The CleanTalk Security Service FAQ


Getting prepared


Working with Security


How can you test the CleanTalk Security Plugin?

Please, use the wrong username or password to log in to your WP Admin Panel to see how the Security Plugin works. Then log in with your correct account name and see the Security Logs of the last actions on the plugin's settings page. Also, the Audit Log will display the last visited URLs of the current user.

  1. Make a fake attempt to log in to your website with the wrong admin username or password.
  2. Go to your Security Dashboard -> Click the link "settings" below the URL of website -> Click the link "Testing Security FireWall"
  3. You will see your actions in the Security Plugin Log in your WordPress Admin Panel.
  4. When anyone logs in to your website as an administrator, you will receive email notifications about it.

Alternative way to check Security FireWall: use test URL link like this:"MD5_HASH_FROM_YOUR_ACCESS_KEY"&spbct_test_ip=

To get MD5 hash from your Access key, please use this tool:

Your attempts will be shown in both of your Security Logs: on the plugin's settings page and in the CleanTalk Security Dashboard.

The plugin sends the log to your CleanTalk Dashboard once per hour but if you re-save plugin settings, the log will be sent immediately.


Is the plugin compatible with WordPress MultiSite (WPMS or WordPress Network)?

Yes, the plugin is compatible with WordPress MultiSite.


Is it free or paid?

The plugin is free.

But the plugin uses the CleanTalk Cloud Security Service. You have to register an account and then you will receive a free trial to test. When the trial (on the CleanTalk account) is finished, you can renew the subscription for 1 year or deactivate the Security Plugin. If you haven’t got Access key, the plugin will still work and you will have logs only on the plugin's settings page for the last 20 actions.


Is there any auto-payment or auto-extension service?

Yes, auto-payments are available for Security annual subscription [

You can enable auto-payments at the moment of purchasing/renewal subscriptions only, use the page “Billing”:

You can disable auto-payments anytime with the appropriate link on the page “Payments/Invoice”:

 Aoutpaymenst bill photo


Keep in mind that you can change your preferred method of payments in your PayPal account. Do the following:

 • Go to the Summary page of your PayPal account. Click the three vertical dots next to your "PayPal balance" title and choose "Manage currencies".

 • Then choose a payment method you want and click "Set as preferred". See the screenshots below for clarification.

PayPal manage currencies balance summary

PayPal payment methods preferred

More details are here:

 • What payment methods can I use with PayPal?

 • How do I change my payment method during checkout?


How to control security activities on your website?

Go to your CleanTalk Profile —> Log. Use filters to sort data for analysis.

The details are here:


Is it possible to set a custom e-mail for notifications?

Yes, it is possible. Go to your CleanTalk Profile —> Change Email:


How to enable e-mail notifications when administrators log in?

Do you want to receive a notice each time a user with administrator rights logs into your WP Dashboard? We added this option. Now you can receive notifications if you want to know about an unauthorized entrance to your WP Dashboard.

Notification will be sent only when a user was able to authorize entering the correct login and password. If you are logged into the admin panel from the saved session the alert won’t be sent.

You can enable this option in your CleanTalk Dashboard:

  1. Log in to your CleanTalk Profile and switch to your Security Dashboard. Direct link —
  2. Click “Settings” under the name of your website.
  3. Enable the option "Receive notifications for admin authorizations in site backend".
  4. Click the button "Update".


Why do you need Access key?

Access key allows you to keep statistics up to 45 days in the CleanTalk Cloud, to get other additional settings and to have more possibilities to sort the data for analysis. Our plugin evolves to Cloud Technology and all its logs are transferred to the CleanTalk Cloud. Cloud Service takes data processing, data storage, and allows you to reduce your webserver load.


What happens after the end of the trial period?

The plugin will be fully functional after the end of the trial period, will be protecting your website from brute-force attacks, and will keep Action Log in your WP Dashboard, but the number of entries in the log will be limited to the last 20 entries/24 hours. Also, you will be receiving a short version of the Daily Security Report to your email instead of a full one.

Premium version allows you to store all logs for 45 days in your CleanTalk Dashboard.


How to use Security Log?

Please, read the guide here:


How to use Security FireWall Log?

Please, read the guide here:


How to use Security Firewall?

Please, read the guide here:


What is Traffic Control and how to use it?

CleanTalk Security Traffic Control tracks every single visitor in real-time no matter if they are using JavaScript or not providing many valuable traffic parameters such as:

  • Date and time of the visit to your website;
  • Spent time on your website;
  • IP-addresses;
  • Source country;
  • Browser;
  • Operational System;
  • Type of the visitor — Visitor, Search Bot, different bot, suspicious bot, and so on;
  • The number of visited pages.

This option can block IP-address automatically if the threshold of the average quantity of visited pages was exceeded.

To enable this option, please, do the following:

  1. Go to your WordPress Administrator Panel —> Settings —> Security by CleanTalk.
  2. Go to the tab General Settings.
  3. Enable the option "Traffic Control" and click the button "Save Changes".
  4. Go to the tab "Firewall", the tooltip above the table should say "Traffic Control is active". Now you will see the list of all your visitors in the Firewall table.


What is the Outbound links scanner and how to use it?

This option allows you to let know the number of outgoing links from your website and websites on which they linking to. All websites will be checked by our Database and will show results if they were used as links in spam messages. It allows you to check your website and find hidden links or spam links.

To enable this option, please, do the following:

  1. Go to your WordPress Administrator Panel —> Settings —> Security by CleanTalk.
  2. Go to the tab General Settings.
  3. Enable the option "Scan links" and click the button "Save Changes".


How to bypass a CleanTalk Blocking Screen if I'm the website owner?

You as a website owner or as a website administrator could see a CleanTalk Blocking Screen after installing and activating the CleanTalk Security Plugin. Possible reasons could be:

  • You or anybody else with the same IP-address tried to log in to your website backend and failed to do that more than 10 times in a row. That will trigger automatic blacklisting of your IP for 24-48 hours.
  • You use the IP-address from a very spam active subnet or Autonomous System (AS).
  • You or anybody else who has access to your CleanTalk Control Panel added your IP to your Black List by accident or on purpose.


To regain access to your website backend, please, do the following:

1) Delete the plugin's folder "security-malware-firewall". Perform these steps:

  1. Log in to your Hosting Account.
  2. Locate the folder of your website.
  3. Delete the Security Plugin's folder here: /wp-content/plugins/security-malware-firewall
  4. Refresh your website login page, the blocking screen should disappear.


2) Use special parameter "/?access=AUTH_KEY". Perform these steps:

  1. Go to your main website page.
  2. Add the parameter with your Security Access key to your website address. Example:
  3. You can see your Security Access key (i.e. API Key) here in your CleanTalk Control Panel:
  4. After that, you will have full access to your website for 20 minutes.

Please, whitelist your IP or delete it from your Black List (for your Security License) and press the button "Save Changes" in the settings of the CleanTalk Security Plugin. The changes in your website will be applied in 5 minutes.

If you still have problems with regaining access to your website, please, contact us by creating a private support ticket:


Where can I get the list of cookies that the Security plugin uses?

The list of the cookies that the plugin uses you can find on this special page.


You can download Security & Firewall by CleanTalk here:


My SecFireWall IP database is not updated. Why?

We use remote calls to the plugins to quickly update the plugin's firewall base. Calls come from CleanTalk servers and Calls look like:




requested the following type of files:



Please make sure that these calls are not blocked by any security software like ModSecurity or any restrictions in the ".htaccess" file. In case if you need the actual IP database right now you can re-save the plugin's settings in your website Admin Panel. Also, the database will be updated once a 24h automatically by a –°RON job. 


If you haven't found the answer to your question, please, contact our support team:


Renewed the license recently, but still receiving renewal notifications.

  1. CleanTalk provides two services: Anti-Spam and WordPress Security & FireWall. Probably, you have obtained the Anti-Spam license as a gift from CleanTalk. Check what exact service sends these notifications and use this guide to renew the correct license.
  2. Check if you have more than one CleanTalk account. To merge accounts, please contact us.



Was this information helpful?



Perhaps it would also be interesting