Features of the CleanTalk WordPress Security and Uniforce Security Plugins



CleanTalk provides two separate website security plugins. WordPress Security Plugin and Uniforce Universal Security Plugin.

If your site is developed on WordPress, use only this plugin because it has more advanced functionality.

For all other CMS, CleanTalk has developed a universal Uniforce security plugin for all types of websites to protect against online attacks and website hacking attempts.

We tested the installation and working process of the Uniforce plugin on the following platforms:

  • Joomla 2.5 and 3.0
  • Drupal 7 (brute-force protections are not accessible)
  • Bitrix (brute-force protections are not accessible)

Be careful, some features are only available for WordPress Security Plugin. We are working to add the same functionality to Uniforce.


How to install WordPress Security & FireWall Plugin

How to install Universal Security & FireWall Plugin


* Features marked with * are available for the WordPress Security plugin only.

Brute-force Protection 

Lock logo  Adds a delay of a few seconds for any failed attempt to log in to the WordPress back-end.

  We added the new logic to our WordPress security service. Service will check your security log once per hour and if some IPs have 10 or more attempts to log in, then these IPs will be banned for the next 24 hours.

  It makes your website security tougher and doesn’t waste the server’s resources on these IPs.



Security Report every 24 hours

  Every day the plugin sends a Security report to your email. The report provides data on the number of incorrect password entries and the IP addresses from which they tried to sign in.


Login Attempts and Password Searching Log

  Security log keeps online a log of attempts to log in. Security log includes IP/Country/data/time, username and action result, was authorization successful or failed.

Details about Security (Brute-force) Log usage are here: https://cleantalk.org/help/security-log


User Actions Log (Audit)

  Keeps track of actions in the WP Dashboard to let you know what is happening on your blog.

  With the Security Audit Log, it is very easy to see user activity in order to understand what changes have been made and who made them.

  Security Log shows who logged in and when and how much time they spent on each page. Information is available on the Security Log tab in the plugin's settings and in the Security (Brute-force) Log in CleanTalk Dashboard.

Details about Security (Brute-force) Log usage are here: https://cleantalk.org/help/security-log


Blocking access to your website by IP (Black & White Lists)

Firewall logoSecurity FireWall for WordPress websites is a tool that helps protect your website from hacking and other cyber attacks. In today’s world, hackers can attack websites using a variety of tools and methods. The CleanTalk Security FireWall blocks malicious attacks such as SQL injections, malware scripts, and more. 

Security FireWall includes the CleanTalk Database of Dangerous IP Addresses, Web Application FireWall, and personal BlackList to block IP addresses with suspicious activity to enhance WordPress security.  

To enhance the security of your site, you can use the Security FireWall, which allows you to block access to your website by HTTP/HTTPS for individual IP addresses and IP networks.

CleanTalk Security is fully compatible with the most popular VPN services. Also, CleanTalk security supports all search engines Google, Bing, Yahoo, Baidu, MSN, Yandex etc.

 Security FireWall instruction is here: https://cleantalk.org/help/security-firewall


Possible reasons for blocking by Security FireWall and their descriptions:

 - Deny — А visitor’s IP address is blacklisted by a common CleanTalk list or by the personal blacklists of your website. 

 - Deny by network — А visitor’s IP address belongs to a subnet of high spam activity, or to a subnet that cannot have IP addresses of real human visitors.

 - Deny by DDoS — DoS activity detected from the visitor's IP address. The visitor has exceeded the number of allowed requests set by Traffic control.

 - Deny by WAF — Malicious code has been detected in the GET-requests to your website (XSS attack), injection of malicious SQL requests to your website has been detected (SQL-injection attack), exploit detected, malicious files upload detected.

 - Attacks to hack admin access — brute-force on login page detected.

 - BlackListed by hacking attempts —  hacking attempts detected.

 - BlackListed by suspicious activity —  suspicious activity detected.


Blocking access to your website by countries

Earth Shield logo  Security FireWall allows you to block countries and deny access to your website for all IP addresses of blocked country visitors. You can add countries to the blacklist in your CleanTalk Dashboard.

  You can block countries on your Security FireWall page: https://cleantalk.org/help/security-firewall



Notifications of administrator users' authorizations to your website backend

  We added this option to our security plugin. Now you can receive notifications if you want to know about an unauthorized entrance to your WP Dashboard.

  Notification will be sent only when a user is able to authorize entering login and password. If you are logged into the admin panel from the saved session, then the alert won’t be sent.

  You can enable the option "Receive notifications for admin authorizations" in your CleanTalk Dashboard. Choose “Site Security” in the “Services” menu, then click “Settings” under the name of your website:

Site Security settings


Site Security options



Usage of the CleanTalk Database of Dangerous IP Addresses

Use the CleanTalk database of dangerous IP addresses — this option connects the database of the most active IP addresses where massive spam and brute force attacks come from. When an IP starts attacking a few websites they are immediately added to the blacklist. IPs that stop attacking are being removed over time and that time is relatively short — usually about 2 weeks.


Security service settings


If the option is disabled, Security FireWall uses only personal lists.

To use Security FireWall, you must have a CleanTalk account.


Security Traffic Control

Traffic logoCleanTalk Security Traffic Control will track every single visitor no matter if they are using JavaScript or not and provides many valuable traffic parameters such as:

  • Date and time of the visit to your website;
  • Spent time on your website;
  • IP-addresses;
  • Source country;
  • Browser;
  • Operational System;
  • Type of the visitor — Visitor, Search Bot, a different bot, suspicious bot, and so on;
  • A number of visited pages.



  • Block a specific IP address, network, or country directly from the interface.
  • Blocks an IP address automatically if the threshold of the average quantity of visited pages is exceeded.


Malware Scanner

Scans WordPress files for hacked files or hacker code.

Security Malware Scanner runs manually in the settings. All detailed results will be sent to your CleanTalk Security Dashboard and you will be able to investigate them and see if those were legitimate changes or if some bad code was injected.

If any files were changed in your WordPress system you will be able to delete them or restore the original WP files.


Daily Auto Scan

Every day, CleanTalk Malware Scanner will launch scanning automatically for files that have been changed from the last scanning or found new files.
The scanner works in the background and doesn't affect performance.  


Outbound Links Scanner

This option allows you to know the number of outgoing links from your website and the websites they link to. All websites will be checked by our Database and will show results if they were used as links in spam messages. it allows you to check your website and find hidden links or spam links.

See more information here: https://cleantalk.org/help/security-malware-scanner


Scanning For SQL Injections

What is an SQL injection?

This is an attack on the database that gives access to the intruder to perform some actions that were not planned by the script creator.

SQL injection is one of the most accessible ways to hack a website. Using it, hackers "read" the content of any tables, delete, modify, or add information to the database, overwrite the content of local files, and give commands to execute arbitrary actions. In other words, they completely intercept the management of the attacked site.
The essence of such injections is the introduction of arbitrary SQL code into data (transmitted via GET, POST requests, or Cookie values). If a website is vulnerable and performs such injections, then, in fact, there is an opportunity to create anything from the database (most often it's MySQL).

The CleanTalk Malware Scanner allows you to find such a code of SQL injections. It is the problem that the scanner solves.


Files Analysis

You can send us suspicious files for analysis. We will analyze these files and show you the results.

See more information here: https://cleantalk.org/help/files-analysis


Quarantine Option

Another way to deal with malicious code is to quarantine files.

How it works is described here: https://cleantalk.org/help/security-quarantine


Web Application FireWall

Proactive defense against known and unknown attacks to prevent hacks in real time. Protects from Xros Site Scripting (XSS), SQL-injections, uploading files from non-authorized users, PHP constructions/code, presence of malicious code in the downloaded files, and checking plugins and themes while uploading as well.

See more information here: https://cleantalk.org/help/security-waf


Backend PHP logs

With the Collect and send PHP logs option enabled you can see your backend PHP logs in the CleanTalk Dashboard. You can read more here.


Malware Auto-Cure

The Malware Auto-Cure option allows you to automatically delete dangerous code from the scanned files.


2FA: Two-Factor Authentication

You can enable the Two-factor authentication option for your website administrators. This option will improve the protection quality. You can read more here.


Change the URL of the wp-login page

This option helps you change the default wp-login URL. It will protect your websites from automated brute-force attacks.

This option does not change files and does not rewrite URLs in system files. To return the address of the default authorization page, it is enough to disable the option in the plugin settings or set a new value. You can read more here.


Change WordPress security keys and salts

The option updates the secret keys and salts. All users will need to log in again.

WordPress secret keys and salts are a random set of symbols that are being used in encrypting the usernames and passwords that are being stored in the browser cookies. If the site has been hacked, all data on the site can be considered compromised. One of the first important recommendations is to change all passwords and security keys. If hackers have the security keys, they can regain access to the site even if the passwords have been changed. It is very important to change each security key along with the passwords when the malicious code is removed. You can read more here.


File System Watcher

This feature runs file system snapshots and allows you to control which of your site files has been changed between selected dates.

See more information here: https://cleantalk.org/file-system-watcher


Important File Monitoring

Monitoring of the individual most important files of the site.


How to install WordPress Security & FireWall Plugin

How to install Universal Security & FireWall Plugin



Was this information helpful?

It would also be interesting

Copied to clipboard