Plugin / Security & Malware scan by CleanTalk

CleanTalk Security
Download from WordPress

Frequently Asked Questions (FAQ)

Hackers want to get access to your website and use it to get backlinks from your site to improve their site’s PageRank or redirect your visitors to malicious sites or use your website to send spam and viruses or other attacks.These attacks can damage your reputation with readers and commentators if you fail to tackle it. It is not uncommon for some WordPress websites to receive hundreds or even thousands of attacks every week. However, by using the Security CleanTalk plugin, all attacks will be stopped on your WordPress website.
Installing the plugin is very simple and does not require much time or special knowledge. Manual installation Download latest version on your computer’s hard drive, https://downloads.wordpress.org/plugin/security-malware-firewall.zip Go to your WordPress Dashboard->Plugins->Add New->Upload CleanTalk zip file. Click Install Now and Activate. After activated, go to plugin settings. Then you will need to create an API key, this is done automatically for you. Just click on “Get access key automatically” Installation completed successfully. Installation from wordpress.org directory Navigate to Plugins Menu option in your WordPress administration panel and click the button “Add New”. Type CleanTalk in the Search box, and click Search plugins. When the results are displayed, click Install Now. Select Install Now. Then choose to Activate the plugin. After activated, go to plugin settings. Then you will need to create an API key, this is done automatically for you. Just click on “Get access key automatically” Installation completed successfully.
Please use the wrong username or password to log-in to your WP admin panel to see how the Security Plugin works. Then you may log-in with your correct account name and see the logs for the last actions in the settings or our plugin. Also, Audit Log will display the last visited URL’s of the current user.
Yes, the plugin is compatible with WordPress MultiUser.
Go to your CleanTalk account->Log. Use filters to sort data for analyses. Security logs provide you to receive and keep information for 45 days. You have the following possibilities: 1. Time period for all records you want to see. Website for which you want to see security records. Leave the field empty to see security records for all websites. Choose an event you want to see: Authorization Login — all successful logins to your website. Authorization Logout — all closed sessions. Authorization Invalid username — login attempts with not existing username. Authorization Auth failed — wrong password login attempts. Audit View — records of actions and events of users in your website backend. Searching records by IP address. Searching records by country. There are date and time of events for each record, username who performed an action and his IP (country) address. How to use Security Log https://cleantalk.org/help/Security-Log
Yes, it is possible. Go to your CleanTalk account->Change email https://cleantalk.org/my/change-email
Access Key allows you to keep statistics up to 45 days in the cloud and different additional settings and has more possibilities to sort the data and analyses. Our plugin evolves to Cloud Technology and all its logs are transferred to Cloud. Cloud Service takes data processing and data storage and allows to reduce your webserver load.
First go to your Security Dashboard. Choose “Site Security” in the “Services” menu. Then go to your Security Log. You have the following possibilities: Time period for all records you want to see. Website for which you want to see security records. Leave the field empty to see security records for all websites. Choose an event you want to see: Authorization Login — all successful logins to your website. Authorization Logout — all closed sessions. Authorization Invalid username — login attempts with not existing username. Authorization Auth failed — wrong password login attempts. Audit View — records of actions and events of users in your website backend. Searching records by IP address. Searching records by username. Searching records by country. List of records. Each record has the following columns: Date — when the event happened. User Log — who performed actions. Event — what did he do. Status — was he Passed or Banned. IP — his IP address. Country — what country that IP belongs to. Details — some details if they are available. Please, read more https://cleantalk.org/help/Security-Log If you wish to block some countries from visiting your website, please, use this instruction: https://cleantalk.org/help/Security-Firewall
First go to your Security Dashboard. Choose “Site Security” in the “Services” menu. Then press the line “Black&White Lists” under the name of your website. You can add records of different types to your black list or white list: IP-Addresses (For example 10.150.20.250, 10.10.10.10) Subnets (For example 10.150.20.250/24, 10.10.10.10/8) Countries. Click the line “Add a country” to blacklist or whitelist all IP-addresses of the chosen countries. The records can be added one by one or all at once using separators: comma, semicolon, space, tab or new line. After filling the field press the button “Whitelist” or “Blacklist”. All added records will be displayed in your list below. Please note, all changes will be applied in 5-10 minutes. Please, read full instruction here https://cleantalk.org/help/Security-Firewall
Open another browser or enter the incognito mode. Type address YOUR_WEBSITE/?security_test_ip=ANY_IP_FROM_BLACK_LIST 2.1 Address 10.10.10.10 is local address and it’s in blacklist constantly. So address YOUR_WEBSITE/?security_test_ip=10.10.10.10 will works everytime. Make sure that you saw page with the blocking message. FireWall works properly, if it is not, see item 4 of the list.
Malware scanner will check and compare with the original WP files and show you what files were changed, deleted or added. Malware scanner could be used to find an added code in WP files. On your Malware Security Log page, you will see the list of all scans that were performed for your website. The CleanTalk Cloud saves the list of the found files for you to know where to look them for.
At the moment malware scanner may be started one time per day and manually. To start malware scanner go to the WordPress Admin Page —> Settings —> Security by CleanTalk —> “Malware Scanner” tab —> Perform Scan. Give the Malware Scanner some time to check all necessary files on your website.
The plugin is free. But the plugin uses CleanTalk cloud security service. You have to register an account and then you will receive a free trial to test. When the trial (on CleanTalk account) is finished, you can renew the subscription for 1 year or deactivate the Security by CleanTalk plugin. If you haven’t got access key, the plugin will work and you will have logs only on the plugin settings page for last 20 requests.
The plugin will fully perform its functions after the end of the trial period and will protect your website from brute force attacks and will keep Action Log in your WP Dashboard, but the number of entries in the log will be limited to the last 20 entries/24 hours. Also, you will receive a short daily security report to your email. Premium version allows to storage all logs for 45 days in the CleanTalk Dashboard for further analysis.
Do you want to receive a notice each time a user with administrator rights is logged into the WP Dashboard? We added this option to our security plugin. Now you can receive notifications if you want to know about an unauthorized entrance to your WP Dashboard. Notification will be sent only when a user was able to authorize entering login and password. If you are logged into the admin panel from the saved session, then the alert won’t be sent. You can enable the option “Receive notifications for admin authorizations in your CleanTalk Dashboard. Choose “Site Security” in the “Services” menu, then click “Settings”.
Security FireWall can mitigate HTTP/HTTPS DDoS attacks. When an intruder makes GET requests to attack your website, Security FireWall blocks all requests from bad IP addresses. If your website under DDoS attack you will be able to add IPs to your personal BlackList to block all Post and GET requests.
Brute force attack is an exhaustive password search to get full access to an Administrator account. Passwords are not the hard part for hackers taking into account the quantity of sent password variants per second and the big amount of IP-addresses. Brute force attack is one of the most security issues as an intruder gets full access to your website and can change your code. Consequences of these break-ins might be grievous, your website could be added to the [botnet] and it could participate in attacks to other websites, it could be used to keep hidden links or automatic redirection to a suspicious website. Consequences for your website reputation might be very grievous.

Ratings

4.6
56 reviews

Rating breakdown

Details Information

Version

2.39

First Released

26 Nov, 2017

Total Downloads

137,947

Wordpress Version

3.0 or higher

Tested up to:

5.3

Require PHP Version:

5.4 or higher

Tags

Brute Force limit login attempts malware security wordpress security

Contributors

Denis Shagy Aleksandrrazor Artyom Davydov security24

Languages

English (US) Russian

DIRECTORY DISCLAIMER

The information provided in this THEME/PLUGIN DIRECTORY is made available for information purposes only, and intended to serve as a resource to enable visitors to select a relevant theme or plugin. wpSocket gives no warranty of any kind, express or implied with regard to the information, including without limitation any warranty that the particular theme or plugin that you select is qualified on your situation.

The information in the individual theme or plugin displayed in the Directory is provided by the owners and contributors themselves. wpSocket gives no warranty as to the accuracy of the information and will not be liable to you for any loss or damage suffered by you as a consequence of your reliance on the information.

Links to respective sites are offered to assist in accessing additional information. The links may be outdated or broken. Connect to outside sites at your own risk. The Theme/Plugin Directory does not endorse the content or accuracy of any listing or external website.

While information is made available, no guarantee is given that the details provided are correct, complete or up-to-date.

wpSocket is not related to the theme or plugin, and also not responsible and expressly disclaims all liability for, damages of any kind, arising out of the use, reference to, or reliance on, any information or business listed throughout our site.

Keep Leading Your Followers!
Share it for them.