CleanTalk's blog

    Sign up

    Tag: wordpress

    • 4 steps for a complete HappyForms spam protection

      4 steps for a complete HappyForms spam protection

      After you created your HappyForms Contact Form you may get spam through this form. CleanTalk protects your HappyForms Contact Form from spam and saves your visitors time.

      Once CleanTalk Anti-Spam plugin is installed it starts to protect all of the existing forms on your WordPress website. It may not only be HappyForms but many others.

      Download CleanTalk Anti-Spam plugin | Download HappyForms Contact Form 

      How to install CleanTalk Anti-Spam plugin

      To install the Anti-Spam plugin, go to your WordPress admin panelPluginsAdd New.

      Then enter «СleanTalk» in the search box and click the Install button for «Spam protection, Anti-Spam, FireWall by CleanTalk».

      After installing the plugin, click the «Activate»‎ button.

      After it is done go to the plugin settings and click the «Get Access Key Automatically» button. Then just click the «Save Settings»‎ button.

      That’s it! From now your WordPress website and HappyForms Contact Forms are protected from spam.

      You can always use our detailed installation instructions.

      How to check that CleanTalk already protects your HappyForms Contact Forms from spam

      You can test the work of Anti-Spam protection for your HappyForms Contact Forms by using a test email s @ cleantalk.org (without spaces). First, open the form in an Incognito browser tab. Fill in all the required form fields and send a form. After submitting the form, you will see a block message about the block on the form submission.

      If you have any questions, add a comment and we will be happy to help you.

      Create your Cleantalk account – Register now and enjoy while CleanTalk protects your HappyForms Contact Form from spam.

      Update

      The protection works only for website visitors, not for website admins. Be sure to test the form protection using Incognito mode.

      You may view a complete list of CleanTalk Anti-Spam plugin features here. https://cleantalk.org/help/introduction 

      WordPress spam protection

    • Hiding your WordPress username from bad bots

      Hiding your WordPress username from bad bots

      Do you know how to hide your WordPress usernames from bad bots? We are glad to introduce you a new Security plugin improvement: from now CleanTalk allows you to hide WordPress username from bad bots brute-force.

      Before this improvement became available some bots could learn WordPress usernames by their ID and use it to brute-force these accounts later. For example, a request like «‎https://blog.cleantalk.org/?author=007»‎ could return the username «https://blog.cleantalk.org/author/james_bond».

      This option is switched off by default so in order to avoid vulnerabilities like that we highly recommend to switch it on.

      Step 1: Go to PluginsInstalled Plugins.

      Step 2: Go to Settings beneath the Security plugin.

      And after that choose General Settings.

      Step 3: Go to Miscellaneous section and find checkbox ‎«‎Prevent collecting of authors logins» and just check this box.

      Step 4: Press the «Save Changes» button.

      Success! That’s how quickly CleanTalk allows you to hide WordPress username from bad bots

      If you have any questions, add a comment and we will be happy to help you.

      Create your Cleantalk account – Register now and enjoy while CleanTalk Anti-Spam plugin protects your Clean and Simple Contact Forms from spam.

    • Hiding PHP Notices and Warnings in WordPress

      Hiding PHP Notices and Warnings in WordPress

      Sometimes you can see some PHP notices and warnings on your WordPress page. So we created this post to help hiding PHP Notices and Warnings in WordPress

      Most of them don’t worth your attention. But if you are the plugin or theme developer then you should know about this so that you may fix them in next release. And some of this warnings and notices are sent to you just because the developer has to keep WordPress and PHP older versions compatible.

      The easiest way of hiding PHP Notices and Warnings in WordPress

      Just go to your wp-config.php file and set WP_DEBUG to false. This will not cause any changes to your website.

      But sometimes this solution may not do the thing. Mostly this happens when you use shared cheap shared hosts. Usually hosts like this force various PHP notices and warnings. So if previous solution doesn’t work you may replace it with the next linen your wp-config.php file.

      define('WP_DEBUG', false);

      with this lines:

      ini_set('display_errors','Off');
ini_set('error_reporting', E_ALL );
define('WP_DEBUG', false);
define('WP_DEBUG_DISPLAY', false);

      Great! We hope this tips will be useful for you!

      Create your Cleantalk account – Register now!

    • How to protect your Gravity forms using CleanTalk Anti-Spam plugin

      How to protect your Gravity forms using CleanTalk Anti-Spam plugin

      After you created your contact form using Gravity Forms you actually may get spam. CleanTalk Anti-Spam plugin protects your Gravity contact forms from spam.

      Once CleanTalk Anti-Spam plugin is installed it starts to protect all of the existing forms on your WordPress website. It may not only be Gravity contact forms but many others.

      How to install CleanTalk Anti-Spam plugin

      To install the Anti-Spam plugin, go to your WordPress admin panel → Plugins → Add New.

      Then enter «СleanTalk» in the search box and click the Install button for «Spam protection, Anti-Spam, FireWall by CleanTalk».

      After installing the plugin, click the «Activate»‎ button.

      After it is done go to the plugin settings, click the «Get Access Key Automatically» button. Then click the «Save Settings»‎ button.

      That’s it! From now your WordPress website and Gravity forms are protected from spam.

      You can always use our detailed installation instructions.

      Download CleanTalk Anti-Spam plugin | Download Contact Form by Gravity Forms 

      How to check that CleanTalk already protects your Gravity contact forms from spam

      You can test the work of Anti-Spam protection for your Gravity contact form by using a test email s @ cleantalk.org (without spaces). First, open the form in an Incognito browser tab. Fill in all the required form fields and send a form. After submitting the form, you will see a block message about the block on the form submission.

      If you have any questions, add a comment and we will be happy to help you.

      Create your Cleantalk account – Register now and enjoy while CleanTalk Anti-Spam plugin protects your Gravity contact forms from spam.

      Update

      The protection works only for website visitors, not for website admins. Be sure to test the form protection using Incognito mode.

      Additional features

      • CleanTalk protects all forms at once: comments, registrations, feedbacks, contacts, reviews.
      • Installation takes about 1-2 minutes.
      • Smart 100% protection against spambots.
      • Always online – 24/7 technical support.
      • Logs, personal lists, country filters, stop-words and many another.

      A complete list of CleanTalk Anti-Spam plugin features can be viewed here. https://cleantalk.org/help/introduction 

      WordPress spam protection

    • Introducing: CleanTalk Pixel

      Introducing: CleanTalk Pixel

      Our mission is to protect your website from spam. In order to do so we need to firstly identificate visitor’s IP address. But detecting IP address sometimes may go wrong because it may be substituted by some bots. So we decided to exclude the probability of false triggering and here comes the CleanTalk Pixel that improves your website spam protection.

      What is CleanTalk Pixel and how does it improve your site spam protection

      It is an «invisible» 1×1px image that Anti-Spam plugin integrates to your WordPress website. And when someone visits your website the Pixel is triggered and reports this visit and some other data including true IP address.

      This Pixel is not located on some server but is created in HTML every time you load your website page. This exactly helps our system to get the most true IP address and not be confused by CDN or plugins caching site requests. And that’s exactly how CleanTalk Pixel improves your website spam protection.

      How to connect Pixel to your website

      Step 1: Go to Plugins Installed Plugins.

      Then go to Settings link next to CleanTalk Anti-Spam plugin.

      Step 2: Click on «Advanced settings» button at the bottom of the screen. More setting will appear.

      Then find Add a CleanTalk Pixel… field in Data Processing section.

      Step 3: Choose, how exactly Pixel will act:

      • Via direct output – insert Pixel code into HTML from the backend.
      • Via Javascript – insert Pixel code into HTML from the frontend.
      • Auto – insert Pixel code into HTML from the backend if pixel detects a caching plugin (Recommended).
      • Off – Pixel if disabled.

      After that just press the Save Changes button.

      Done! It really is that simple.

      If you have any questions, add a comment and we will be happy to help you.
      Create your Cleantalk account – Register now

      You can see a complete list of CleanTalk Anti-Spam plugin features here.

      WordPress spam protection

    • Access key rotation for Anti-Spam and Security

      Access key rotation for Anti-Spam and Security

      In case your website is connected to CleanTalk it uses a special Access key to exchange information. We have improved its functionality to guarantee you the safest user experience.

      Connect your website to CleanTalk in 5 minutes and forget about spam.

      Improved Access key safety

      Your Anti-Spam and Security Access keys don’t have any expiration date. So don’t worry, you don’t have to do anything about it.

      Access key doesn’t need to be manually renewed except several cases:

      • In case you gave your website access to web developer or a freelancer and it may be compromised.
      • When your website had been hacked.
      • When you expect your CleanTalk access being given or copied to a third party.
      • In case you have any other issues and risks with CleanTalk account access.

      Also you can always change your password or email in CleanTalk dashboard.

      How to update your Access key

      Step 1: Add your website to dashboard using the button below. If your site is already connected to CleanTalk pass to Step 3.

      Step 2: Input your website URL in “Site URL” field.

      Step 3: Click on “Settings” button under your website name.

      Step 4: Go to “Change the Access key”.

      Step 5: Click on “Generate key” to create new safe Access key.

      Step 6: Then Apply the key by pressing the button below.

      Step 7: And just close the window after you are finished.

      Well done! Your new Access key is successfully generated and applied to your website. From now it will be active and if needed, you may change it again to guarantee its safety.

    • New Options: CleanTalk Anti-Flood and Anti-Crawler

      Hello,

      Recently we added new options for SpamFireWall.
      They are Anti-Flood and Anti-Crawler. They are meant to block different bots. Most of the visiting bots are not being shown in the statistics of Google Analytics so you can’t see the exact number of their visits. Nevertheless, bots can create a big load on your website and be a big part of the overall statistics of visits. They can gather various data about your website, links, pictures, text and so on. More aggressive bots can copy your website information to use it later for themselves.

      Anti-Flood and Anti-Crawler options are intended for blocking unwanted bots, content parsing, shop goods prices parsing or aggressive website scanning bots. Web crawling bots such as Google, Bing, MSN, Yandex, Ahrefs are excluded and will not be blocked.

      Anti-Crawler — is designed for blocking any bots (with the exceptions) on your website. The initial visit launches the checking process whether it’s a bot or a human. If the checking fails then visiting the second page will return a blocking screen. The IP address will be added to the blacklist for 10 minutes and when this time period expires the data about that IP address will be deleted.
      This option helps in blocking any parsing and HTTP DDoS attacks.

      Anti-Flood — is designed for preventing any aggressive behavior of bots (with the exceptions). The option checks how many pages were visited by one IP in 1 minute. If the amount of visited pages exceeds the set threshold then that IP will see a blocking screen. The blocking screen is active for 30 seconds and when this time period expires the IP address will be able to visit the website until it exceeds the threshold again.

      By default, the threshold is set to 10 pages per 1 minute. This number was picked based on the statistics. Usually, a normal visitor does not open 10 pages at once, it’s about 3-4 pages so the threshold is set with a margin.
      You can set your own threshold at any time: https://cleantalk.org/help/anti-flood-and-anti-crawler

      Thank you!

    • CleanTalk Web Application FireWall for WordPress Security Plugin

      Hello,

      We are happy to announce CleanTalk Web Application FireWall for WordPress Security Plugin. The main purpose of WAF is to protect the Web application from unauthorized access, even if there are critical vulnerabilities.

      It allows you to protect Web applications from known and unknown attacks. Its use is transparent to all visitors to the website and does not require knowing how is HTTP working and allows very accurate filtering, supports both GET and POST methods, requests to dynamic resources.

      So, hackers use additional HTTP parameters to use vulnerabilities that allow them to get access to a website or prevent changes on your website.

      WAF catches all requests to your website and checks HTTP parameters that include: SQL Injection, Cross Site Scripting (XSS), uploading files from non-authorised users, PHP constructions/code, the presence of malicious code in the downloaded files.

      So, if HTTP request contains these parameters then this request will be blocked. The special page and reason for blocking will show for blocked requests.

      In addition to effective information security and information security applications are required to know what is quality of protection and CleanTalk is logged all blocked requests that allow you to know and analyze accurate information. You can see your Cleantalk Logs in your Control panel. https://cleantalk.org/my/logs_firewall

      CleanTalk Web Application FireWall for WordPress is the proactive defense against known and unknown vulnerabilities to prevent hacks in real-time.

      Learn more, how to set up and test
      https://cleantalk.org/help/security-waf

    • CleanTalk Security for WordPress: More informative log

      We added new parameters in the Security FireWall Log.

      CleanTalk WordPress Security Log shows a list of all the network requests blocked in the course of loading the page. Each request is displayed in its own row.

      All of these requests will have next string:

      -Page URL to which the request was sent.

      Security FireWall blocks all requests from the most active IP addresses where massive spam and brute force attacks come from.
      Security FireWall may significantly reduce the risk of hacking and reduces the load on your web server. All security logs are stored in the cloud for 45 days.

      Your security log is here https://cleantalk.org/my/logs?cp_mode=security

      Notice: Page URL is available starting with plugin version 1.17
      Download the latest version here:
      https://wordpress.org/plugins/security-malware-firewall/

      Don’t hesitate to let us know if you have any questions or comments.

    • Feature update for spam comment management in WordPress

      Feature update for spam comment management in WordPress

      We launched the update for possibilities to manage spam comments.

      The new option “Smart spam comments filter” divides all spam comments into Automated Spam or Manual Spam.

      For each comment, the service calculates probability — was this spam comment sent automatically or was it sent by a human.

      All automatic spam comments will be deleted permanently without going to the WordPress backend except for comments with Stop-Words. Stop-Word comments will be always stored in the “Pending” folder. Both blocked and banned comments can be seen in the Anti-Spam Log.

      To manage the actions with spam comments, go to the Control Panel, select the website you want to change the actions for and go to “Settings” under the name of the website. On the website settings page, select the desirable item from the “SPAM comment action” menu and click “Save” button at the bottom of the page.