Features of the CleanTalk Security Plugin

• How to install WordPress Security & FireWall Plugin

Brute-force Protection 

This feature adds a short delay after failed login attempts to the WordPress dashboard. If an IP address exceeds a set number of failed attempts within a specified timeframe, it is automatically blocked. This approach hardens your site's security without consuming excessive server resources.

Security Report every 24 hours

Receive daily automated security reports via email. Each report summarizes the number of incorrect password attempts and lists the specific IP addresses involved.

Login Attempts and Password Searching Log

The Security Log provides real-time monitoring of all authentication attempts. It records the IP address, country, date/time, username, and the outcome (success or failure). For more details, visit our Security Log Guide.

User Actions Log (Audit)

Track every action within the WordPress Dashboard to understand what changes were made and by whom. The Audit Log records who logged in, when, and how much time they spent on specific pages. This information is available in the Security Log tab in the plugin settings and the CleanTalk Dashboard.

Blocking access to your website by IP (CleanTalk Personal Lists)

CleanTalk Security Firewall for WordPress is a comprehensive tool designed to protect your website from hacking and various cyber threats. In an era when attackers use a wide array of sophisticated methods, CleanTalk blocks malicious activity, including SQL injections, malware scripts, and more.

To maximize your WordPress security, the Security FireWall integrates the CleanTalk Database of Known Malicious IPs, a Web Application Firewall (WAF), and Personal Blacklists. This allows you to block suspicious activity at the network level and restrict access via HTTP/HTTPS for specific IP addresses or entire subnets.

CleanTalk Security is fully compatible with popular VPN services and ensures that legitimate search engines (such as Google, Bing, Yahoo, Baidu, MSN, etc.) are never blocked.

For detailed setup instructions, visit: https://cleantalk.org/help/security-firewall

Security Firewall Blocking Reasons:

• Denied — The visitor's IP address is found in the global CleanTalk database or your personal blacklist.
• Denied by Network — The IP belongs to a subnet associated with high spam activity or one that does not host real human traffic.
• Denied by DDoS — DoS activity detected. The visitor exceeded the request limit defined in Traffic Control.
• Denied by WAF — Malicious code (XSS), SQL injection attempts, exploits, or unauthorized file uploads were detected in GET requests.
• Admin Access Hack Attempt — Brute-force activity detected on the login page.
• Blacklisted (Hacking Attempts) — Direct hacking attempts were identified.
• Blacklisted (Suspicious Activity) — The IP has been flagged for general suspicious behavior.

Country-Based Access Control

The Security Firewall allows you to block entire countries, denying access to all visitors originating from blacklisted regions. You can manage your country blacklist directly via the CleanTalk Dashboard.

Configure your country blocking settings here: https://cleantalk.org/help/security-firewall

Admin Login Notifications

A security feature that notifies you of successful logins to your Administrator WordPress dashboard. This is a vital tool for monitoring admin access and detecting unauthorized entry.

Notifications are triggered only during a fresh login (when credentials are entered). To avoid cluttering your inbox, alerts will not be sent for existing, saved sessions.

How to enable:

Go to your CleanTalk Dashboard, select 'Site Security' from the 'Services' menu, and click 'Settings' under your website's name. Look for the 'You will receive an email notification when you login with super user rights from a new device. The last 3 devices are remembered.' option.

Usage of the CleanTalk Database of Dangerous IP Addresses

Enable this feature to sync with the CleanTalk global database, which tracks the most active sources of spam and brute-force attacks. Our system utilizes a dynamic blacklisting approach: IPs are added instantly upon detecting an attack on multiple websites. To maintain accuracy, IPs are automatically delisted after approximately two weeks of inactivity.

Note: If the option is disabled, Security Firewall uses only personal lists.

Security Traffic Control

 
CleanTalk Security Traffic Control monitors every visitor, regardless of whether JavaScript is enabled. It provides a comprehensive set of traffic data, including:

• Date and Time of each visit.
• Time spent on your website.
• IP addresses and source country.
• Browser and Operating System.
• Identifies Humans, Search Bots, known bots, suspicious bots, and more.
• Total number of pages visited.

Key Capabilities:

• Instantly block specific IP addresses, networks, or entire countries directly from the interface.
• Automatically blocks IP addresses if they exceed a set threshold for page requests (Average Quantity of Visited Pages).

Please note: A single session may generate multiple entries. The system captures not only the initial page load but also all subsequent background requests (e.g., AJAX). This provides a complete picture of all incoming traffic, helping you identify abnormal activity or potential DoS attacks.

Malware Scanner

Scans WordPress files for hacked files or hacker code.

Security Malware Scanner runs manually in the settings. All detailed results will be sent to your CleanTalk Security Dashboard, and you will be able to investigate them and see if those were legitimate changes or if some bad code was injected.

If any files were changed in your WordPress system, you will be able to delete them or restore the original WP files. In addition, our security experts deliver professional malware removal for WordPress and other website platforms.

Daily Auto Scan

Every day, CleanTalk Malware Scanner will launch scanning automatically for files that have been changed from the last scanning or found new files.
The scanner works in the background and doesn't affect performance.  

Outbound Links Scanner

This option allows you to know the number of outgoing links from your website and the websites they link to. All websites will be checked by our Database and will show results if they were used as links in spam messages. it allows you to check your website and find hidden links or spam links.

See more information here: https://cleantalk.org/help/security-malware-scanner

Scanning For SQL Injections

What is an SQL injection?

This is an attack on the database that gives access to the intruder to perform some actions that were not planned by the script creator.

SQL injection is one of the most accessible ways to hack a website. Using it, hackers "read" the content of any tables, delete, modify, or add information to the database, overwrite the content of local files, and give commands to execute arbitrary actions. In other words, they completely intercept the management of the attacked site.
The essence of such injections is the introduction of arbitrary SQL code into data (transmitted via GET, POST requests, or Cookie values). If a website is vulnerable and performs such injections, then, in fact, there is an opportunity to create anything from the database (most often it's MySQL).

The CleanTalk Malware Scanner allows you to find such code of SQL injections. It is the problem that the scanner solves.

Files Analysis

You can send us suspicious files for analysis. We will analyze these files and show you the results.

See more information here: https://cleantalk.org/help/files-analysis

Quarantine Option

Another way to deal with malicious code is to quarantine files.

How it works is described here: https://cleantalk.org/help/security-quarantine

Web Application FireWall

Proactive defense against known and unknown attacks to prevent hacks in real time. Protects from Xros Site Scripting (XSS), SQL-injections, uploading files from non-authorized users, PHP constructions/code, presence of malicious code in the downloaded files, and checking plugins and themes while uploading as well.

See more information here: https://cleantalk.org/help/security-waf

Backend PHP logs

With the Collect and send PHP logs option enabled, you can see your backend PHP logs in the CleanTalk Dashboard. You can read more here.

Malware Auto-Cure

The Malware Auto-Cure option allows you to automatically delete dangerous code from the scanned files.

2FA: Two-Factor Authentication

You can enable the Two-factor authentication option for your website administrators. This option will improve the protection quality. You can read more here.

Change the URL of the wp-login page

This option helps you change the default WP-Login URL. It will protect your websites from automated brute-force attacks.

This option does not change files and does not rewrite URLs in system files. To return the address of the default authorization page, it is enough to disable the option in the plugin settings or set a new value. You can read more here.

Change WordPress security keys and salts

The option updates the secret keys and salts. All users will need to log in again.

WordPress secret keys and salts are a random set of symbols that are used in encrypting the usernames and passwords that are being stored in the browser cookies. If the site has been hacked, all data on the site can be considered compromised. One of the first important recommendations is to change all passwords and security keys. If hackers have the security keys, they can regain access to the site even if the passwords have been changed. It is very important to change each security key along with the passwords when the malicious code is removed. You can read more here.

File System Watcher

This feature runs file system snapshots and allows you to control which of your site files has been changed between selected dates.

See more information here: https://cleantalk.org/file-system-watcher

Important File Monitoring

Monitoring of the most important files of the site.

Disable File Editor

This feature protects your site from remote code execution (RCE).

See more information here: https://cleantalk.org/disable-file-editor