WordPress: The CleanTalk Anti-Spam Plugin Settings




Settings of the Anti-Spam by CleanTalk plugin are here: WordPress Admin Page —> Settings —> Anti-Spam by CleanTalk

General Options: SpamFireWall, Hide the "Website" field

The list of Advanced Settings:

Forms to Protect: Registration forms, Comments form, Contact forms, Custom contact forms, Test default WordPress search form for spam, Protect external forms, Capture buffer, Protect internal forms

WooCommerce: WooCommerce checkout form, Spam test for registration during checkout, Check anonymous users when they add new items to the cart

Comments and Messages: Disable all comments, Disable comments for all posts, Disable comments for all pages, Disable comments for all media, BuddyPress private messages, Automatically delete spam comments, Remove links from approved comments, Show links to check Emails, IPs for spam, Manage comments on public pages

Data Processing: Protect logged in Users, Don't check trusted user's comments, Use AJAX for JavaScript check, Use static keys for JS check, Check all POST data, Set cookies, Use alternative mechanism for cookies, Use SSL, Use WordPress HTTP API, Use DELETE SQL-command instead TRUNCATE to clear tables, Add a CleanTalk Pixel to improve IP-detection, Check email before POST request, Add a honeypot field

Exclusions: Log excluded requestsURL exclusions, Field name exclusions, Roles which bypass spam test

Admin Bar: Show statistics in admin bar, Show All-time counter, Show 24 hours counter, SpamFireWall counter

SpamFireWall Features: Unique GET optionAnti-Crawler, Anti-Flood

Miscellaneous: Send connection reports, Async JavaScript loading, Allow to add GDPR notice via shortcode, Store visited URLs, Notify users with selected roles about new approved comments, Show Dashboard Widget, Complete deactivation

The details about each option are below.

Trust text, affiliate settings.



General Options


WordPress anti-spam plugin options



This option denies access for spammers and spambots to visit your website. It saves your webserver load time and has a separate blacklist to use.

More information about this option is here: https://cleantalk.org/help/cleantalk-spam-firewall

How to use SpamFireWall Personal lists is here: https://cleantalk.org/help/sfw-blacklist-usage


Hide the "Website" field

The "Website" field is present on the standard WordPress comment forms. It's not a required field so you can hide it. The detailed description is here: https://cleantalk.org/help/how-to-hide-website-field-in-wordpress-comments



Advanced Settings


Forms to Protect


WordPress anti-spam plugin options


Registration forms

Protects your website registration page from spammers and spambots. All popular form plugins are supported, a full list is here:  https://cleantalk.org/help/anti-spam-integrations#registration-forms


Comments form

Checks comments for spam. All popular comment plugins are supported. All popular form plugins are supported, a full list is here:  https://cleantalk.org/help/anti-spam-integrations#wp-contact-form


Contact forms

Checks contact form submissions for spam. All popular form plugins are supported, a full list is here: https://cleantalk.org/help/anti-spam-integrations#wp-contact-form


Custom contact forms

Checks custom contact form submissions (theme built-in contact forms included) for spam. Any custom contact form plugins are supported.

Enable this option if you receive spam from your website form, your test submissions are not being blocked and CleanTalk doesn't show new records in your Anti-Spam Log.

To test your form, use this blacklisted email address: stop_email@example.com.


Test default WordPress search form for spam

Protects default WordPress search form from spammers and spambots.


Protect external forms

Checks form submissions that are being sent to third-party servers (like MailChimp).


Capture buffer

Helps to strengthen protection for external forms. But it could break plugins that use a buffer like Ninja Forms.


Protect internal forms

Checks submissions from custom (handmade) AJAX forms with PHP scripts handlers.





WordPress anti-spam plugin options


WooCommerce checkout form

Protection for WooCommerce checkout form.


Spam test for registration during checkout

Protects registration during the checkout process from spam.


Check anonymous users when they add new items to the cart

Check anyone who added a new item to their shopping cart.



Comments and messages


WordPress anti-spam plugin options


Disable all comments

Disables comments on your website for all types of content.


Disable comments for all posts

Disables comments on your website for articles from the Post section of your WordPress.


Disable comments for all pages

Disables comments on your website for all pages from the Pages section of your WordPress.


Disable comments for all media

Disables comments on your website for all media from the Media section of your WordPress.


BuddyPress private messages

Checks private messages in BuddyPress for spam.


Automatically delete spam comments

Keeps all spam comments in the folder "Spam" for 15 days. Spam comments older than 15 days will be automatically permanently deleted.

The folder is here: WordPress Admin Page —> Comments —> folder "Spam"


Remove links from approved comments

Removes any links from approved comments. Links will be replaced with this line: [Link deleted].

If you don't want your visitors and users to post any links in their comments, then enable this option. All allowed comments will be published without links in the text.


Show links to check Emails, IPs for spam

Adds Sender Info Panel to every comment on your website.   >>> The panel is visible for administrators only!

It allows you to check the email and IP of the comment in the CleanTalk Database, it also allows you to mark the comment as "Spam" or "Not Spam" and send feedback to CleanTalk immediately.

More details about sending feedback to CleanTalk by marking records in your Anti-Spam Log are here: https://cleantalk.org/help/faq#feedback_spam

Every line has a CleanTalk logo for you to know what plugin modified your comment sections.

WordPress anti-spam plugin options


Manage comments on public pages

Allows Administrators to manage comments on public post pages with a small interactive menu.



Data processing


WordPress anti-spam plugin options


Protect logged in users

Checks all registered users' submissions (including administrator if this role doesn't add in the Exclusions) — comments, contact form data, custom form data, and alike.

Don't check trusted user's comments

Checks the first 3 comments from the same user for spam. All subsequent comments from this user will be allowed without any checking.


Use AJAX for JavaScript check

Performs JavaScript checks using AJAX. Enable this option if you are using caching plugins. And disable this option with the option SpamFireWall for your website to be compatible with Accelerated Mobile Pages (AMP).


Use static keys for JS check

Helps to decrease false positives if you are using cache for AJAX requests. Slightly decreases protection quality. Auto - Static key will be used if the caching plugin is spotted.


Check all POST data

Checks every single POST submission that happened on your website. Enable it if you see missed spam and there are no records about missed spam in your Anti-Spam Log.

Attention! Use this option with care. Administrator POST data will be checked too.


Set cookies

Creates cookies on your website front-end. Disable this option if you use Varnish.

Attention! Most contact forms will not be protected by CleanTalk if this option is disabled!

The detailed description is here: https://cleantalk.org/help/set-cookies-option


     • Use alternative mechanism for cookies (Helps to solve cookies issues. Doesn't use cookie or PHP sessions. Collects data for all types of bots.)



Switches CleanTalk plugin to use encrypted (SSL) connection to reach the CleanTalk Cloud.


Use WordPress HTTP API

Helps to solve connection issues to reach the CleanTalk servers.


Use DELETE SQL-command instead TRUNCATE to clear tables

Sometimes SpamFireWall tables could be locked in your website database. Use this option to fix the issue.


Add a CleanTalk pixel to improve IP-detection

Upload a small graphic file from the CleanTalk Cloud to improve IP detection. Details are here: https://blog.cleantalk.org/introducing-cleantalk-pixel/


Check email before POST request

Check email addresses in real-time before your visitors submit any data to your forms.


Add a honeypot field

Option adds a hidden field. Helps if you have some spam slipped through your checkout or register form. Enable this option to improve the Anti-Spam protection.

You can read more here





WordPress anti-spam plugin options


Log excluded requests

The plugin will catch data from the excluded forms without filtration. Enabling this option will show you these requests in the Anti-Spam logs. Details are here: https://cleantalk.org/help/anti-spam-log#excluded-from-spam-filters


URL exclusions

Use this field to exclude any page from spam check. Form submissions from excluded pages won't be checked by the plugin and will be logged with a flag "Excluded from spam filters". The detailed guide is here: https://cleantalk.org/help/exclusion-from-anti-spam-checking#URL_exclusions


Field name exclusions

Use this field to exclude any form's filed from any form on your website from spam check. The detailed guide is here:  https://cleantalk.org/help/exclusion-from-anti-spam-checking#field_excluisons


Roles which bypass spam test

Use this option to exclude any user's roles from spam check. The detailed guide is here: https://cleantalk.org/help/exclusion-from-anti-spam-checking#user_exclusions



Admin bar


WordPress anti-spam plugin options


Show statistics in the admin bar

Enables CleanTalk icon with anti-spam numbers in your website backend. The numbers show statistics since the last counter reset.

A reset button is in the pop-down menu. Hover your mouse pointer over the CleanTalk icon to see the menu.


Show All-time counter

Displays the number of all spam-check requests near the CleanTalk icon since plugin installation.


Show 24 hours counter

Displays the number of all spam-check requests near the CleanTalk icon for the last 24 hours.


SpamFireWall counter

Displays the number of all SpamFireWall check requests near the CleanTalk icon since plugin installation.



SpamFireWall Features


WordPress anti-spam plugin options

Unique GET option

Helps to resolve issues with cache plugins. A unique GET variable will be added to the URL if a visitor was blocked by SpamFireWall.

Example: https://SITE.COM/?sfw=pass1629985735


The plugin shows SpamFireWall blocking screen for any bot, except allowed bots (Google, Yahoo and etc.).

More information about this option is here: https://cleantalk.org/help/anti-flood-and-anti-crawler#anticrawl


This option shows the SpamFireWall blocking screen for bots that are trying to scan your website. All users with a number of requests higher than entered in additional settings for the Anti-Flood option will see a blocking screen.

More information about this option is here: https://cleantalk.org/help/anti-flood-and-anti-crawler#antiflood



Additional settings


WordPress anti-spam plugin options

Send connection reports

Allow the plugin to send the information about your connection with CleanTalk Cloud if there are any issues. The option is in a beta state.


Async JavaScript loading

Use asynchronous loading for scripts. Warning: This could reduce filtration quality.


Allow adding GDPR notice via shortcode

Adds a small checkbox under your website form. To add it you should use the shortcode on the form's page: [cleantalk_gdpr_form id="FORM_ID"].

The shortcode should be inserted via the shortcode block.


Store visited URLs

Plugin stores last 5 visited URLs (HTTP REFFERERS) before a visitor submits a form on the site. You can see stored visited URLs for each visitor in your Dashboard. Turn the option on to improve Anti-Spam protection.


Notify users with selected roles about new approved comments

This option allows to choose users who will receive notifications about new approved comments.


Show Dashboard Widget

Enables CleanTalk widget in the WordPress Dashboard.


Complete deactivation

Leave no trace in the website system after deactivation. After setting this option on and deactivating the plugin all its saved data (an access key, settings, database tables) will be deleted. This option is used when you need to start from scratch.



If you haven't found the answer to your question, please, contact our support team:




Was this information helpful?



Perhaps it would also be interesting