‘WordPress Security by CleanTalk’ Review– Is it Potent Enough to Safeguard you?
WordPress is a very popular open source website creation tool. But this is not only a blogging platform, WordPress is an open source content management system used by millions of people worldwide. It is popular mainly because WordPress is very easy to use and easy to start with. Also, very good support from WordPress itself and different forums are available. According to a research, more than 22.5% of the websites are powered by WordPress in 2017.
Due to its huge popularity and continuous growth as the world’s most used CMS, WordPress is naturally vulnerable to security threats and attacks. WordPress security attacks from the very beginning are handles by WordPress security releases. But there is new type of attacks is coming in the picture every day and everything does not come under WordPress Security Release. Here comes the WordPress Security Plugins.
WordPress Security by CleanTalk is one of the most important security plugins which helps your WordPress site protected and secured from the Brute Force attacks by creating a firewall. Check out what kind of attacks your website may face and how can you secure yourself from these attacks:
Why does a WordPress site is attacked anyway?Why does a WordPress site is attacked anyway?
There is a cut-throat competition in the market in any venture and everyone wants to get the success at the end of the day. Due to the huge pressure, hackers want to access your website to get all the sensitive information, block your access from the site, redirect your users to any other malicious websites, remove or delete your user and all the content from the website or simply use the backlinks from your website. Stealing your backlink information and using it in their website will just improve their page ranks in any search engine.
Most of the popular websites get thousands of attacks every week or even every day.
How does a good security plugin work to prevent a different type of attacks on a WordPress site?
There are several types of security attacks a WordPress website gets every day. A good security plugin applies optimized algorithms to prevent those vulnerabilities and keep the website secure. Following are some form of security threats a WordPress website gets:
1. Malicious Software: After hitting your website, hackers leave some malicious software or script, also known as malware into your website. Your security plugin should scan all the files, contents, data files, database, changes in the DNS, comments or any kind of post to find out the malicious code that could possibly be hidden in the website’s source code, or URL. These malwares are scanned and removed by the WordPress security plugin.
2. Brute Force Attacks: This type of attack is performed using permutation and combination of possible login information. Hackers attempt to log in to the website using thousands of possible username and password combination through automated scripts. Security plugins block the users with the attempt of too many login attempts or clicking on forgot password option. It also prevents WordPress from giving sensitive information like username or password hints etc. or multiple entry point options to the hackers.
3. Zero Day Exploits: There are some obvious vulnerability issues in WordPress websites or any kind of website. Hackers attack those using bots. The security plugins use known algorithms and security firewall for these already published vulnerabilities and stop them.
4. Spear Phishing and Social Engineering: Spear phishing & social engineering are among some techniques through which hackers can crack the most difficult password too. Security plugins provide a two-factor authentication which can neutralize the risk of password cracking. This facility is used by banks, financial institutions or websites with very sensitive data.
5. Rate Based Throttling: This type of attack is the most critical type till date. Hackers overwhelm your website, database, servers and network, all resources using bots or automated scripts. This will prevent your genuine customers from accessing your website and search engine crawlers. Also, script crawlers aggressively crawl the website to overwhelm the website contents and resources. Security plugins provide security through IP blocking. If access request exceeds the accepted threshold of a maximum number of requests from any IP address, security plugin blocks that specific IP address. It also prevents the bot crawlers from aggressive crawling.
6. Country attacks: Hackers using IPs of different countries and networks attack the WordPress websites to find vulnerabilities and overwhelm its resources with aggressive crawling. Security plugins use the same mechanism as rate based throttling, blocks the specific countries from accessing the website.
7. Password Cracking: Security plugins use password auditing to find out the password of your admin account is weak or strong; suggest changing the password or making a rule to change the password monthly etc. This will prevent attackers to use password cracking or brute force attacking using the similar script.
8. Spam Ads: Hackers often use the website they have compromised to post spam ads. These ads include a link to some other malicious website or simply a virus to download. Security Plugins scan your site regularly to check if there is any kind of spam ad that has been posted, identify and remove it.
9. Hacker Reckon: Hackers find vulnerabilities using the information like software version, operating system version, and software installed etc. and security plugin prevents your WordPress website from giving this information anyhow to these hackers.
What is WordPress Security Plugin by CleanTalk?
WordPress Security Plugin by CleanTalk is a premium security plugin for WordPress Site. This is an end to end protection system for a WordPress site which helps to prevent and securing a site from brute force attacks, brute force account counting, blocking IPs and users using a firewall, providing security for WordPress forms and backend filter malicious IPs, networks or countries.
It also sends daily security logs, audit logs and reports through emails to the users so that user can analyze and monitor vulnerabilities to their WordPress Websites.
How to Install Security Plugin by CleanTalk?
Installation of Security Plugin by CleanTalk is very easy both through the automated and manual way. Following are the steps to follow to install WordPress Security by CleanTalk into your WP.
- Go to ‘Plugin’ option at the left panel of your WordPress and click on it.
- Search ‘WordPress Security by CleanTalk’.
- It will show the plugin on the page.
- Click on ‘Install Now’ button.
- Now click on the ‘Activate’ button
- Click on ‘Get access key Automatically’
- This will take you to the ‘Security Log’ page of the plugin.
- Click on ‘Save Changes’ option.
Installation can be done manually too.
- You need to go to ‘https://wordpress.org/plugins/security-malware-firewall/#description’ and click on Download button.
- Zip file with an Installer will be downloaded. Save the installer and login to your site’s WP Admin.
- Click on ‘Add New’ button and then click on ‘Upload Plugin’.
- Select the Zip file from the Dialog Box and click OK.
- The plugin will be installed. Then click on Activate
- The rest of the steps are similar.
Features of WordPress Security Plugin
Brute force attacks
Brute force attacks are very different from cracks or in layman words ‘hacks’. Brute force attackers try to login into the WP admin using the easiest method of login, i.e., the username and password. They use permutations and combinations of common and most possible username and password to try logging in until they are successful. The easiest attack is the weakest link and username like ‘admin’ and password like’12456′.
- Brute force attacks come from different countries and IPs. If you have single access and IP, it is easy to block all the IPs other than your IP using the .htaccess file. But, if you have multiple users, log in from multiple locations, it is very difficult to identify the IP of the attacker and prevent it.
- WordPress Security plugin, blacklists all the IPs and users with too many attempts of login, scripts, failed attempts of forgot passwords. It also prevents WordPress from providing users multiple login points and giving away login information to the hackers. WordPress security plugin blocks or locks out any user who is using an invalid username and password.
- It sends email to the user as soon as a brute attack attempt is done. It also shows the attacker’s IP, location, and country through the email.
Cleantalk Security Log
Along with the plugin, Cleantalk security log is the additional feature which helps the user keep track on the logs for different events performed on their website.
The security log consists of Date, Status, IP, Country and other details for the Admin Login for the user’s website for events like Login, Logout, Invalid Username, Invalid Email, Authentication Failed and Invalid Email. Logs can be filtered for different services like Anti- Spam, Hosting Anti-Spam, Database API, Site Security or SSL Certificates.
Email notifications are very important and must have feature for any security firewall to have. Emails are sent to registered admin user’s email whenever an activity is logged in a WordPress site. WordPress Security by Cleantalk sends email for the following activities:
It sends email to the registered admin user’s email so that the user is aware that an admin login has taken place on his website.
New installation and Signup:
Cleartalk WordPress Security plugin sends a notification to the user’s email when he installs and signs up for the plugin.
Email notification is sent when a user opts to get access key manually.
Daily Security Report:
Daily security Report email notification is sent to admin user which includes information about the SITE Time, Username, IP and Country and a number of brute attacks, failed login and authentication failures have taken place.
CleanTalk Security Firewall
The WordPress Security plugin security firewall works like a fence against the security attacks to a WordPress website. It uses CleanTalk database of bad IP’s and blocks the vulnerabilities from compromised IP’s. Firewall runs even before other codes run including the WordPress site and this prevents the security threats to attack the WordPress site. The firewall shields the site and blocks the threats even before they appear.
And provides the WordPress sites security features like
- Personal Blacklist Management
- Country and IP blocking
- Protection from aggressive users and web crawlers
Traffic Control Analysis
Traffic analysis is one of the important features for any WordPress website, in terms of security and CPU overloading. From which IP, country and location traffic is coming, the users that are online, who is on your page and how much time they have spent, etc. information is easily provided by the WordPress Security Plugin to the admin user.
- Date and Time of the visit to the website
- Visitor’s spent time on the website
- Source Country
- Visitor’s IP Address
- Operating System and version
- Type of the visitor – Person, Bot, Search Bot or suspicious bot, script etc.
- Number of page hits
Cleartalk Traffic control can block the IP addresses from any country or any network from the interface itself. IP addresses will be automatically blocked by the Traffic Control if they exceed the threshold of the average page visit quantity. This helps the monitoring and blocking of the traffic real time.
This is the new feature launched by CleanTalk. BlackIP database is the collection of blocked or blacklisted IP addresses. This database helps to analyze which type of IPs, locations or countries from which the most frequent brute attacks come from. You can also manage the blacklisted IPs from your CleanTalk Dashboard-> “Use CleanTalk Database of Dangerous IP Addresses”. If you want to add an exception to your blacklisted IP addresses, you may add any IP to the whitelist IPs and it will not be blocked.
Generic Tips and Tricks to keep your WordPress website safe:
Other than using CleanTalk’s WordPress Security plugin and its advanced features, you can use these simple tricks to keep your WordPress website safe and secure all time:
- Use email for login other than username. Usernames are easy to predict but hackers can’t easily guess any unique email ID. WordPress use unique email Id as login identifier for each user.
- The default login URL for all the websites are similar. For example: wp-login.PHP, /wp-admin/ etc. You should change them to something your unique and own. This will prevent the hackers to get the admin logged in page’s URL or the dashboard URL.
- Password of a WordPress site should consist capital letters, small letters, numeric and all type of symbols. Generally, an eight character password is considered as a strong password. Make it 16, it will be stronger and permutation and combination will be difficult.
- Secure the WP-Admin directory from getting accessed by hackers.
- SSL should be used to encrypt your sensitive data.
- If your site has multiple admins, add them carefully after thorough scanning.
- Admin username should not be kept as “Admin”.
- Keep backup of your site regularly. You may buy professional services for backup and recovery routine.
- Protect your wp-config.php file from hackers by keeping it one step higher than the root directory.
- If you have multiple admin access, just do not allow the dashboard to be edited, by changing it in the wp-config.php file.
- You should disable the directory listing using .htaccess.
- Update your plugins and themes regularly.
- Do not download or install any theme from an unknown site or provider. You do not know what is written in their code.
- Plugins and WordPress itself should be updated regularly to get all the new security features.
- Last but not the least, take precaution before installing any plugin. You should check the documentation, ratings, and reviews before installing them and that should be from a trusted source.
WordPress Security Plugin by CleanTalk is one of the best world-class security plugins for WordPress which facilitates your WordPress Website an end to end security solution and helps to grow your business without getting the headache of being attacked. CleanTalk’s Security Feature plugin is regularly updated with new features to cope with the new type of attacks and threats and to provide you smooth and flawless security services. Follow the tips and tricks and install a good security plugin will provide all round your WordPress website.