plugins to simplify the process.

    Automated WordPress Backup: The Power of Plugins

    Consider the WordPress backup plugin for a better, more efficient, and more reliable solution. These plugins will automate backing up for you, even on a schedule, and quite often provide extra features, such as:

    • Restore your entire site to a previous point in time with just one click.
    • Store backups safely off-site to safeguard against server failures.
    • Receive notifications for successful or failed backups.
    • The only backup changes since the last backup have been saving storage space.

    Example of WordPress Backup Plugin: WPvivid

    WPvivid is a highly rated plugin that offers a wide range of WordPress backup and restoration options. It’s user-friendly and offers peace of mind knowing your site is safe.

    How to Use WPvivid

    Installation

    1. Login to your WordPress dashboard.
    2. Go to Plugins > Add New.
    3. Search for “WPvivid Backup”
    4. Install the plugin.
    5. Activate the plugin.

    First Backup:

    1. Go to WPvivid > Backup & Restore.
    2. Click Backup Now.
    1. Go to WPvivid > Schedule.
    2. Set up a regular schedule of automated backup.
    3. Click Save Changes.

    Restore Your Site:

    1. Go to WPvivid > Backup.
    2. Choose the backup you want to restore.
    3. Click Restore.

    Extra Tips:

    • Test Your Backups: Regularly restore your site from a backup to make sure it’s working correctly.
    • Keep Multiple Backups: Keep multiple backups to be safe from data loss. Secure Your Backups: If you’re storing backups off-site, use strong passwords and encryption. 
    • Monitor Your Backups: Keep an eye on your backup schedule and storage usage.
    • Regular Backups: Set up regular backups, preferably daily or weekly. 
    • Offsite Storage: Store backups off-site to protect against local disasters. 
    • Test Restores: Periodically test restoring your site from backups to ensure they are working.
    • Secure Backups: Protect backups with strong passwords and encryption.

    With these best practices in place and by using a reliable WordPress backup plugin, you can all but secure your WordPress site and minimize the possible disasters to the barest minimum.

    More WordPress Guides:

  • Comprehensive Guide to WordPress Homepage Editing

    Comprehensive Guide to WordPress Homepage Editing

    Are you looking to customize your WordPress homepage? This comprehensive guide will walk you through everything you need about WordPress main page editing, from understanding the default layout to using page builders. Whether you’re a beginner looking for a step-by-step WordPress homepage editing tutorial or an experienced user wanting advanced customization tips, we’ve got you covered.

    Understanding the Default WordPress Homepage

    The default WordPress homepage typically displays your latest blog posts, styled according to your chosen theme. While this setup is simple, there may be better options for your website’s specific needs. Before you start making changes, it’s important to understand the basic structure of a WordPress homepage.

    Critical Components of a Default Homepage

    • Header: This top section usually contains your site title, logo, and navigation menu. You can learn how to edit the WordPress homepage header using the methods described below.
    • Content Area: The central part of the page where your blog posts, excerpts, or other content elements are displayed. You’ll find ways to change WordPress homepage content and layout in this guide.
    • Sidebar: An optional area on either side of the content area, commonly used for widgets. Learn how to customize your sidebar and add widgets to your WordPress homepage.
    • Footer: The bottom section typically includes copyright information, contact details, and additional links.

    Methods for Editing Your WordPress Homepage

    There are several ways to edit your WordPress front page:

    • Theme Customizer: Most modern WordPress themes offer a visual customizer that allows you to make changes without writing any code. Access it by navigating to Appearance -> Customize in your WordPress dashboard. 

    Look for homepage-related options, such as:

    • Header image or logo
    • Color scheme
    • Site identity (such as logo, name, etc.)
    • Menus
    • Background image
    • Widgets
    • Other settings, like advanced CSS.
    • Theme Editor: For more advanced customizations, you can directly edit your theme’s code. However, proceed with caution, as errors can break your site. This method is generally not recommended for beginners. If you’re comfortable with code, go to Appearance -> Theme Editor. You’ll often find the homepage template files named index.php or front-page.php.
    • Page Builder Plugins: If you prefer a visual, drag-and-drop interface, consider using a page builder plugin like Elementor, Divi, or Beaver Builder. These plugins offer pre-built templates and design options, making it easy to create a custom WordPress homepage without any coding knowledge. They are a great option for beginners looking for an easy way to design their WordPress homepage.

    Tailoring Your Homepage to Your Needs

    • Define Your Homepage’s Purpose: What do you want your homepage to achieve? Is it a product showcase, a blog, or a landing page for lead generation? Clearly outlining your goals will help you design a more effective homepage.
    • Create a Strong Visual Hierarchy: Guide visitors’ attention to key elements using size, color, and placement.
    • Optimize for Mobile Devices: Ensure your homepage is responsive and looks good on all devices.
    • Improve Loading Speed: Optimize images, reduce HTTP requests, and leverage browser caching to optimize your WordPress homepage for SEO.
    • Test Thoroughly: Preview your homepage on different devices and browsers to catch any issues.

    Example Homepage Structures

    • Business Website: Highlight key services, products, and a clear call to action (CTA).
    • Blog: Feature recent posts, popular categories, and author bios.
    • Portfolio Website: Showcase your best work with high-quality images and project descriptions.
    • E-commerce Store: Display best-selling products, featured categories, and customer testimonials.

    Remember, your homepage is the first impression visitors have of your website. Invest time in crafting a design that reflects your brand and engages your audience. By following the tips in this WordPress homepage design for beginners guide, you can create a homepage that is both beautiful and effective.

    Feel free to check our other beginner’s guides to make your WordPress start smooth:

    A Beginners’ Guide: Crafting Captivating Pages on Your WordPress Website

    A Beginner’s Guide: How to Install WordPress from Scratch

  • Piotnet Forms Spam Protection for WordPress

    Piotnet Forms Spam Protection for WordPress

    CleanTalk added spam protection for Piotnet Forms using direct form integration. So in case, you prefer using this type of contact forms be sure to use the most effective Anti-Spam plugin. Read the guide below and learn 4 steps to protect all your contact forms from spam.

    Once the CleanTalk Anti-Spam plugin is installed it starts to protect all of the existing forms on your WordPress website. It may not only be Piotnet Forms but also many others.

    Download CleanTalk Anti-Spam plugin | Download Piotnet Forms 

    How to install CleanTalk Anti-Spam plugin

    To install the Anti-Spam plugin, go to your WordPress admin panelPluginsAdd New.

    Then enter «CleanTalk» in the search box and click the Install button for «Spam protection, Anti-Spam, FireWall by CleanTalk».

    After installing the plugin, click the «Activate»‎ button.

    After it is done go to the plugin settings and click the «Get Access Key Automatically» button. Then just click the «Save Settings»‎ button.

    That’s it! From now you How to completely protect your Contact Forms from spam.

    How to check Piotnet Forms Spam Protection

    You can test the work of Anti-Spam protection for your Contact Forms by using a test email s @ cleantalk.org (without spaces). First, open the form in an Incognito browser tab. Fill in all the required form fields and send a form. After submitting the form, you will see a block message about the block on the form submission.

    piotnet forms
    piotnet forms

    If you have any questions, add a comment and we will be happy to help you.

    Create your CleanTalk account – Register now and protect your Contact Forms from spam in 5 minutes

    Update

    The protection works only for website visitors, not for website admins. Be sure to test the form protection using Incognito mode.

    Additional features

    • CleanTalk protects all forms at once: comments, registrations, feedbacks, contacts, reviews.
    • Installation takes about 1-2 minutes.
    • Smart 99% protection against spambots.
    • Always online – 24/7 technical support.
    • Logs, SpamFireWall, personal lists, country filters, stop-words, and many others.

    Discover the complete list of CleanTalk Anti-Spam plugin features here.

CleanTalk

About

Dashboard

Pricing

Sign up / Sign in

Solutions

The best anti-spam plugins in 2026

Block Lists

Filter fake emails

Hide contact data

Stop spam emails in Contact form 7 (CF7)

Stop spam in Elementor form builder

Stop spam in GiveWP  Donation & Fundraising Plugin

Stop spam in WPForms

Website malware scanner

Malware removal service

WordPress Security & Firewall Plugin

Documentation

Anti-Spam API

Help

License agreement

Privacy Policy

Refund Policy

Signs of Malware

Contact us

Create a support ticket

Contact us