Security, FireWall, Malware auto scan by CleanTalk, online security. Security plugin.
CleanTalk is a Cloud security service that protects your website from online threats and provides you great security instruments to control your website security. We provide detailed security stats for all of our security features to have a full control of security. All security logs are stored in the cloud for 45 days.
Security FireWall by CleanTalk is a free plugin which works with the premium Cloud security service cleantalk.org. This security plugin as a service https://en.wikipedia.org/wiki/Software_as_a_service.
Malware always becomes a headache for site owners. If you don’t regularly check for malware, it will be able to work insensibly a lot of time and damage your reputation. If you prevent malware attacks before they happen, you will be able to save your resources.
What is malware and why does it matter to your business? Malware is malicious code that performs actions for hackers. If your site has been infected with malware it will be able a problem for customer trust and their personal details. First, you need to scan your site to confirm the malware exists. The next step you should fix all files with malware.
Limit Login Attempts – is a part of brute-force protection and security firewall.
Security Firewall has a limit for requests to your website (by default 1000 requests per hour, so you can change it) and if any IP exceed this threshold it will be added to security firewall for next 24 hours. It allows you to break some of the DDoS attacks.
It adds a few seconds delay for any failed attempt to login to WordPress admin area. WordPress Security & Firewall by CleanTalk makes access to your website more secure. Service will check your security log once per hour and if some IP’s have 10 and more attempts to log in per hour, then these IP’s will be banned for next 24 hours.
Security Audit Log keeps track of actions in the WP Dashboard to let you know what is happening on your blog.
With the Security Audit Log is very easy to see user activity in order to understand what changes have done and who made them.
Security Audit Log shows who logged in and when and how much time they spent on each page.
CleanTalk security Traffic Control will track every single visitor no matter if they are using JavaScript or not and provides many valuable traffic parameters.
Another option in Security Traffic Control – “Block user after requests amounts more than” – blocks access to the site for any IP that has exceeded the number of HTTP requests per hour. If this number of requests will be exceeded, this IP will be added to the Security FireWall Black List for 24 hours.
To enhance the security of your site, you can use the CleanTalk Security FireWall, which will allow you to block access by HTTP/HTTPS to your website for individual IP addresses, IP networks and block access to users from specific countries. Use personal BlackList to block IP addresses with a suspicious activity to enhance the WordPress security.
Security FireWall may significantly reduce the risk of hacking and reduces the load on your web server.
CleanTalk Security is fully compatible with the most popular VPN services.
Also, CleanTalk security supports all search engines Google, Bing, Yahoo, Baidu, MSN, Yandex and etc.
Scans WordPress files for hacker files or code for hacker code.
Security Malware Scanner runs manually in the settings. All of the results will send in your Security CleanTalk Dashboard with the details and you will be able to investigate them and see if that was a legitimate change or some bad code was injected.
CleanTalk Antivirus protects your website from viruses and deletes infected code from files. Antivirus scans not only WP core, it will check all of the files on your WordPress. Heuristics antivirus scan allows finding malware/viruses code by bad php constructions.
CleanTalk Security has a “Feedback System” for analyzing suspicious files. This is the client-server feature in CleanTalk Security that allows sending suspicious files from the WordPress backend to CleanTalk cloud.
Security Malware Scanner shows a list of suspicious files and you can view code that was indicated as bad. If you don’t have programming experience and don’t know, is there security issue or not, you will be able to send some files to CleanTalk and we will check them for malware code. After checking we will send you an email notification with results, is there viruses or not.
Every day, CleanTalk Security Malware Scanner will check new files and files that have been changed from the last scanning.
Please, look at our guide How malware file analysis works.
About Scanner Feedback System
This option allows you to check files of plugins and themes with heuristic analysis. Probably it will find more than you expect.
The CleanTalk Security Malware Scanner allows you to find code that allows performing SQL injection. It is this problem that the scanner solves.
The main purpose of Security Web Application FireWall is to protect the Web application from unauthorized access, even if there are critical vulnerabilities.
Security Web Application FireWall catches all requests to your website and checks HTTP parameters that include: SQL Injection, Cross Site Scripting (XSS), uploading files from non-authorised users, PHP constructions/code, the presence of malicious code in the downloaded files.
In addition to effective information security and information security applications are required to know what is quality of protection and CleanTalk Security has logged all blocked requests that allow you to know and analyze accurate information. You can see your Cleantalk Security Logs in your Control panel. https://cleantalk.org/my/logs_firewall
Security CleanTalk Web Application FireWall for WordPress is the proactive defense against known and unknown vulnerabilities to prevent hacks in real-time.
Learn more how to set up and test
About Security Web Application Firewall
It requires a bit of your time but Two Factor (2 Step) Authentication immediately gives a much higher level of security.
With your first authorization, the CleanTalk Security plugin remembers your browser and you won’t have to input your authorization code every time anymore. However, if you started to use a new device or a new browser then you are required to input your security authorization code. CleanTalk security plugin will remember your browser for 30 days.
This option helps you change the default wp-login URL. Hackers use scripts for massive brute-force attacks, and since most sites use a default login page URL, hackers configure scripts for such URLs. When you change the URL of the authorization page, hackers will not have the opportunity to perform brute-force attacks in scripts in automatic mode.
To enable the option, go to the WP Dashboard plugin settings -> Settings -> Security by CleanTalk -> General Settings and check box Change address to login script. Then add a new URL and click Save Settings.
This option does not change files and does not rewrite URLs in system files. To return the address of the default authorization page, it is enough to disable the option in the plugin settings or set a new value.
If you are using caching plugins, then you need to add a new authorization page in the caching exceptions.
Sure, you can use CleanTalk Security and Wordfence. Quite often we get question from our customers, will there be a conflict between CleanTalk and Wordfence? We tested CleanTalk Security and Wordfence working together and they work without any conflicts.
We added this option to our security plugin. Now you can receive notifications if you want to know about an unauthorized entrance to your WP Dashboard.
Notification will be sent only when a user was able to authorize entering login and password. If you are logged into the admin panel from the saved session, then the alert won’t be sent.
You can enable the option “Receive notifications for admin authorizations in your CleanTalk Dashboard. Choose “Site Security” in the “Services” menu, then click “Settings”.
Security FireWall can mitigate HTTP/HTTPS DDoS attacks. When an intruder makes GET requests to attack your website, Security FireWall blocks all requests from bad IP addresses. If your website under DDoS attack you will be able to add IPs to your personal BlackList to block all Post and GET requests.
There are several additional http-headers which added to the every http-requests by the plugin if this option is enabled:
– “X-Content-Type-Options” improves the security of your site (and your users) against some types of drive-by-downloads.
– “X-XSS-Protection” header improves the security of your site against some types of XSS (cross-site scripting) attacks.
– “Strict-Transport-Security” response header (often abbreviated as HSTS) informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS.
– “Referrer-Policy” make the Referer
http-header transferring more strictly.
File system Watcher monitors changes in the file system. This allows to quickly respond to a site infection by tracking which files were affected. The Watcher makes file system snapshots as often as one hour and show difference up to seven days time frame.
Attention! Don’t overlook the critical need to fortify your digital defenses. Subscribe to our Telegram channel, “CleanTalk Research” your indispensable source for real-time alerts on plugin vulnerabilities and PSC plugin security certificates. Stay one step ahead of cyber threats.
Learn more: https://t.me/+EjLvMlhx_S02MmIy
Firewall log tab. The log includes detailed info about each of visitor that reached the site and his firewall check status. Also show Traffic Control activity for the user.
Security Log tab. The log includes list of Brute force attacks or failed logins and list of successful logins for up to 45 days. The plugin keeps the log on CleanTalk servers to make the log not accessible for hackers.
General settings tab. Here you can manage all the plugin settings.
General settings - authentication and log in. Here you can manage Brute-Force protection, 2FA auth and change login URL.
General settings - firewall. Here you can manage Firewall modules and Traffic Control settings.
General settings - scanner. Here you can manage automatic scanner start, types of checks, directories exclusions for scanner and enable important files monitoring.
General settings - admin bar. Here you can set behavior of admin bar module.
Admin bar. How the admin bar module looks.
General settings - trusted text. Here you can manage your affiliate links and trusted text shown for visitors.
Trusted text. How the trusted text looks.
Malware scanner tab. Here you can scan all WordPress files for malicious and suspicious code and see the result.
Malware scanner results - critical. There is a list of files that contains dangerous code or malware signatures.
Malware scanner results - suspicious. There is a list of files that contains suspicious code.
Malware scanner results - approved. There is a list of files that were approved by user, Cloud analysis or CleanTalk team.
Malware scanner results - analysis log. There is a list of files that were sent for Cloud Malware Scanner analysis and their status.
Malware scanner results - unknown. There is a list of files that contain no malware, but they are not a part of WordPress core or plugins/themes.
Malware scanner results - cured. There is a list of files that have been automatically cured.
Malware scanner results - frontend malware. There is a list of frontend pages that contains malicious HTML/JavaScript code.
Malware scanner results - unsafe permissions. There is a list of files that could be reached by a hacker because of unsafe permission set.
Malware scanner results - file monitoring. There is a list of important files and their snapshots. You can use this to know if they were changed.
Malware scanner results - snapshot. How the important file snapshot looks.
Malware scanner results - PFD report. How the PDF report of scan results looks.
Backups interface. How the backups interface looks.
Summary tab. The general info about the plugin state.
Templates interface. Using this interface you can apply the settings from another site of your CleanTalk account or a template saved before.
Example of blocking page - Firewall. If the visitor IP is in hazardous net list or blacklisted in your personal list, he will see this screen.
Example of blocking page - XSS. If the visitor attempts to implement XXS, he will see this screen.
Example of blocking page - SQL. If the visitor attempts to implement SQL injection, he will see this screen.
Example of blocking page - Brute-Force. If the visitor tried to use wrong credentials for many times, he will see this screen.
Example of blocking page - Traffic Control. If the visitor has requested site pages too often, he will see this screen.
File System Watcher tab. File System Watcher interface.
Hackers want to get access to your website and use it to get backlinks from your site to improve their site’s PageRank or redirect your visitors to malicious sites or use your website to send spam and viruses or other attacks.These attacks can damage your reputation with readers and commentators if you fail to tackle it. It is not uncommon for some WordPress websites to receive hundreds or even thousands of attacks every week. However, by using the Security CleanTalk plugin, all attacks will be stopped on your WordPress website.
Installing the plugin is very simple and does not require much time or special knowledge.
Manual installation
https://downloads.wordpress.org/plugin/security-malware-firewall.zip
Go to your WordPress Dashboard->Plugins->Add New->Upload CleanTalk zip file.
Click Install Now and Activate.
After activated, go to plugin settings. Then you will need to create an API key, this is done automatically for you. Just click on “Get access key automatically”
Installation completed successfully.
Installation from wordpress.org directory
Navigate to Plugins Menu option in your WordPress administration panel and click the button “Add New”.
Type CleanTalk in the Search box, and click Search plugins.
When the results are displayed, click Install Now.
Select Install Now.
Then choose to Activate the plugin.
After activated, go to plugin settings. Then you will need to create an API key, this is done automatically for you. Just click on “Get access key automatically”
Installation completed successfully.
Please use the wrong username or password to log-in to your WP admin panel to see how the Security Plugin works. Then you may log-in with your correct account name and see the logs for the last actions in the settings or our plugin. Also, Audit Log will display the last visited URL’s of the current user.
Yes, the plugin is compatible with WordPress MultiUser.
Go to your CleanTalk account->Log. Use filters to sort data for analyses.
Security logs provide you to receive and keep information for 45 days. You have the following possibilities:
1. Time period for all records you want to see.
Website for which you want to see security records. Leave the field empty to see security records for all websites.
Choose an event you want to see:
Searching records by IP address.
Searching records by country.
There are date and time of events for each record, username who performed an action and his IP (country) address. How to use Security Log https://cleantalk.org/help/Security-Log
Yes, it is possible. Go to your CleanTalk account->Change email https://cleantalk.org/my/change-email
Access Key allows you to keep statistics up to 45 days in the cloud and different additional settings and has more possibilities to sort the data and analyses. Our plugin evolves to Cloud Technology and all its logs are transferred to Cloud. Cloud Service takes data processing and data storage and allows to reduce your webserver load.
You have the following possibilities:
Choose an event you want to see:
Audit View — records of actions and events of users in your website backend.
List of records. Each record has the following columns:
Please, read more
https://cleantalk.org/help/Security-Log
If you wish to block some countries from visiting your website, please, use this instruction: https://cleantalk.org/help/Security-Firewall
First go to your Security Dashboard. Choose “Site Security” in the “Services” menu. Then press the line “Black&White Lists” under the name of your website.
You can add records of different types to your black list or white list:
The records can be added one by one or all at once using separators: comma, semicolon, space, tab or new line. After filling the field press the button “Whitelist” or “Blacklist”. All added records will be displayed in your list below. Please note, all changes will be applied in 5-10 minutes.
Please, read full instruction here
https://cleantalk.org/help/Security-Firewall
Malware scanner will check and compare with the original WP files and show you what files were changed, deleted or added. Malware scanner could be used to find an added code in WP files. On your Malware Security Log page, you will see the list of all scans that were performed for your website. The CleanTalk Cloud saves the list of the found files for you to know where to look them for.
At the moment malware scanner may be started one time per day and manually.
To start malware scanner go to the WordPress Admin Page —> Settings —> Security by CleanTalk —> “Malware Scanner” tab —> Perform Scan.
Give the Malware Scanner some time to check all necessary files on your website.
The plugin is free. But the plugin uses CleanTalk cloud security service. You have to register an account and then you will receive a free trial to test. When the trial (on CleanTalk account) is finished, you can renew the subscription for 1 year or deactivate the Security by CleanTalk plugin.
If you haven’t got access key, the plugin will work and you will have logs only on the plugin settings page for last 20 requests.
The plugin will fully perform its functions after the end of the trial period and will protect your website from brute force attacks and will keep Action Log in your WP Dashboard, but the number of entries in the log will be limited to the last 20 entries/24 hours. Also, you will receive a short daily security report to your email.
Premium version allows to storage all logs for 45 days in the CleanTalk Dashboard for further analysis.
Brute force attack is an exhaustive password search to get full access to an Administrator account. Passwords are not the hard part for hackers taking into account the quantity of sent password variants per second and the big amount of IP-addresses.
Brute force attack is one of the most security issues as an intruder gets full access to your website and can change your code. Consequences of these break-ins might be grievous, your website could be added to the [botnet] and it could participate in attacks to other websites, it could be used to keep hidden links or automatic redirection to a suspicious website. Consequences for your website reputation might be very grievous.
This is required for the Security FireWall to function properly. Plugins that are placed in this section are being launched first, so it is very important that the Security FireWall is launched before any plugins and hooks. Thus, hacker requests will be stopped before they can get access to any site code.
= 2.138.1 July 24 2024
* Fix. Settings. Security logs display fixed.
* Revert “Fix. FS Watcher. Module working only in the admin side.”
= 2.138 July 23 2024
* New. Settings. Added alarm to admin menu.
* New. Settings. Added function to upload exclusions.
* Upd. Scan. Updated handler for cloud results method.
* Fix. Deactivation possible notices fixed.
* Fix. Vulnerability Alarm. Installed themes checking fixed.
* Fix. Deactivating. Logging failed deactivation fixed.
* Fix. Deactivating. Tables deleting fixed.
* Fix. Settings. Tabs. Debug tab on local domains revived.
* Fix. FS Watcher. Module working only in the admin side.
* Fix. Scanner. Cure. Not cured files selection fixed.
* Fix. Scanner. Cure. Delete the failed cure tries from the cure log on first iteration to avoid files to cure missing.
* Fix. UpdaterScripts. Fix type on update_option call.
= 2.137 July 09 2024
* New. Settings. Added alarm to admin menu.
* New. Settings. Added function to upload exclusions.
* Upd. Scan. Updated handler for cloud results method.
* Fix. Deactivation possible notices fixed.
* Fix. Vulnerability Alarm. Installed themes checking fixed.
* Fix. Deactivating. Logging failed deactivation fixed.
* Fix. Deactivating. Tables deleting fixed.
* Fix. Settings. Tabs. Debug tab on local domains revived.
* Fix. FS Watcher. Module working only in the admin side.
* Fix. Scanner. Cure. Not cured files selection fixed.
* Fix. Scanner. Cure. Delete the failed cure tries from the cure log on first iteration to avoid files to cure missing.
* Fix. UpdaterScripts. Fix type on update_option call.
= 2.137 July 09 2024
* Fix. Psalm suppress UndefinedMethod
* Fix. Eslint
* Upd. Disabling analyse Long Line
* Upd. Checking memory_limit
* Upd. Scan. Updated flow for upload hashes.
* Fix. Deprecated conversion of false to array in getPluginReportStatic
* Upd. Changes in the operation of modal windows
* Fix. CamelCase attributes for CriticalUpdate
* Fix. Code. Common lib updated.
* Fix. Settings. Visited pages output in security logs fixed.
* New. Scan. Update front estimates time.
* Upd. Local results clearance. Delete backups, cure logs, cured files data.
* Ref. Cure. New CureStage class used to run curing.
* New. AdjustModule. Setup handler to adjust w3tc
* New. Settings. Critical updates tab implemented.
* Upd. VulnerabilityAlarmView.php. Text updates.
* Upd. VulnerabilityAlarm Service. Every vulnerable theme has unique link now.
* Upd. VulnerabilityAlarmView. Padding added for lists of items on the tab.
* Upd. VulnerabilityAlarm Service. Show PSC modules. Other fixes.
* Fix. VulnerabilityAlarmView.php. Text.
* Fix. VulnerabilityAlarmService. Fix logic.
* Upd. VulnerabilityAlarmService. Update SGV on tab.
* Upd. VulnerabilityAlarmService. Fixed versions check on checkModule iteration.
* Fix. Sacnner. Backups. Backup ID fixed.
* New. RemoteCalls. New RC “launch_background_scan” to launch scan in background.
* Fix. VulnerabilityAlarm.php. Themes collecting fixed.
* Ref. VulnerabilityAlarm. Names.
* Fix. VulnerabilityAlarmService. PHP 8.1 compat fix.
* Upd. VulnerabilityAlarmView. Versions added.
* Fix. Call function on null
= 2.136.1 July 02 2024
* Fix. Settings. Visited pages output in security logs fixed.
= 2.136 June 24 2024
* Fix. Settings. Get key auto button depends on agreement.
* Fix. Cookie. Added nofollow attribute.
* Fix. Settings. Updated statement for 2fa.
* Fix. Security. The upload checker used signatures analysis only for now.
* Upd. WAF. Added waf for admin area.
* Fix. Settings. Updated 2fa handler.
* Upd. FW. Send logs. Signature ID added to logs for WAF blocks cases.
* Fix. FW. Update is_admin handler.
* Upd. Firewall. Logging. Do not rewrite records with different signatures but same type.
* Upd. Scanner. Signatures getting. Plugin is ready to version 3.
* Upd. Scan. Refactoring scan send stage.
* Fix. Settings. Updated timezone format for get_api_key.
* New. Scanner. New category Approved By Cloud implemented.
* Fix. FSWatcher. Logs naming fixed.
* Upd. HeuristicAnalyser. CodeStyle. Long lines check enabled.
* Fix. Fixed the changes when installing composer
* Fix. Added index files
* Fix. FSW. Added rate limit.
= 2.135 June 10 2024
* New. Modal window. Confirm action implemented.
* New. List table. Custom confirm window implemented.
* Upd. Recording and displaying an event from wp_spbc_auth_logs
* Fix. Settings. Don’t show Frontend scanner results category if this option is disabled
* Fix. Scanner. Scan log details – triggered module name added.
* Fix. Firewall. Updated logging process.
* Upd. SQLSchema. Signature body size extended. Schema updated and updater script ready for v2.135.
* Fix. Scanner. Reset weak_spot
and severity
on modified files.
* Upd. Settings. “About” block refactored. Cure services links added.
* Fix. Firewall. Fixed logged admin counting.
* Fix. Login page. Brute force protection description fixed.
* Fix. Scanner. Outbound links actions fixed.
* Fix. Scanner. Show more button fixed.
* Fix. Settings. 2fa
setting long description fixed.