Features of the CleanTalk WordPress Security Plugin
Adds a delay of a few seconds for any failed attempt to login to WordPress back-end.
We added the new logic to our WordPress security service. Service will check your security log once per hour and if some IP’s have 10 and more attempts to log in, then these IP’s will be banned for next 24 hours.
It makes your website security tougher and doesn’t waste the server’s resources on these IP’s.
Every day the plugin sends Security report to your email. The report provides data on the number of incorrect password entries and the IP addresses from which the tried to sign in.
Security log keeps online a log of attempts to log in. Security log includes IP/Country/data/time, username and action result, was authorization successful or failed.
Details about Security Log usage are here: https://cleantalk.org/help/Security-Log
Keeps track of actions in the WP Dashboard to let you know what is happening on your blog.
With the Security Audit Log is very easy to see user activity in order to understand what changes have done and who made them.
Security Audit Log shows who logged in and when and how much time they spent on each page.
Security FireWall may significantly reduce the risk of hacking and reduces the load on your web server. Use personal BlackList to block IP addresses with a suspicious activity to enhance the WordPress security.
To enhance the security of your site, you can use the Security FireWall, which allows you to block access to your website by HTTP/HTTPS for individual IP addresses, IP networks and e-mails.
CleanTalk Security is fully compatible with the most popular VPN services. Also, CleanTalk security supports all search engines Google, Bing, Yahoo, Baidu, MSN, Yandex and etc.
Security Firewall instruction is here: https://cleantalk.org/help/Security-Firewall
Possible reasons of blocking by Security Firewall and their descriptions:
- Blacklisted — А visitor’s IP address is in the personal blacklists of your website. Please note that enabling the option “Use CleanTalk database of dangerous IP addresses” will block all IP addresses from the SpamFireWall database (https://cleantalk.org/ru/help/cleantalk-spam-firewall).
- Hazardous network — А visitor’s IP address belongs to a subnet of high spam activity, or to a subnet that cannot have IP addresses of real human visitors. ()
- Blocked by DoS prevention system — DoS activity detected from the visitor's IP address. For example, attempted brute-force search for password.
- Blocked by Web Application Firewall: XSS attack detected — Malicious code has been detected in the GET-requests to your website.
- Blocked by Web Application Firewall: SQL-injection detected — Injection of malicious SQL requests to your website has been detected.
- Blocked by Web Application Firewall: Malicious files upload — The protection has detected malicious files upload.
Security FireWall allows you to block countries and deny access to your website for all IP-addresses of blocked country visitors. You can add countries to the blacklist in your CleanTalk Dashboard.
You can block countries on your Security Firewall page: https://cleantalk.org/help/Security-Firewall
We added this option to our security plugin. Now you can receive notifications if you want to know about an unauthorized entrance to your WP Dashboard.
Notification will be sent only when a user was able to authorize entering login and password. If you are logged into the admin panel from the saved session, then the alert won’t be sent.
You can enable the option "Receive notifications for admin authorizations" in your CleanTalk Dashboard. Choose “Site Security” in the “Services” menu, then click “Settings” under the name of your website:
New option BlackIPs Database — is the database of the most active IP addresses where massive spam and brute force attacks come from. When an IP starts attacking a few websites they are immediately added to the blacklist. IPs that stop attacking are being removed over time and that time is relatively short — usually about 2 weeks.
To use Security FireWall you have to have CleanTalk account.
- Date and time of the visit to your website;
- Spent time on your website;
- Source country;
- Operational System;
- Type of the visitor — Visitor, Search Bot, a different bot, suspicious bot and so on;
- A number of visited pages.
- Block specific IP-address, network or country directly from the interface.
- Block IP-address automatically if the threshold of the average quantity of visited pages was exceeded.
Scans WordPress files for hacked files or hacker code.
Security Malware Scanner runs manually in the settings. All detailed results will send to your CleanTalk Security Dashboard and you will be able to investigate them and see if those were legitimate changes or some bad code was injected.
If any files were changed in your WordPress system you will be able to delete them or restore the original WP files.
Daily Auto Scan
Every day, CleanTalk Malware Scanner will launch scanning automatically for files which have been changed from the last scanning or found new files. The scanner works in the background and doesn't affect performance.
Outbound Links Scanner
This option allows you to let know the number of outgoing links from your website and websites on which they linking to. All websites will be checked by our Database and will show results if they were used as links in spam messages. it allows you to check your website and find hidden links or spam links.
See more information here: https://cleantalk.org/help/security-malware-scanner
Scanning For SQL Injections
What is an SQL injection?
This is an attack on the database that gives access to the intruder to perform some actions that were not planned by the script creator.
SQL injection is one of the most accessible ways to hack a website. Using it, hackers "read" the content of any tables, delete, modify or add information to the database, overwrite the content of local files and give commands to execute arbitrary actions. In other words, they completely intercept the management of the attacked site. The essence of such injections is the introduction of arbitrary SQL code into data (transmitted via GET, POST requests or Cookie values). If a website is vulnerable and performs such injections, then in fact there is an opportunity to create anything from the database (most often it's MySQL).
The CleanTalk Malware Scanner allows you to find such code of SQL injections. It is the problem that the scanner solves.
You can send us suspicious files for analysis. We will analyze these files and show you results.
See more information here: https://cleantalk.org/help/files-analysis
Another way to deal with malicious code is to quarantine files.
How it works is described here: https://cleantalk.org/help/security-quarantine
Proactive defense against known and unknown attacks to prevent hacks in real-time. Protects from Xros Site Scripting (XSS), SQL-injections, uploading files from non-authorised users, PHP constructions/code, the presence of malicious code in the downloaded files.
See more information here: https://cleantalk.org/help/security-waf
Malware Auto-Cure option allows to automatically delete dangerous code of the scanned files.
You can enable two-factor authentication option for your website administrators. This option will improve protection quality. You can read more here.