Titan Anti-spam & Security Plugin
Anti-spam, Site Security Check & Malware Scanner.
Titan includes anti-spam, firewall, malware scanner, site accessibility checking, security and threats audits for WordPress websites. Our security functions provide Titan with the latest firewall rules, malware signatures, and database of malicious IP addresses – all you need to ensure the security of your website.
Titan is a comprehensive WordPress security solution, completed by a set of additional features as add-ons, which was placed into a simple and intuitive interface.
Why did we update Anti-Spam and what is Titan?
Let me tell you before we start: your favorite Anti-Spam had not disappeared! Instead of that it revived and became stronger to stand guard over the secure of your site!
The latest update of Anti-Spam is called Titan Anti-spam & Security and represents the brand new version of a plugin.
Why TITAN?
We aim to create a plugin as reliable as this metal – and easy-to-use at the same time. The new name of our plugin sets the pace with newest and highest standards of quality.
What has been changed except the name?
Whilst the process of modernization we had to take some complicated decisions. One of them was:
What should we do: keep Anti-Spam like a simple plugin with the only one function or complicate it with a huge complex of tools made for the security of your site?
Constant feedback from users and versatile development experience lets us claim that the situation when there is too many tools couldn’t exist!
We considered all possibilities thoroughly to secure the best future for the plugin.
Let me introduce new secure functionality that was developed with spending a lot of time, effort and consideration:
Features
ANTI-SPAM
ANTI-SPAM CHECKS YOUR COMMENTS THROUGH OUR GLOBAL SPAM DATABASE, THEN A SELF-LEARNING NEURAL NETWORK RE-CHECKS UNFILTERED COMMENTS, TO PREVENT YOUR SITE FROM PUBLISHING MALICIOUS CONTENT.
- No captcha.
- We have created algorithms to ensure reliability and accuracy against spam bots. It will save your time and resources, allowing you to focus on developing and improving your website and business. Antispam provides logs of all the processed requests that allows you to check the spam filters results. Regular analysis of parameters allows you to find new spam behavior patterns.
- A comment posted by a user appears on the site right away. The background check marks spam comments as spam and hides them on a site. This helps to improve user experience and increase engagement.
- [PRO] Checking the already existing comments and users for spam.
- [PRO] We provide 24/7 technical support.
- [PRO] To identify and block spam bots AntiSpamPro uses a series of tests running in the background, totally transparent to the website User. It allows 100% protection from spam bots No extra protection needed.
- [PRO] Anti-spam is a comprehensive and transparent anti-spam protection. We provide detailed statistics of all logged comments and logins. You can always be sure that there are no errors.
- [PRO] Protect Register Form.
- [PRO] Advanced protection of comment forms.
- We regularly release updates to the anti-spam module. Our modules always meet new versions of CMS and we are constantly expanding supported CMS.
WORDPRESS FIREWALL
The web application firewall detects and blocks malicious traffic. It protects your website at the endpoint by providing deep integration with WordPress. In contrast to cloud alternatives, it does not violate encryption, cannot be bypassed and does not contribute to data leakage.
- Protection brute force attacks by restricting login attempts.
- [PRO] Update real-time firewall rules and malware signatures through the threat protection channel.
- [PRO] Real-time IP Block List blocks all requests from malicious IP addresses, protecting your site and reducing load.
- [PRO] An integrated malware scanner blocks requests containing malicious code or content.
- [PRO] Using the Attack Log you can track visits and hacking attempts that are not shown in other analytic packages in real time; including origin, IP address, current time, and time spent on your site.
- [PRO] Block intruders by IP address or create advanced rules based on a range of IP addresses, hostname, user agent, and referrer.
WORDPRESS SECURITY SCANNER
- The malware scanner checks the system files, themes and plugins for malware, invalid URLs, backdoors, SEO spam, malicious redirects and code injections.
- Basic scanning using more than 1000 signatures.
- [PRO] Advanced scanning with more than 6000 signatures.
- [PRO] Configure three scan speeds to make sure the performance is not affected.
- [PRO] Set scan schedules – daily, monthly, and manually.
- [PRO] Update malware signatures in real time through a threat protection channel.
- Compares your system, themes and plugins with those which are in the WordPress.org repository, checking their integrity and informing you of all changes.
- Recover modified files by overwriting them with the original version.
- Delete unknown and unwanted files easily via the Titan interface.
- Checks your site for vulnerabilities and notifies in case of any problems or discrepancies. It also provides a notification of potential security issues when the plugin has been closed or inactivated.
- Checks the content security by scanning the contents of files, messages and comments for dangerous URLs and suspicious content.
SITE CHECKER [PRO]
- Check the availability of any URL
- Push notifications in the browser to show URLs access issues in real time.
Your browser will receive push notifications if one of the URLS is unavailable.
TWEAKS
- Strong Password Requirement
- Hide author login
- Hide WordPress versions. WordPress itself and many plugins show their version at the visible areas of your site. An attacker who received this information may be aware of the vulnerabilities found in the version of the WordPress core or plugins.
Translations
- English (default), always included
- Korean — big thanks to @cansmile
- Spanish (Venezuela) — big thanks to @yordansoares, @nobnob, @bragnieljimenez
- Spanish (Spain) — big thanks to @garridinsi, @nobnob, @nobnob, @nilovelez, @fernandot
- Italian — big thanks to @deadpool76
- Persian — big thanks to @1farakav
- Arabic — big thanks to @alzintani
- Swedish — big thanks to @elbogen
- Tibetan — big thanks to @bumpagyal
- Albanian — big thanks to @besnik
- Dutch — big thanks to @robelia
We are very need for your help with translating the
Titan Anti-spam & Security plugin into your native language. We want to make it international and understandable for everyone. Please contact us via email inside the plugin, or create a topic on our support forum if you can help with the translations. In exchange for your help, we will give you better support and our premium plugins absolutely free!
Installation
- Install and activate the plugin on the Plugins page
- Enjoy life without spam in comments
For more info visit titansitescanner.com
Screenshots
Dashboard
General Settings
Anti-spam Settings
Web Application Firewall (WAF)
FAQ
You can visit Anti-spam settings page and enable saving blocked comments as spam in the spam section.
To enabled that you need to go to: WordPress admin dashboard => Settings section => Anti-spam
Saving blocked comments into spam section is disabled by default.
Saving spam comments can help you to keep all the comments saved and review them in future if needed. You can easily mark comment as “not spam” if some of the comments were blocked by mistake.
Anti-spam plugin blocks 100% of automatic spam messages (sent by spam-bots via post requests).
Plugin does not block manual spam (submitted by spammers manually via browser).
- Disqus
- Jetpack Comments
- AJAX Comment Form
- bbPress
The blocking algorithm is based on 2 methods: ‘invisible js-captcha’ and ‘invisible input trap’ (aka honeypot technique).
The ‘invisible js-captcha’ method is based on fact that bots does not have javascript on their user-agents.
Extra hidden field is added to comments form.
It is the question about the current year.
If the user visits site, than this field is answered automatically with javascript, is hidden by javascript and css and invisible for the user.
If the spammer will fill year-field incorrectly – the comment will be blocked because it is spam.
The ‘invisible input trap’ method is based on fact that almost all the bots will fill inputs with name ’email’ or ‘url’.
Extra hidden field is added to comments form.
This field is hidden for the user and user will not fill it.
But this field is visible for the spammer.
If the spammer will fill this trap-field with anything – the comment will be blocked because it is spam.
You can find the info block with total spam blocked counter in the admin comments section.
You can hide or show this info block in the “Screen Options” section.
The visibility option for this info block is saved per user.
Plugin blocks spam only in comments form section and does not block spam from any other forms on site.
If you installed and activated the plugin and you still receiving spam – probably this could be because of some other forms on your site (for example feedback form).
Users rarely use trackbacks because it is manual and requires extra input. Spammers uses trackbacks because it is easy to cheat here.
Users use pingbacks very often because they work automatically. Spammers does not use pingbacks because backlinks are checked.
So trackbacks are blocked but pingbacks are enabled.
All modern browsers and IE8+ are supported.
Anti-spam plugin works with disabled JavaScript. JavaScript is disabled on less than 1% of devices.
Users with disabled JavaScript should manually fill catcha-like input before submitting the comment.
If site has caching plugin enabled and cache is not cleared or if theme does not use ‘comment_form’ action
and there is no plugin inputs in comments form – plugin tries to add hidden fields automatically using JavaScript.
two
You may check out the source code of the plugin.
The plugin is pretty small and easy to read.
Changelog
7.3.6 (17.07.2024)
- Added: Compatibility with WordPress 6.6
- Fixed: Minor bugs
7.3.5 (22.03.2024)
- Added: Compatibility with php 8.3
- Added: Compatibility with WordPress 6.5
7.3.4 (22.03.2023)
- Fixed: Freemius framework conflict
- Added: Compatibility with WordPress 6.2
7.3.3 – 17.10.2022
* Fixed: Critical error with premium component
* Fixed: Minor bugs
7.3.2 – 10.09.2022
* Added: Compatibility with the new version of the premium plugin
* Fixed: Minor bugs
7.3.1 – 02.08.2022
Added: Compatibility with WordPress 6.0
Fixed: Minor bugs
7.3.0 – 07.04.2022
Added: Compatibility with WordPress 5.9
Fixed: Minor bugs
7.2.9
* Fixed: API errors
7.2.8
* Compatibility WP 5.8
* Update components
7.2.7 – 12.03.2021
* Added: Backup system (PRO)
7.2.6 – 12.03.2021
* Fixed: Minor bugs
7.2.5 – 13.01.2021
* Fixed: Minor bugs
7.2.4 – 12.01.2021
* Fixed: Fatal error after activate/update
7.2.3 – 12.01.2021
* Added: Support php 8
* Fixed: Minor bugs
7.2.1
- Added: Subscribe form
- Improved: Compatibility with WordPress 5.6
- Fixed: Minor bugs
7.1.6
- Added: Setup wizard
- Improved: Compatibility with WordPress 5.5
7.1.6
- Fixed: jQuery.fn.load() and other bugs after update to WordPress 5.5
7.1.5
- Added: Two-Factor authentication [PRO]
7.1.4 – 22.06.2020
- Updated: translations
7.1.3 – 19.06.2020
- Added notice in the plugin interface
- Fixed: Minor bugs
7.1.2 – 16.06.2020
- Added: options search in the plugin interface. You can enter the option name, the plugin will automatically redirect you to the desired page where the option is located.
- Removed: trial for the premium plugin
- Updated: main navigation menu.
- Added: compatibiliy with a new premium addons.
- Fixed: Minor bugs
7.0.3 – 20.05.2020
- Added an option to send a weekly security digest to admin email.
- Fixed: Minor bugs
7.0.2 – 30.04.2020
- Add COMPONENTS tab
- Fixed: Minor bugs
7.0.1 – 17.04.2020
- The Htts warning notice has been hidden
7.0.0 – 17.04.2020
- Add wordpress firewall [PRO]
- Add malware scanner
- Add security audit
- Add security tweaks
- Add site checker [PRO]
6.5.4 – 24.01.2020
- Fixed: Minor bugs.
- Fixed: Compatibility Anti-spam Pro.
6.5.3 – 08.01.2020
- Removed: Admin redirect to the premium page.
- Updated: Premium page.
- Added: Activate trial suggestion.
- Fixed: Minor bugs.
6.5.1 – 16.12.2019
- Added: Multisite support.
- Fixed: Bug with redirection loop in multisite mode.
- Fixed: Readme. GDPR compatibility is ready. Plugin doesn’t send any data to the remote server.
- Removed: Dashboard widget with annoy ads.
6.5 – 12.12.2019
- Updated: Plugin interface.
- Added: Compatibility with WordPress 5.3
- Added: Compatibility Anti-spam Pro.
5.5
- Code cleanup
- Removed dismissible notice
5.4
- Updated dismissible notice
5.3
- Fixed the typo in the readme
- Readme cleanup
- Code cleanup
- Added dismissible notice
5.2
- Disable trackbacks
5.1
- Disable check for comments from logged in users
5.0
- Rewriting/refactoring a lot of the code
- Adding Settings page
- Storing blocked comments into the Spam section
- Working on GDPR compliance
4.4 – 2017-08-30
- Fixed issue with showing comments on every page. Thanks to johnh10
4.3 – 2016-11-22
- fixed notices
4.2 – 2016-01-30
- removed XSS vulnerability – thanks to Kenan from tbmnull.com
4.1 – 2015-10-25
- added log spam to file feature – huge thanks to Guti
- prevent full path disclosure
- added empty index.php file
- publish plugin to GitHub
- added Text Domain for translation.wordpress.org
4.0 – 2015-10-11
- dropped jQuery dependency (huge thanks to Guti for rewriting javascript code from scratch. Força Barça! )
- fixed issue with empty blocked spam counter (showing zero instead of nothing)
3.5 – 2015-01-17
- removed function_exists check because each function has unique prefix
- removed add_option()
- added autocomplete=”off” for inputs (thanks to Feriman)
3.4 – 2014-12-20
- added the ability to hide or show info block in the “Screen Options” section
3.3 – 2014-12-15
- refactor code structure
- added blocked spam counter in the comments section
- clean up the docs
3.2 – 2014-12-05
- added ANTISPAM_VERSION constant (thanks to jumbo)
- removed new spam-block algorithm because it is not needed
3.1 – 2014-12-04
- remove log notices
3.0 – 2014-12-02
- added new spam-block algorithm
- bugfixing
- enqueue script only for pages with comments form and in the footer (thanks to dougvdotcom)
- refactor code structure
2.6 – 2014-11-30
- reverting to ver.2.2 state (enqueue script using ‘init’ hook and into the header) because users start receiving spam messages
2.5 – 2014-11-26
- update input names
2.4 – 2014-11-25
- update input names
2.3 – 2014-11-23
- enqueue script only for pages with comments form and in the footer (thanks to dougvdotcom)
- clean up code
2.2 – 2014-08-03
- clear value of the empty input because some themes are adding some value for all inputs
- updated FAQ section
2.1 – 2014-02-15
- add support for comments forms loaded via ajax
2.0 – 2014-01-04
- bug fixing
- updating info
1.9 – 2013-10-23
- change the html structure
1.8 – 2013-07-19
- removed labels from plugin markup because some themes try to get text from labels and insert it into inputs like placeholders (what cause an error)
- added info to FAQ section that Anti-spam plugin does not work with Jetpack Comments
1.7 – 2013-05-31
- if site has caching plugin enabled and cache is not cleared or if theme does not use ‘comment_form’ action – Anti-spam plugin does not worked; so now whole input added via javascript if it does not exist in html
1.6 – 2013-05-05
- add some more debug info in errors text
1.5 – 2013-04-15
- disable trackbacks because of spam (pingbacks are enabled)
1.4 – 2013-04-13
- code refactor
- renaming empty field to “*-email-url” to trap more spam
1.3 – 2013-04-10
- changing the input names and add some more traps because some spammers are passing the plugin
1.2 – 2012-10-28
- minor changes
1.1 – 2012-10-14
- sending answer from server to client into hidden field (because client year and server year could mismatch)
1.0 – 2012-09-06
- initial release