Download

Spam protection, AntiSpam, FireWall by CleanTalk

By СleanTalk

Description

No CAPTCHA, no questions, no animal counting, no puzzles, no math and no spam bots. Universal AntiSpam plugin.

AntiSpam features

  1. Stops spam comments.
  2. Stops spam registrations.
  3. Stops spam contact emails.
  4. Stops spam orders.
  5. Stops spam bookings.
  6. Stops spam subscriptions.
  7. Stops spam surveys, polls.
  8. Stops spam in widgets.
  9. Stops spam in WooCommerce.
  10. Checks and removes the existing spam comments and spam users.
  11. Compatible with mobile users and devices.
  12. Compatible with General Data Protection Regulation (GDPR) (EU).
  13. Real-time email validation. Is email real or Not.
  14. Blocking disposable & temporary emails.
  15. No Spam – No Google Penalties. Give your SEO boost.
  16. Mobile friendly Anti Spam & FireWall.
  17. Stops spam in Search Form.
  18. Disable comments.
  19. Spam FireWall: Anti-Flood
  20. Spam FireWall: Anti-Crawler
  21. Hide «Website» field for comments

Public reviews

CleanTalk – Cloud-Based Anti-Spam Service to Keep Your Site Bot-Free.
NewsWatch Review.

Using CleanTalk on WPLift was a great test as we receive huge amounts of spam.
Oliver Dale, WPLift.com.

I know you have heard of a number of anti-spam plugins. But you must know, the cloud-based ones are the best regarding detection rate. They compare all the content in forms with their own algorithm to find out the legibility.
www.techwibe.com

The key selling point of CleanTalk for me is not simply its effectiveness. It’s the fact that CleanTalk works in the background. It does not make users jump through hoops in order to submit a comment or complete a form.
www.kevinmuldoon.com

Free trial then $8 per year

CleanTalk is a free anti spam plugin which work with the premium Cloud AntiSpam service cleantalk.org. This plugin as a service https://en.wikipedia.org/wiki/Software_as_a_service.

AntiSpam protection for comments

Native spam protection for WordPress, JetPack comments and any other comment plugins. The plugin moves spam comments to SPAM folder or you can set the option to ban spam comments silently. You can also enable the option in the plugin settings to auto-delete comments from SPAM folder.

Spam bots registrations filter

Spam filter for contact forms

WooCommerce spam filter

Anti-spam by CleanTalk filters spam registrations and spam reviews for WooCommerce. The plugin is fully compatible with WooCommerce 2.1 and higher.

Newsletters antispam filter

Spam filter for theme contact forms

The plugin blocks spam emails via any theme (built-in ones included) contact forms. The plugin filters spam emails silently (without any error notices on WordPress frontend) in AJAX forms as well.

bbPress spam filter

Spam protection for everything about bbPress: logins, registrations, forums, topics and replies.

Other spam filters

  • WordPress Landing Pages.
  • WP User Frontend, UserPro.
  • Any WordPress form (checkbox ‘Custom contact forms’).
  • Any submission to the site (checkbox ‘Check all POST data’)

Compatible with WordPress cache plugins

Check existing comments for spam. Bulk spam comments removal. Spam comment Cleaner

With the help of anti-spam by CleanTalk you can inspect through existing comments to find and quickly delete spam comments at once. To use this function, go to WP Console -> Comments -> Find spam comments.

Check existing users for spam. Bulk spam accounts removal. Spam users cleaner

With the help of anti-spam by CleanTalk you can inspect through existing accounts to find and quickly delete spam users at once. For use this function, go to WP Console -> Users -> Check for spam. Also, you can export a list of spam users to the CSV.

Blocking users by country

Automatically block comments and registrations from the countries you have set a ban for. This option is useful in cases of manual spam protection and for protection enhancement. If your site is not intended for international audience and you do not expect comments/users from other countries.

Blocking comments by “stop words”

You can block comments which contain “stop words” to enhance spam protection and messages with obscene words blocking. You can add particular words or phrases.

Private black lists for anti-spam service

Automatically block comments and registrations from your private black
IP/email address list. This option helps to strengthen the spam protection from a manual spam or block unwanted comments from users. You can add not only the certain IP addresses, but also a separate subnet to your personal black list.

Private black list for Spam FireWall

It allows you to add individual IP addresses and subnets to Spam FireWall. It
blocks the spam attacks from IP addresses which are not included in the SFW base yet. This option can help to block HTTP/HTTPS DDoS, SQL, brute force attacks and any others that made it through the HTTP/HTTPS. You can add not only the certain IP addresses, but also a separate subnet to your personal black list.

Hide «Website» field for comments

This option hides the «Website» field from standard WordPress comments forms. After that spammers won’t be able to send spam links using «Website» field in the bottom of the comments form.
This option is disabled by default and can be enabled in plugin Settings in your WordPress dashboard.

Low false/positive rate

This plugin uses multiple anti-spam tests to filter spam bots having as low false/positive rate as possible. Multiple anti-spam tests help to avoid false/positive blocks of the real website visitors even if one of the tests failed.

How effective is CleanTalk?

Accurately blocking spam is not an easy thing to do, but CleanTalk has a very low proven False/Positive rate. Here is actual statistics on false positives for all customers.

  • Registrations – 0.004%
  • Comments – 0.004%
  • Contact forms – 0.006%
  • Orders (WooCommerce) – 0.016%
  • Site search – 0.001%

The statistic was calculated on August 28 2020 for 2.5 million requests.

How CleanTalk improves SEO for your website?

So, you already know that the speed of the site has a direct impact on SEO.

CleanTalk works faster than most of the other anti-spam plugins. It is common knowledge that the faster your site loads, the better your customer experience is, the better your SEO will be, and the better your site will convert. Speed is becoming increasingly important in SEO, conversion and user experience. Today, site speed is one of the most important ranking factors on Google. A site that loads slowly will lose visitors and potential revenue.

There are different ways of improving your site’s loading performance. One important parameter for site performance is to install well-developed plugins from a reputable source.

Among anti-spam plugins CleanTalk AntiSpam is one of the fastest. Despite the
large plugin functionality, the developers have optimized the performance of
the plugin so that AntiSpam by CleanTalk is faster than most analogs. This contributes to the cloud service architecture, as all calculations take place in the cloud, not on the server, the server receives the finished result for further action.

https://s.w.org/plugins/cleantalk-spam-protect/screenshot-5.png?r=1288723

How CleanTalk works?

  • A visitor writes a comment or registers
  • Anti-Spam by CleanTalk plugin sends action parameters into the CleanTalk cloud
  • Service analyzes the parameters
  • If this is a visitor, the comment will be published. If it’s a spam bot, then CleanTalk blocks this comment or registration.
  • Parameters are written to the spam log which can be viewed in the Control Panel service.

CleanTalk team has been developing a cloud antispam system for five years and has created a truly reliable anti-spam service designed for you to guarantee
your safety.

Spam attacks log

Service CleanTalk (this plugin is a client application for CleanTalk anti-spam service) records all filtered comments, registration and other spam attacks in the “Log of spam attacks” and stores the data in the log for up to 45 days. Using the log, you can ensure reliable protection of your website from spam and no false/positive filtering.

Spam FireWall

CleanTalk has an advanced option “Spam FireWall”. Spam FireWall allows blocking the most active spam bots before they get access to your website. It prevents spam bots from loading website pages so your web server doesn’t have to perform all scripts on these pages. Also it prevents scanning of pages of the website by spam bots. Therefore Spam FireWall significantly reduces the load on your web server. Spam FireWall also makes CleanTalk the two-step protection from spam bots. Spam FireWall is the first step and it blocks the most active spam bots. CleanTalk Anti-Spam is the second step and checks all other requests on the website in the moment of submitting comments/registers etc.

Spam FireWall is fully compatible with the most popular VPN services.
Also, Spam FireWall supports all search engines Google, Bing, Yahoo, Baidu, MSN, Yandex and etc.

How Spam FireWall works?

  • The visitor enters to your web site.
  • HTTP request data are being checked in the nearly 5.8 million of the identified spam bot IPs.
  • If it is an active spam bot, the bot gets a blank page, if it is a visitor then he receives a normal page. This process is completely transparent for the visitors.

All the CleanTalk Spam FireWall activity is being logged in the process of filtering.

Spam FireWall DDoS Protection

Spam FireWall can mitigate HTTP/HTTPS DDoS attacks. When an intruder makes GET requests to attack your website, Spam FireWall blocks all requests from bad IP addresses. Your website gives the intruder a special page with the description of DDoS rejection instead of the website pages. Therefore Spam FireWall helps to reduce CPU usage of your server.

Spam FireWall: Anti-Flood & Anti-Crawler

Spam FireWall: Anti-Flood and Anti-Crawler options are intended for blocking unwanted bots, content parsing, shop goods prices parsing or aggressive website scanning bots. Learn more https://cleantalk.org/help/anti-flood-and-anti-crawler

No spam comments, no spam registrations, no spam contact emails, no spam trackbacks. CAPTCHA-free anti-spam for WordPress

Spam is one of the most irritating things. Spam rates are increasing every year and conventional anti-spam can no longer handle all spam bots. CleanTalk prevents and automatically blocks spam. You’ll be surprised how effective CleanTalk is in protecting from spam.

AntiSpam plugin info

CleanTalk is an all-in-one antispam solution for WordPress that protects login, comment, contact and WooCommerce forms at once. You don’t need to install separate antispam plugins for each form. It allows your blog to work faster and save resources. After installation you will forget about spam; your CleanTalk plugin will do all the work. You won’t have to deal with spam as CleanTalk does this for you automatically.

CleanTalk is a transparent antispam tool, we provide detailed stats of all incoming comments and logins. You can always be sure that there are no errors. We have developed a mobile app for you to see antispam stats wherever you want.

We have developed the antispam for WordPress that protects you from spam bots at the maximum level allowing you to provide your visitors a simple and convenient form of comments/registrations without annoying CAPTCHAs and puzzles. CleanTalk detects spam in multistage tests allowing us to block up to 99.998% of spam bots.
The anti-spam method offered by CleanTalk avoids inconvenient for communication methods (CAPTCHA, question-answer etc.), and offers to your site visitors a more comfortable one.

CleanTalk is a premium anti-spam service for WordPress, the plugin works with
our own CleanTalk Cloud Service. Anti Spam by CleanTalk offers a free trial, you can look at the pricing here. We provide anti-spam services at the highest level. To maintain this level we cannot afford to offer a free version of our service, as this will immediately affect the quality of the providing anti-spam protection. Paying for a year of anti-spam service, you save a lot more and receive:

  • Up to 99.998% protection from spam bots.
  • Time and resources saving.
  • More registrations/comments/visitors.
  • Spam protection of the several websites at once in different CMS.
  • Ease in installation and using.
  • Traffic increase and loyalty to the users.
  • 24/7 technical support.
  • Clear stats.
  • Spam FireWall.
  • No captcha (reCaptcha), puzzles, etc.
  • Free mobile app to control anti-spam protection on your website.

Additional features

  • Daily and weekly detailed anti-spam reports: traffic VS spam.
  • Apps for iPhone, Android to control anti-spam service, comments, signups, contacts, traffic and spam stats for the last 7 days.
  • AntiSpam apps for most popular CMS on cleantalk.org.

How to protect sites from spam bots without CAPTCHA?

The most popular anti spam method is CAPTCHA – the annoying picture with curved and sloping symbols, which are presented to the visitor to decipher and fill in. In is supposed that spam bots won’t discern these CAPTCHA, but a visitor will. CAPTCHA provokes great irritation, but if the visitor wants to comment, he has to fill in these symbols time after time, making mistakes and starting once again. Sometimes CAPTCHA reminds us of the doodles of a two year old child. For users with vision problems CAPTCHA is an insurmountable obstacle. Users hate captcha. Captcha for users means “hate”. Unreadable CAPTCHA stops about 80% of site visitors. After 2 failed attempts to decipher CAPTCHA 95% of visitors reject further attempts. At the sight of CAPTCHA and after input errors, many visitors leave the resource. Thus, CAPTCHA helps to protect the resource spam both from bots and visitors. CAPTCHA is not a panacea from spam. Doubts concerning the Need for CAPTCHA?

“Ultimately, CAPTCHAs are useless for spam because they’re designed to tell you if someone is ‘human’ or not, but not whether something is spam or not.” Matt Mullenweg

You do not have to work in IT to know what spam is. Besides piles of unwanted email, there are spam bots, or special software programs designed to act as human website visitors that post unwelcome messages over the Internet to advertise dubious services. More often than not spam messages do not even make sense. Similar to bacteria and virus mutations developing antibiotic resistance, spam bots are becoming more resilient in penetrating Internet firewalls and security layers.

CleanTalk’s features

Anti-Spam by CleanTalk with Spam FireWall is one of the fastest plugins that allows you to lower the server load. One of the important parameters for each webmaster is the speed of the site, so we make sure that our plugin consumes as few server resources as possible. The Cloud Service provides the advantage: all data processing takes place in the Cloud.

CleanTalk team has developed unique anti spam algorithms to assess visitors behavior. CleanTalk analyzes user behavior and the parameters of the filled forms. Our anti-spam module, being installed in your website, sends the behavior parameters of either a visitor or a spam bot. When these parameters are estimated, the anti spam service makes a decision – to post a message or to define it as spam and reject it. Based on these checks, the service forms its own list of email addresses used by spam bots.

The registrations of visitors are being checked in a similar manner. The service adds to the blacklist not just email addresses, but also IP addresses and domains of websites that promote themselves through spam mailing. All of this happens automatically and requires no action from the administration of the website. In 2.5 million queries the service makes a mistake in 40-45 cases, i.e. CleanTalk detects spam with 99.9982% accuracy. We constantly monitor these errors and make adjustments to our algorithms. Even with this exceptional accuracy our team is aiming to improve the figures over time.

All-in-one. CleanTalk protects form spam all forms instantaneously – comments, registrations, feedback, contacts. No need to install additional plugins for each form. You save resources and increase performance of your website.

Spam attacks log. Anti-Spam by CleanTalk records all filtered comments, registrations and other spam attacks in the “Log of spam attacks” and stores the data in the log for up to 45 days. Using the log, you can ensure reliable protection of your website from spam and experience no false/positive filtering.

With the help of anti-spam by CleanTalk you can check existing comments and users, to find and quickly delete spam comments at once. This allows administrators of websites to automatically check and identify spam bots, comments and users, which were not detected by conventional anti-spam tools. The existing comments and users checking process is performed in a database of the nearly 2 million identified spam bots. Detailed spam stats allows CleanTalk customers to fully control it.

CleanTalk has an advanced option “Spam FireWall”. This option allows you to block the most active spam bots before they get access to your website. It unloads you website pages when an attempt attack was made, so your web server won’t run unnecessary scripts on these pages. Also it prevents any scanning of website pages by spam bots. Subsequently Spam FireWall significantly reduces your webserver load. Spam FireWall can mitigate HTTP/HTTPS DDoS attacks. When an intruder makes GET requests to attack your website, Spam FireWall will block requests from bad IP addresses. Your website gives the intruder a special page with a description of DDoS rejection instead of the website pages. Spam FireWall can help to reduce the CPU usage of your server because of this reason.

“CleanTalk team has been developing a cloud spam protection system for five years and has created a truly reliable anti-spam service designed for you to guarantee your safety”.

White Label Mode

To switch the plugin work in the white-label mode you should set up a few settings on your main site in WordPress Multisite Network:

  1. Check setting “Enable White Label Mode”.
  2. Fill “Hoster API Key” field with key from CleanTalk’s hoster panel.
  3. Fill “Plugin name” field. It could be any name you want for the plugin.
  4. Save settings.

The plugin will do everything rest.

Auto-Update CleanTalk AntiSpam

CleanTalk Dashboard allows you to set auto-update plugin and select several websites and update the plugin at once on all sites by one click or you can setup auto-update for all websites or separate websites.

Note: there is 24 hours delay before auto-update will do. This delay allows needing to avoid any issues. All updates that made through CleanTalk Dashboard manually will do immediately.

Auto-updating system will work from CleanTalk AntiSpam version 5.88

Real-time email validation. Is email real or Not.

It is very important to be sure that the user used his real email address. Spambots very often use fake email addresses, i.e. which addresses do not exist.

CleanTalk will check email addresses for existence in real time.

Non-existing email addresses also entail several other problems for website owners.

  • You can never contact them by email,
  • the client will never receive any notifications from you (account activation letter, password recovery, email distribution, notifications, etc.),
  • if you use email marketing for your clients, then a large number of nonexistent emails in the mailing list may result in your IP address being added to various blacklists of email servers.

Improve your email list with email validation without fake emails.

Blocking disposable & temporary emails

Block fake and suspicious users with disposable & temporary emails to improve email delivery. So, it also prevents malicious activity, spam bots, and internet trolls.

Stops Spam in Search Form

Spam bots can use your search form to make a GET request with spam text.
CleanTalk Anti-Spam has the option to protect your website search form from spam bots. Each time, the search generates a new page and if there are many requests, this can create additional load. So, under some conditions, spam searches can be indexed, which affects SEO,

  • Spam FireWall blocks access to all website pages for the most active spambots. It lowers your web server load and traffic just by doing this.
  • Anti-Spam protection for website search forms repels spambots.
  • If your search form gets data too often the CleanTalk Anti-Spam plugin will add a pause and increase it with each new attempt to send data. It saves your web server processor time.
  • Spam protection allows you to not forbid indexation for the crawler bots if you really need it but simultaneously you will get protection from spambots.

You will always know what users were looking for on your site.

Disable comments

This option disables comments on your site. You can choose one or several options:

  • Disable comments for posts
  • Disable comments for pages
  • Disable comments for media

When using Disables comments, existing comments will not be deleted and will remain on the pages.

Translations

  • Albanian (sq_AL) – thanks to fjalaime https://wordpress.org/support/users/fjalaime/
  • French (fr_FR) – thanks to Gilles Santacreu http://net-ik.net
  • Spanish (es_ES) – thanks to Andrew Kurtis and WebHostingHub

Requirements

WordPress 3.0 at least. PHP 5 with CURL or file_get_contents() function and enabled ‘allow_url_fopen’ setting. The plugin is fully compatible with PHP 7.

Max power, all-in-one, premium anti-spam WordPress plugin. No comments & registrations spam, no contact spam, protects any forms. Just install and forget spam.

Screenshots

  • AntiSpam settings are easy to use.
  • AntiSpam plugin rejected a spam bot at the CAPTCHA less registration form. The plugin provides explanation to visitor and websites about each rejected comment/registration or contact message.
  • Use AntiSpam analytics tool for each website in service Dashboard to have information about spam/legitimate stats.
  • Use AntiSpam log to control anti-spam plugin.
  • CleanTalk works faster than most of other anti-spam plugins.
  • The Dashboard with a map of most spam active countries per your account.
  • The plugin deletes/removes the existing spam comments and users accounts.
  • CleanTalk's dashboard update link.
  • Auto update confirmation.
  • Website's options.
  • CleanTalk's dashboard.
  • SpamFireWall log.

Installation

Installation instructions

  1. Download, install and activate ‘Anti-spam by CleanTalk’.

  2. Get Access key https://cleantalk.org/register

  3. Enter Access key in the settings: WordPress console -> Settings -> Antispam by CleanTalk

  4. Do dummy spam comment (registration or contact message) with email [email protected]. You should see notice: Forbidden. Sender blacklisted.

  5. Done! The plugin is ready to use.

Video guide – Anti-Spam Plugin Installation in WordPress.

Important! To test spam protection you must post a dummy submissions as website visitor (use must logged out from WordPress console), because the plugin doesn’t filter submissions from WordPress administrators.

How can setup plugin in WPMU version?

In WordPress multisite version you can switch the plugin to use Global Access key. In this way the plugin doesn’t show any options to enter Access key in plugin settings and doesn’t show Trial banner in WordPress backend. To setup global CleanTalk access key for all websites in WPMS, define constant in your wp-config.php file before defining database constants:

define('CLEANTALK_ACCESS_KEY', 'place your key here');

Make it before you activated the plugin. If the plugin already activated, deactivate it and add the code and active it again.
Now, all subsites will have this access key.

Manage and control spam protection

Go to Dashboard at the cleantalk.org or use Android, iPhone anti-spam app to manage and control spam protection.

FAQ

Why are they spamming me?

Spammers want to get backlinks from your site to improve their site’s PageRank or redirect your visitors to malicious sites.This level of spam can damage your reputation with readers and commentators if you fail to tackle it. It is not uncommon for some WordPress websites to receive hundreds or even thousands of comments every week. However, by using a CleanTalk plugin, spam can be easily handled by your WordPress website.

Is the anti-spam protection safe for mobile visitors?

Yes, it is. The plugin doesn’t block mobile visitors as well as desktop website visitors. It uses several independent anti-spam tests to decrease the number of false outcomes and to have as low false-positive rate as possible. Multiple anti-spam tests help to avoid false/positive blocks for real website visitors even if one of the tests failed.

What does the plugin do with spam comments?

Spam comments are being moved to SPAM folder by default or you can set the option to ban spam comments silently.

How can I test the anti-spam protection?

Please use the email [email protected] for comments, contacts or signups to see how the anti-spam protection works. Also you can see the logs for the last 7 days at the Control panel or look at the folder “Spam” for banned comments.

Is the plugin effective against spam bots?

The plugin Anti-Spam by CleanTalk stops up to 99.998% of spam comments, spam signups (registrations), spam contact emails, spam subscriptions, spam bookings or spam orders.

Does the plugin protect from brute force, DoS attacks and spam attacks?

Yes, it does. Please turn the option ‘Spam FireWall’ on in the plugin settings to protect your website from DoS/DDoS, XML-RPC attacks.

How does the plugin stop spam?

Please, note – administrator’s actions are NOT being checked.

The plugin uses several simple tests to stop spammers:

  1. JavaScript anti-spam test. 99% of spam bots don’t have full JavaScript functions support. So, the plugin has the code which can be run by normal visitor and can’t be run by the spam bot.
  2. Email, IP, domain spam activity list entries check. The plugin uses spam activity database online at cleantalk.org, consisting of more than 20 billion spam activity records of IPs, Emails, Domains and ASN. If the sender’s IP or Email is in the database, the sender gets some spam scores. To reduce false/positive rate the plugin not only uses the blacklist test to ban spammers, the sender will be banned when and only when multiple spam tests have been failed.
  3. Comment submit time. Spam bots usually submit the info immediately after the page has been loaded, this happens because spam bots don’t actually fill the web form, they just send $_POST data to the blog. The normal visitor sends the data after several seconds or minutes.

Will the anti-spam plugin protect my theme?

Yes, it will. The Anti-spam by CleanTalk is compatible with any WordPress theme.

What about pingback, trackback spam?

The plugin passes pingbacks without any checks by default. All trackbacks will be blocked if the sender had spam activity.

Can I use CleanTalk with Akismet?

Sure, you can use CleanTalk with Akismet. In this case you will probably have higher false/positive rate (when legitimate comments/signups are being denied), but you will have stronger anti-spam protection on your website.

Is CleanTalk better than Akismet?

Please look at this features comparison here https://cleantalk.org/cleantalk-vs-akismet

Can I use CleanTalk to remove pending spam comments?

Yes, you can. The plugin has the option to test all pending comments via database of spam active IP/Email, found spam comments will be moved to Trash folder.

How does the plugin find spam in pending comments or registered accounts?

The plugin checks all non-spam comments in the blacklist database and shows you those senders who have spam activity on other websites.
There are some differences between blacklist database and API to protect you from spam bot registrations/comments online. Blacklists show all history of spam activity, but our API (which is used in spam tests) relies on other parameters too: last day of activity, number of spam attacks during the last days etc. These mechanisms help us to reduce the number of false outcomes. So, there is nothing strange, if some emails/IPs are not found by bulk comments/accounts test.

To check comments please go here:

WordPress console -> Comments -> Find spam comments

To check users please go here:

WordPress console -> Users -> Find spam users

Should I use other anti-spam tools (Captcha, reCaptcha and etc.)?

CleanTalk stops up to 99.998% of spam bots, so you can disable other anti-spam plugins (especially CAPTCHA-type anti-spam plugins). In some cases several anti-spam plugins could conflict with each other, so it would be better to use just one plugin.

Is the plugin compatible with WordPress MultiUser (WPMU or WordPress network)?

Yes, the plugin is compatible with WordPress MultiUser. Each blog in multisite environment has individual anti-spam options for the protection from spam bots.

After the installation I noticed that the number of spam attacks has been increased in the stats

There are a few reasons for this:

  • With the indexing of your web-site by the search systems, appearance of external links and better search results position, your web-site attracts more and more spambots.
  • Non-transparent protection systems like CAPTCHA or question/answer, that don’t have spam attacks stats, don’t let you see the whole picture, or the picture is incomplete.
  • Counting methods for spam attacks and spam bots are different for different systems, thus the diversity appears. We seek to provide detailed stats.

Why my dummy “spam” comment passed to the WordPress?

The plugin has several options to detect spam bots and humans. If you just post spammy text like this:

"I want to sell something", "Buy something here.." and etc

the comments will be passed, because the plugin detects sender as a human. So, use special email [email protected] to test the anti-spam functionality or wait a few days to see how the plugin works.

Is it free or paid?

The plugin is free and distributed under the GPLv2 license.

CleanTalk anti-spam plugin works with a cloud base anti-spam service and this plugin is a Software as a service (SaaS).
CleanTalk it’s a free plugin that works with premium Cloud Anti-Spam service.
https://en.wikipedia.org/wiki/Software_as_a_service

The fact that the plugin works with a premium type service is mentioned in the plugin annotation and in its WordPress catalog description.

We are ready to help you with any issue regarding CleanTalk. There are hundreds of environment compositions and we do our best to cover as many as possible.

Can I use CleanTalk with cache plugins?

Anti-spam by CleanTalk doesn’t use static HTML code in its templates, so all anti-spam functions work correctly with any WordPress cache plugins.

Does the plugin protect from spam bots if I use forms with third-party services?

Yes, it does. Plugin protects web-forms on your websites which send data to third-party servers (like MailChimp). To enable this protection set the option ‘Protect external forms’ in the plugin settings.

Does CleanTalk compatible with Cloudflare?

CleanTalk is fully compatible with CloudFlare. Service doesn’t filter CloudFlares IP’s (AS13335) through blacklists database, so in this case plugin/service filters spam bots using other anti-spam tests.

Is CleanTalk compatible with a content delivery network (CDN)?

Yes, it is. CleanTalk works with any CDN system, i.e. CloudFlare, MaxCDN, Akamai.

Can I use CleanTalk functionality in my plugins?

Yes, you can. Just use following snippet:

<?php
if(!function_exists('ct_test_message')){
    include_once( ABSPATH . '/wp-content/plugins/cleantalk-spam-protect/cleantalk.php' );
}
//for registration test:
$res=ct_test_registration("nickname", "[email protected]", "127.0.0.1");
//or for some other messages (contact forms, comments etc.)
$res=ct_test_message("nickname", "[email protected]", "127.0.0.1", "test message");

$res now contents array with two parameters:
* $res[‘allow’] – is request allowed (1) or not (0)
* $res[‘comment’] – comment for our server’s decision.

I see two loads of script cleantalk_nocache.js. Why do you use it twice?

This script is used for AJAX JavaScript checking. Different themes use different mechanisms of loading, so we use two methods for loading our script. If you absolutely know what you are doing, you can switch one of the methods off by defining constants in your wp-config.php file:

define('CLEANTALK_AJAX_USE_BUFFER', false); //false - don't use output buffering to include AJAX script, true - use it

or

define('CLEANTALK_AJAX_USE_FOOTER_HEADER', false); //false - don't use wp_footer() and wp_header() for including AJAX script, true - use it

Can I add exclusions for some pages of my site?

Yes, you can. There is a special setting in plugin settings.
You could use this guide to learn more: https://cleantalk.org/help/exclusion-from-anti-spam-checking#wordpress

Can I not send my personal data to CleanTalk servers?

Yes, you can exclude your data. There is a special setting in plugin settings.
You could use this guide to learn more: https://cleantalk.org/help/exclusion-from-anti-spam-checking#WordPress_field_exclusions

How to test Spam FireWall?

Use special IP 10.10.10.10 in URL to test Spam FireWall. For example,

https://cleantalk.org/blog/?sfw_test_ip=10.10.10.10

Attention! The incognito mode should be enabled in your browser when you do a test. To enable incognito mode press Ctrl+Shift+N for Chrome, Opera и Safari browsers; press Ctrl+Shift+P for Firefox, Internet Explorer and Microsoft Edge. A full guide to enable Incognito mode is here: https://www.wikihow.com/Activate-Incognito-Mode

How can I enter access key in WPMU version?

To set up global CleanTalk access key for all websites in WPMU, define constant in your wp-config.php file before defining database constants:

define('CLEANTALK_ACCESS_KEY', 'place your key here');

Now, all subsites will have this access key.

Why is CleanTalk faster and more reliable than stand-alone solutions?

All anti-spam checks are held in the cloud and don’t overload the web server. The cloud solutions have a huge advantage since the parameters are being compared with information from more than 100,000 websites.

I see a lot of blocked messages with the reason “Forbidden. Please enable JavaScript. Spam sender name.” in my logs

A lot of spam bots can’t perform JavaScript code, so it is one of the important checks and most of the spam bots will be blocked with the reason “Forbidden. Please enable JavaScript. Spam sender name.” All browsers can perform JS code, so real visitors won’t be blocked.

If you or some of your visitors have the error “Forbidden. Enable JavaScript.” please check JavaScript support in your browser and do this JavaScript test at this page: https://cleantalk.org/checkout-javascript-support.

If you think that there is something wrong in the messages blocking, let us know about it. Please submit a support request here: https://cleantalk.org/my/support.

Does the plugin work with Varnish?

CleanTalk works with Varnish, it protects WordPress against spam, but by default the plugin generates a few cookies for the protection from spam bots and it also disables Varnish cache on pages where CleanTalk’s cookies have been stored. To get rid of the issue with cache turn off the option ‘Set cookies’ in the plugin settings.

WordPress console -> Settings -> CleanTalk -> Advanced settings

Now the plugin will protect WordPress comments, registrations and most of popular contact forms, but will not protect some of rarely used contact forms.

Does the anti-spam plugin work with Accelerated Mobile Pages (AMP)?

Yes, it does. But you have to turn off the SpamFireWall and the option ‘Use AJAX for JavaScript check’ in Advanced settigns of the plugin to be fully compatible with Accelerated Mobile Pages.

How to close renewal or trial notice in the WordPress backend?

To close the notice please save the plugin settings again or it will be closed automatically within 60 minutes after the renewal.

I’m using PHP 4.2 version and i’m getting errors related with JSON. Why does it happens?

СleanTalk is no longer supports PHP lower than 5.2 version because the support code have incompatibility with PHP 7 version. Please, upgrade your PHP. If you couldn’t perform that, let us know about it via support ticket here: https://cleantalk.org/my/support.

Should I change anything in the plugin’s settings or in my CleanTalk Control Panel when I switch my website from HTTP to HTTPS or vice versa?

No. You don’t need to change anything in the plugin’s settings or in your CleanTalk Control Panel. The plugin will work regardless of the protocol.

How to use Anti-Spam Log?

The following possibilities are available for you in the Anti-Spam Log:

  • Time period for all spam records you want to see.

  • Filter spam records by their status: Any status, Denied, Approved.

  • Filter spam records by your websites.

  • Filter spam records by country they came from.

  • Filter spam records by IP address, e-mail address or username.

  • Available options for a specific record:

    • Details – see item 4 below.
    • Spam/Not Spam – press this string if our system made wrong decision and blocked or approved a registration, a comment ot a contact form submission. More about it here: https://cleantalk.org/faq#feedback_spam
    • Delete – delete a record permanently.
    • Personal blacklists – go to your website Black&White Lists page.
    • Record details: block reason, body of the message, additional caught data.

Spam FireWall and AntiSpam – Networks Blocking

Anti-Spam – will blocks users from selected IP or network from using contacts/messages/registrations/comments forms.
Spam FireWall – will blocks users from selected IP or network from entering the website.

Please, read more here
https://cleantalk.org/help/sfw-blocks-networks

Spam Comment Management

By default, all spam comments are placed in the spam folder, now you can change the way the plugin deals with spam comments:

  1. Move to the Spam folder. All spam comments will be placed to the folder “Spam” in the WordPress Comments section except comments with Stop-Words. Stop-Word comments will be always stored in the “Pending” folder.

You can prevent the proliferation of Spam folder. It can be cleaned automatically using the option “Keep spam comments for 15 days.” Enable this option in the settings of the plugin: WordPress Admin Page -> Settings -> Antispam by CleanTalk -> Advanced settings -> enable “Keep spam comments for 15 days” -> Save Changes.

  1. Move to Trash. All spam comments will be placed to the folder “Trash” in the WordPress Comments section except comments with Stop-Words. Stop-Word comments will be always stored in the “Pending” folder.

  2. Ban comments without moving to WordPress backend. All spam comments will be deleted permanently without going to the WordPress backend except comments with Stop-Words. Stop-Word comments will be always stored in the “Pending” folder.

What comments were blocked and banned can be seen in the Anti-Spam Log here: https://cleantalk.org/my/show_requests?int=week

To manage the actions with spam comments, go to the Control Panel, select the website you want to change the actions for and go to “Settings” under the name of the website.

Please, read more here:
https://cleantalk.org/help/spam-comment-management

How do I report a missed spam bot or incorrect filter?

If you think the service has missed a spam bot or improperly filtered visitor to the website, you may notify us via the Anti-spam control panel. To do this,
Log in to Control panel https://cleantalk.org/my.
Click the line “Log” under the name of your website.
When you mark a record as “SPAM”, its e-mail and IP-address will be added to your personal blacklist for your website.
When you mark a record as “Not SPAM”, its e-mail and IP-address will be added to your personal white list for your website.

Please, read more here
https://cleantalk.org/faq#feedback_spam

Is the plugin fast?

We develop plugin to do it as optimized as possible, CleanTalk doesn’t downgrade response time in backend or frontend. The plugin proccess only POST requests to WordPress core, it tackes less than 1 second to return results.

Is the plugin EU GDPR compatible?

Yes, it is. Please read this article,
https://cleantalk.org/publicoffer#cleantalk_gdpr_compliance

Check external forms

If your website has forms that send data to external sources, you can enable option to “Protect external forms”. In this case, if plugin determinates that the current message is spam, your form action will be temporary replaced to your current hostname to prevent sending false data to an external source.

Reviews

Great plugin, easy to understand dashboard

September 14, 2021
I switched from reCaptcha to CleanTalk months ago and I'm happy I did so. Contact form abandonment went down to 1% from 40% with Invisible v3. Only drawback of this plugin is that it sometimes marks standard behaviour as spam (like site search, woocommerce order from standard registered user who has not so standard email address..).

Great antispam service

September 7, 2021
I have been using this excellent and functional plugin for over a year to control spam and various intrusion risks. Its results are excellent from every point of view. Recommended for ease, functions and minimal cost.
Read all 2,278 reviews

Contributors & Developers

“Spam protection, AntiSpam, FireWall by CleanTalk” is open source software. The following people have contributed to this plugin.

Contributors

“Spam protection, AntiSpam, FireWall by CleanTalk” has been translated into 18 locales. Thank you to the translators for their contributions.

Translate “Spam protection, AntiSpam, FireWall by CleanTalk” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

5.161.1 Sep 14 2021

  • Fix. State. Checking empty errors fixed.

5.161 Sep 09 2021

  • Fix: Cleantalk.php. dns_get_record() error handling.
  • Fix: Search form integration. PHP Notice.
  • Fix: Default value for “Alternative Cookie Type” setting.
  • Fix: SpamFirewall. Updating percent output.
  • Fix: SpamFirewall. Omit SFW_IS_DISABLED error.
  • Mod: Admin-bar.
  • Fix: SpamFirewall update.
  • Fix: apbct_log(). Log time.
  • Mod: Debug RC. Servers_connection item added.
  • Mod: apbct_test_connection() moved to cleantalk.php.
  • Fix: skip elementor save template.
  • Fix: skip formidable base check.
  • Fix: remove limit for request in delete all spam users.
  • Mod: apbct_test_connection() improvements.
  • Fix: Helper::http__request() timeout is 15 seconds.
  • New: Helper::http__request() low speed time is 10 seconds.
  • Fix: decbin int type in helper.
  • Fix: add apbct_get_rest_url func.
  • Fix: Error report form Cleantalk.php.
  • Fix: skip sfw check if sfw not updated.
  • Fix. Integration. Enfold theme saving options skip protection.
  • Fix. Integration. Cartflows saving cart skip protection.
  • Fix: getOption return variable.
  • Fix: skip sfw if last_update_time is zero.
  • Fix: skip last_update_time sfw check.
  • Fix: add priority to comment_form_default_fields hook.
  • New. Helper. IP detecting improved.
  • Fix. Helper. Multi-curl timeout added.
  • Upd. SFW. SFW block page updated.
  • Upd. SFW. AC block page updated.
  • Upd. Settings. SFW features settings moved to the separated block.
  • Fix. SFW. Random get parameter for redirecting block page updated.
  • Fix. Settings. SFW features settings description fixed.
  • New: Queue. Transaction system.
  • Fix: skip siteorigin pagebuilder save widget.
  • New: Readme. Hide «Website» field for comments added.
  • Fix. Helper. Async curl timeout increased.
  • Fix. Integration. Blogvault requests skipped.
  • Fix: skip classfields check_email action.
  • Mod: Show real HTTP code in a error during downloading GZ file.
  • Mod: Debug call extended.
  • Mod: Admin notices. Added the ability to hide a banner with notifications for each individual administrator for two weeks.
  • Fix. Settings. Long description output fixed.
  • Fix. Settings. JS debug data removed.
  • Fix. SFW. Deleting fw files folder.
  • Fix: api error handle.
  • Fix: SFW. Added update mode if sfw-updater works with tables.
  • New. WPMS. New multisite logic implemented.
  • Fix: Setting. Select field type fixed.
  • Fix: Сhanged the function delete_all_options() of removing plugin options when fully uninstalled.
  • Fix. WPMS. Hoster API key description fixed.
  • Fix: Admin notices. get_option expression is checking more strictly.
  • New: Helper. Added method for validate date format as ‘Y-m-d’.
  • Fix: SFW. Default FW folder fixed.
  • Fix: SFW. FW folder on the first sync fixed.
  • Fix: SFW. Remove wrong FW folders.
  • Fix: SFW. Refactoring apbct_sfw_update__end_of_update().
  • Mod: apbct_test_connection().
  • Fix: /ApbctWP/API::send_request() with empty result.

5.160.3 Aug 31 2021

  • New: Queue. Transaction system.
  • Fix. SFW. Updating for the new clients fixed.
  • Fix. SFW. Deleting UA file fixed.
  • Fix. SFW. Updating via cron fixed.
  • Fix. SFW. Updating process for multisite fixed.

5.160.2 Aug 26 2021

  • Fix. Pixel. Auto mode fixed.

5.160.1 Aug 6 2021

  • Fix: SpamFirewall update.

5.160 Jul 29 2021

  • New: SFW. SFW alternative cookie implemented.
  • New: SFW. AC alternative cookie implemented.
  • New: SFW. AF alternative cookie implemented.
  • New: Helper. Curl multi wrapper added.
  • New: Queue class implemented.
  • Mod: Changed the processing of the honeypot_field for standard comment.
  • Mod: Added integration for Wishlist Members registration form.
  • Mod: Store visited URLs amount reduces to 5 with 128 symbols by URL.
  • Upd: Public js scripts separated.
  • Upd: SFW. Updating process modified.
  • Fix: Moderate rotating fixed.
  • Fix: SFW. Process file errors handling fixed.
  • Fix: Pluggable. Expression fixed.
  • Fix: Ajax. User detection fixed..
  • Fix: Ajax. Ajax handlers fixed.
  • Fix: IP-detection for Cloudflare CDN.
  • Fix: Skip test for ajax alt_session request.
  • Fix: Set cookies on dashboard pages even if the setting is off.
  • Fix: Ajax. Ajax class fixed.
  • Fix: Users scanner. Remove redundant menu.
  • Fix: Added an exception for the action edd_process_checkout Easy Didgital Downloads plugi
  • Fix: SFW. Changed method for getting addr ip.
  • Fix: Integration. WPForms names gathering fixed.
  • Fix: SFW. Min update interval decreased to 14400 seconds.
  • Fix: Integration. WPForms names gathering fixed.
  • Fix: Cleantalk.php. dns_get_record() error handling.
  • Fix: Search form integration. PHP Notice.
  • Fix: Default value for “Alternative Cookie Type” setting.
  • Fix: SpamFirewall. Omit SFW_IS_DISABLED error.
  • Fix: SpamFirewall. Updating percent output.
  • Fix. Settings templates. Sync after template loading.
  • Fix. SFW. Updating process percents fixed.
  • Fix. Antispam. All headers parameter fixed.

5.159.9 Jul 15 2021

  • Fix. SFW. Updating cooldown increased up to 15 min.
  • Fix. Cron. Next call time set by task updating fixed.
  • Fix. SFW. Reset blacklist array before processing.
  • Fix. SFW. Some errors handling fixed.
  • Fix. SFW. Getting update period from dns fixed.
  • Fix. Ajax. Checking nonce for logged in users fixed.

5.159.8 Jul 07 2021

  • Fix: Fixed the connection error Ajax.php when the site files are in a subfolder.
  • Fix. SFW. Anticrawler redirect detection fixed.
  • Fix. Checking sql before the tables creating.
  • Fix. Updater fixed.
  • Fix: Set alt cookies if sg optimizer is enabled.
  • Fix: Exclusion for GiveWP plugin in apbct-public.js. #2

5.159.7 Jul 01 2021

  • Fix. Updater fixed.

5.159.6 Jun 30 2021

  • New. Rest API request detecting implemented.
  • Upd. SFW. AntiCrawler was disabled for the new installations.
  • Upd. SFW. AntiCrawler option moved to the advanced settings section.
  • Mod: email is taken only from visible fields
  • Mod: remove error message about firewall updating
  • Mod: excluded for test WC_Gateway_Tpay_Basic
  • Fix: Added exclude for happyforms.php in apbct_is_skip_request.
  • Fix: Added an error message in the form response
  • Fix: Skip wpforms general requests because of direct integration.
  • Fix. Integration. Autonami Marketing Automations service request kipped.
  • Fix. Cron. Update task method fixed.
  • Fix. SFW. Prevent updating while SFW is disabled.
  • Fix. Cron. Restoring cron tasks during plugin updating.
  • Fix. SFW. Logs sending used limit.
  • Fix: set correct api_key value for ajax calls.
  • Fix. Frontend widget. The widget layout fixed.
  • Fix. Integration. Formidable preparing data for checking.

5.159.5 Jun 24 2021

  • New: Admin bar. Attention mark added.
  • Upd: Admin notices have been rebuilt.
  • Upd: Integrations with HappyForms updated.
  • Fix: Skip fluentform multistep request.
  • Fix: Correct fluent_form skip name.
  • Fix: Admin notices. Trial and renew notices ID attributes renamed.
  • Fix: Admin bar. Trial notice font color changed.
  • Fix: Admin bar. Show admin bar without api key.
  • Fix: Admin bar. Show attention badge if the api key is empty.
  • Fix: AC. Skip checking on 302 redirects.
  • Fix: Added IF NOT EXISTS after ADD COLUMN in cleantalk-updater.php
  • Fix: Removed ADD PRIMARY KEY from apbct_update_to_5_146_4
  • Fix: Removed apbct_update_to_5_146_4
  • Fix: Checking output parameters of API-method get_2s_blacklists_db.
  • Fix: SFW. Writing exclusions fixed.
  • Fix: Integration. GF names detection fixed.
  • Fix: Integration. WPForms nicknames detecting fixed.
  • Fix. SFW. Updating fixed.
  • Fix: Excluding REST API requests from check.
  • Fix. Admin notices. Incompatibility notice fixed.
  • Fix. Compatibility. Notice saving fixed.
  • Fix. Compatibility. Prevent disabling SFW on incompatibility detected.
  • Fix. Compatibility. SFW option is no longer disabled on incompatibility detected.
  • Fix. Admin bar. Reset counters fixed.

5.159.4 Jun 17 2021

  • Fix: Admin bar. PHP error.

5.159.3 Jun 15 2021

  • Fix: Admin bar. Conflict with previous version of Security by Cleantalk.

5.159.2 Jun 15 2021

  • Fix. Renew notice banner shows only on cleantalk pages.
  • Fix. SFW updating. Getting remote data error handling fixed.
  • Upd. Readme updated.
  • Fix. SFW. Auto-updating fixed.
  • Fix: Admin bar style. Install link is no longer highlighted.
  • Fix: Admin bar style. Style for security icon.
  • Fix: Admin bar. Reset buttons counters leads to the same page.
  • Fix. Manual register link fixed.
  • Fix: do not display errors on subsites when wl is enabled.
  • Fix: Admin bar. Rapid fix.
  • Fix. Skipping. WPForms check restricted email request skipped.
  • Fix. Helper. CURL request timeout increased.
  • Fix. Comments/users checker. Description fixed.
  • Fix. Get fields any. Preset nickname parameter fixed.
  • Fix: wpms settings.

5.159.1 Jun 10 2021

  • Fix: Cron. Cron calling in cleantalk-updater.php fixed.

5.159 Jun 10 2021

  • New. Admin Bar. Common admin bar implemented.
  • New: email check before post.
  • New: New admin bar style.
  • New. SFW. Updating integrity control implemented.
  • New. Custom Ajax. Email checking before post.
  • New. Custom Ajax. Getting JS key.
  • New. Custom Ajax. Alternative cookies.
  • Upd. Integrations. Support multiple non-ajax hooks.
  • Upd. Cron. Cron class and cron usage updated.
  • Upd. Pixel. Pixel setting is “auto” for the new installations.
  • Upd. Users checker. Users with completed WC orders no checked.
  • Upd. WPMS settings.
  • Mod. limiting the size of an array top5_spam_ip to five elements in widget.
  • Mod. update data__pixel title.
  • Mod. Update data__use_static_js_key title.
  • Mod. add ‘relative’ parameter in admin_url() for getting ajaxurl.
  • Mod. update field name honeypot_field, reverse logic
  • Mod. changed website field from comments form: type text, display none.
  • Fix. resolve conflict with wiloke theme and unknown plugin, that removes standard authorization cookies.
  • Fix. moved the wiloke_theme options_ajax_save_skip check to apbct_is_skip_request function.
  • Fix. added a theme check along with a hook wiloke_themeoptions_ajax_save_skip.
  • Fix. Integration. Essentials addons for elementor integration fixed.
  • Fix. AC/AF. Clearing AC table via cron fixed.
  • Fix. SFW. Obtaining the count of the networks was fixed.
  • Fix. Cron. Last cron start fixed.
  • Fix. cookies for login page.
  • Fix. Firewall. Update. Filtering bad data.
  • Fix. Custom Ajax. Localized login scripts.
  • Fix. API. Cleantalk\ApbctWP\API fixed to work on SHORTINIT mode.
  • Fix. Custom Ajax. Getting JS key – removed WP ajax hooks.
  • Fix. GetFieldsAny. Bypassing collecting email and names logic fixed.
  • Fix. New admin bar style. Sorting plugins by Alphabet.
  • Fix. ct_get_admin_email return network email if set.
  • Fix. Fixed the name of the key containing the file address to check the number of records.
  • Fix. Comments checker. Non-checkable users tab removed.
  • Fix. Visible fields. Formidable visible fields collecting fixed.
  • Fix. Get fields any fixed.
  • Fix. empty key error for hosting.
  • Fix. WPMS. Api key saving fixed.
  • Fix. WPMS. Network settings saving fixed.
  • Fix. WPMS. Plugin name setting field is not required now.
  • Fix. Alt sessions js fixed.

5.158 May 27 2021

  • Fix: Firewall. SQL-request error.

5.158 May 26 2021

  • New. Integration. WP Foro register system integration.
  • New. Integration. Elementor essentials LoginRegister integration implemented.
  • New: SQL-schema and updater for extended SpamFirewall logs.
  • New: Extended SpamFirewall logs.
  • New: Pixel.
  • Mod: Few improvements to SFW update.
  • Mod: add settings for hidding website field from comment form.
  • Mod: Few improvements to SFW update #2.
  • Mod: Possibility to send empty JSON object in API.
  • Mod: Extended SpamFirewall logs for AntiCrawler module.
  • Upd: SFW. Direct updating method implemented.
  • Upd. Settings. Network settings templates updated.
  • Upd: Firewall. Improvements to update system.
  • Upd: Firewall. Improvements to update system.
  • Fix: replace wp_die to die in ct_die(), refactoring ct_die()
  • Fix. Forms. Exclude field wp-editor-area from collecting visible fields.
  • Fix. Widget. Widget content logic fixed.
  • Fix: Forms. Nicknames detecting fixed #2.
  • Fix: Forms. Getting check_js key fixed.
  • Fix: update ct_die_extended() as ct_die().
  • Fix. Code. Getting delay before js code get if async option enabled.
  • Fix. WPMU. Blog id added in settings templates list.
  • Fix. Integration. Elementor essentials LoginRegister login form protection skipped.
  • Fix. WPMU. Blog id added in settings templates list.
  • Fix. Readme. Required PHP version increased to 5.6.
  • Fix. Updater. 5_157_10 updating fixed #2.
  • Fix. JS. DOMContentLoaded used instead jQuery(document).ready().
  • Fix: SpamFirewall. Update. “FW UPDATE INIT: KEY_EMPTY”, “SFW UPDATE INIT: KEY_IS_NOT_VALID” errors.
  • Fix. Users checker. Export to the csv fixed.
  • Fix: SpamFirewall. Update. Error “WRONG_UPDATE_ID”.
  • Fix: SpamFirewall. Update. “FW UPDATE INIT: KEY_EMPTY”, “SFW UPDATE INIT: KEY_IS_NOT_VALID” errors.
  • Fix: SpamFirewall. Update. Error “WRONG_UPDATE_ID”.
  • Fix: \Cleantalk\Common\Helper::http__request() consider only boolean false (empty string ” considering as good) as bad response.
  • Fix: SpamFirewall. Update.
  • Fix: SpamFirewall. Update #2.
  • Fix: WPMS empty apikey in options
  • Fix: “Mod: add settings for hidding website field from comment form”.
  • Fix: Common/Helper::http__get_headers() fixed.
  • Fix: SpamFirewall admin bar counter.
  • Fix: “Fix: Common/Helper::http__get_headers() fixed.”
  • Fix: Pixel.
  • Fix: “Pixel” setting description.
  • Fix: Extended SpamFirewall logs for AntiCrawler module.
  • Fix: Extended SpamFirewall logs for AntiCrawler module #2.
  • Fix: WPFroms. PHP notice.
  • Fix: Gravity Forms. PHP notice.
  • Revert: Fix: Code. get_fields_any() notice fixed.

5.157.2 May 05 2021

  • Fix: Code. get_fields_any() notice fixed.
  • Fix: Integration. Gravity Forms integration fixed.
  • Fix: Forms. Nicknames detecting fixed.

5.157.1 Apr 29 2021

  • Mod: \Cleantalk\ApbctWP\Variables\Cookie::get() now has ‘cast_to’ param. If defined trying to cast to a given type.
  • Fix: \Cleantalk\ApbctWP\Variables\Cookie::get() calls using ‘cast_to’ param if needed.

5.157 Apr 28 2021

  • New: Invisible fields collecting implemented.
  • New: A dev and a fix version suffix support.
  • New: Variables. Cookie::set() method added.
  • New: Split Cleantalk\Common\DB::method__private_list_add__sfw_wl() in two Cleantalk\Common\DB::method__private_list_add() and Cleantalk\ApbctWP\DB::method__private_list_add__sfw_wl().
  • New: Split Cleantalk\ApbctWP\Helper::http__request__rc_to_host() in two Cleantalk\ApbctWP\Helper::http__request__rc_to_host() and Cleantalk\ApbctWP\Helper::http__request__rc_to_host__test().
  • New: Updater script for 5.157.
  • New: Update/delete SpamFireWall database when it enable/disable. Improvements.
  • New: \Cleantalk\ApbctWP\Variables::AltSessions class.
  • New: “Set cookies” setting now has 3 options “On”, “Off” and “Use alternative mechanism for cookies”.
  • New: REST API route ‘/alt_sessions’ and callbacks.
  • Mod: Compatibility with Thrive Leads – remove deleted the modal window about successful sending when blocking the user.
  • Mod: changed the handling of gravityform fields, added a check for the visibility of the field when processing the name.
  • Mod: Added a setting for Woocommerce, which includes checking the un-logged user when adding an item to the cart. If the user does not pass the verification, the product is not added to the cart.
  • Mod: Added a settings for Woocommerce – correction.
  • Mod: WC add to cart – change settings description.
  • Mod: Cleantalk\ApbctWP\RemoteCalls::debug() improved.
  • Mod: SpaFirewall update.
  • Mod: add buddypress integration for user account personal data.
  • Mod: Moving \Cleantalk\Common\Helper::apbct_cookie__set() to \Cleantalk\ApbctWP\Variables::set() function.
  • Mod: Using \Cleantalk\ApbctWP\Variables::set() instead of \Cleantalk\Common\Helper::apbct_cookie__set().
  • Mod: Extend \Cleantalk\ApbctWP\Variables to use alternative sessions.
  • Mod: Using \Cleantalk\ApbctWP\Variables\AltSessions class instead of set of “apbct_alt_sessions__” functions.
  • Mod: added loading of country flags from the plugin.
  • Mod: added styles for the widget with anti-spam statistics.
  • Mod: Improving ct_enqueue_scripts_public().
  • Mod: Update for JS ctSetCookie().
  • Mod: AltSessions and Cookie using ‘data__set_cookies’ and ‘data__set_cookies’ settings.
  • Mod: Minified JS updated.
  • Upd: Setting cookies updating.
  • Upd: Setting cookies by JS updating.
  • Fix: SFW. DB result handling.
  • Fix: Integration. Avada theme settings saving fixed.
  • Fix: Cleantalk modal. Layout fixed.
  • Fix: Possible use an html on ajax forms blocking message.
  • Fix: Include JS logic fixed.
  • Fix: Refactoring. Collecting details about browser refactored.
  • Fix: Refactoring. Alert replacing by console log on REST request handling.
  • Fix: Integration. Gravity Forms integration fixed.
  • Fix: ignoring the hidden fields with name if visible fields exists.
  • Fix: Integration. Formidable multi-step form protection fixed.
  • Fix: add max z-index for #cleantalk-modal-overlay.
  • Fix: Cannot read property ‘response_type’ of undefined – xhr.responseJSON – undefined where action wc_add_to_cart_block.
  • Fix: Helper. Set cookies method is deprecated now.
  • Fix: Adding admin IP to whitelist during the login in and plugin activation.
  • Fix: SpamFirewall. Don’t set cookies if option is disabled.
  • Fix: Sorting methods modifiers in \Cleantalk\Common\Helper and \Cleantalk\ApbctWP\Helper classes.
  • Fix: Using \Cleantalk\ApbctWP\Variables\Cookies.
  • Fix: A dev and a fix version suffix support.
  • Fix: Adding admin IP to whitelist during the login in and plugin activation.
  • Fix: New setting ‘Alternative cookies handler type’.
  • Fix: sender_info params.
  • Fix: SpamFirewall deleting 127.0.0.1 from local base during update on local website.
  • Fix: apbct_js_test() considering “Alternative cookie” setting.
  • Fix: Cleantalk\ApbctWP\VariablesCookie::set() automatically set secure flag if null passed.
  • Fix: Check JS via Cookie with the Alternative Cookie on.
  • Fix: Automatically set “secure” param when setcookie() called.
  • Fix: ‘Alternative cookies handler type’ setting layout.
  • Fix: For legacy apbct__hook__wp_logout__delete_trial_notice_cookie().
  • Fix: Cleantalk\ApbctWP\Variables::set_fromRemote(), Cleantalk\ApbctWP\Variables::get_fromRemote() fix parameter type.
  • Fix: SpamFirewall add admin IP when login in or activate plugin.
  • Fix: Dashboard widget. Showing default Cleantalk’s flag if country not found.
  • Fix: Dashboard widget. Showing ‘Unknown’ country name if country not found.
  • Del: Unused apbct_cookie__set() function.
  • Del: “Use alternative mechanism for cookies” setting.
  • Del: “Use cookies less sessions” setting.

5.156 Apr 15 2021

  • New: ApbctWP\RemoteCalls::action__debug().
  • New: ApbctWP\Helper::http__get_data_from_remote_gz__and_parse_csv();
  • New: ApbctWP\Helper::http__get_data_from_remote_gz();
  • New: Update/delete SpamFireWall database when it enable/disable.
  • New: \Cleantalk\Common\DNS class. Allows to get with DNS records and theirs different parameters.
  • New: No cookies if disabled from frontend. Alternative cookies if enabled from frontend.
  • New: \Cleantalk\ApbctWP\Variables\Cookie extends Cleantalk\Common\Variables\Cookie and automatically supports alternative cookies.
  • Mod: Don’t use alternative cookies for JS cookies for now.
  • Mod: ApbctWP\State default data.
  • Mod: Small code improvements.
  • Mod: Minor code improvements.
  • Mod: Using apbct_sfw_update__init instead() of ct_sfw_update().
  • Mod: Updater script to 5.156.
  • Upd: \Cleantalk\ApbctWP\RemoteCalls.
  • Upd: *.min. files update.
  • Upd: Current moderate*.cleantalk.org IP servers update.
  • Refactor: SpamFireWall update.
  • Fix: ApbctWP\RemoteCalls::action__sfw_update().
  • Fix: \Cleantalk\Common\DNS could request specific DNS type record.
  • Fix: Anti Spam. External forms protection capturing buffer fixed.
  • Fix: SFW. Notices disabled on blocking pages.
  • Fix: Admin ajax handler fixed – alert removed.
  • Fix: No alert when error fires.
  • Fix: Notice. change ‘wpms__allow_custom_settings’ to ‘multisite__allow_custom_settings’ in cleantalk-admin.php.
  • Fix: Getting JS key by ajax fixed.
  • Fix: No alert when AJAX fails.
  • Fix: Send plugin version as parameter when apbct-public.min.js script attaching.
  • Fix: The AJAX REST API error text unique.
  • Fix: No alert message when AJAX (REST) error happens.
  • Fix: Skip. MyListing theme service requests skip.
  • Fix: \Cleantalk\ApbctWP\Helper::http__request__rc_to_host(). Considering empty response as error.
  • Fix: \Cleantalk\Common\Helper::http__request(). Empty error while SFW update.
  • Fix: REST API. Required parameter added.
  • Fix: PHP Notices and Warnings.
  • Fix: AntiCrawler UA update.
  • Fix: JS and CSS minified.
  • Fix: ApbctWP\State __get using &. *

5.155.2 Apr 6 2021

  • Fix: Renaming setting to their original names in old update scripts.
  • Fix: Ajax forms protection response fixed.
  • Fix: No alert message when AJAX error happens.

5.155.1 Apr 2 2021

  • Fix: Using WP Rest API.
  • Rollback: Show response for all AJAX forms.

5.155 Mar 31 2021

  • New: Debug. Check connection to API servers.
  • New: Integration. Avada Form Builder.
  • New: Integration. Forminator integration implemented.
  • New: Users checker. Non-checked users tab added.
  • New: SFW. Admin IP will be whitelisted automatically.
  • Mod: Replace “bad” users/comments to “non-checkable”.
  • Mod: DisableComments. Disable all comments means disable all comments for any post type.
  • Udp: Setting templates. Product ID support implemented.
  • Udp: Settings. Reorder links actions buttons.
  • Upd: Common. Getting check_js updated.
  • Upd: SFW. Description updated.
  • Fix: Reversed URL exclusions.
  • Fix: Settings. Sync button success ico fixed.
  • Fix: Show response for all AJAX forms #3.
  • Fix: GDPR. Warning text output.
  • Fix: Integration class consider settings.
  • Fix: Exclusions. URL exclusions fixed.
  • Fix: Services Templates. Getting templates optimized.
  • Fix: Services Templates. Possible XSS fixed.
  • Fix: Services Templates. Design layout fixed.
  • Fix: Family of settings comments__disable_comments__* dependencies.
  • Fix: DisableComments class. Media post type includes ‘attachment’ type.
  • Fix: Exclusion for Thrive Ultimatum.
  • Fix: Common/Helper::http__get_headers() ignores empty header name parts.
  • Fix: Exclusion for GiveWP plugin in apbct-public.js.
  • Fix: Do not consider 501 as correct HTTP response code when getting FW data files.
  • Fix: AntiCrawler::update(). Correct error codes.
  • Fix: ApbctWP\Firewall\SFW::update(). Correct URLs for FILE with protocol.
  • Fix: PHP 8 deprecated notices.
  • Fix: Settings. Reversed dependencies. Applies to WooCommerce and Disable Comments settings.
  • Fix: DisableComments::template__check() returns the correct number of comments for enabled types of posts.
  • Fix: DisableComments class. Visibility of some methods.
  • Exception: Paid Memberships Pro – Login Form.
  • Fix: Exception the SFW check for queries with ‘/favicon.ico’ string.

5.154 Mar 17 2021

  • New: Settings Templates functionality implemented.
  • New: SFW. Anti-flood protection uses UA lists for filtration.
  • Fix: Forms. Getting check_js delay removed.
  • Fix: Forms. Rotation check_js fixed.
  • Fix: Integration. Newspaper-theme login form protection skipped.
  • Fix: Integration. Newspaper-theme reset password form protection skipped.
  • Fix: Forms. Gravity Forms paypal addon processing skipped.
  • Fix: Exclusion for wpDiscuz – Online Users Addon.
  • Fix: Remote Calls. Wrapper http__request__rc_to_host() don’t get an array
  • Fix: JS. Modal window fixed.
  • Fix: JS. Show AJAX result fixed.
  • Fix: Skip. Save abandoned cart checking skip.
  • Fix: Skip. SUMODISCOUNT discout request skip.
  • Fix: Skip. WP eMember login form skip.
  • Fix: SFW. Do not cache constants added.
  • Fix: SFW. AC/AF logging fixed.

5.153.7 Mar 15 2021

  • Fix: SFW. Updating fixed.

5.153.6 Mar 12 2021

  • Fix: Show response for all AJAX forms #2.

5.153.5 Mar 10 2021

  • Fix: Show response for all AJAX forms.

5.153.4 Mar 10 2021

  • New: SFW. Log could be sent not more often than 3 minutes.
  • New: SFW. Possibility to use DELETE instead of TRUNCATE to delete SFW log.
  • New: Show response for all AJAX forms.
  • Fix: SFW. Sending log. Committing transaction after TRUNCATE log table.
  • Fix: Integration. CF7 different versions compatibility fixed.
  • Fix: Exclusion for WooCommerce.
  • Fix: Possible SQL-injections fixed.

5.153.3 Feb 25 2021

  • Fix: Security. Preparing UA string for writing to the DB.

5.153.2 Feb 25 2021

  • Fix: Integration. Registration on WICITY theme.
  • Fix: Integration. Registration on Paid Memberships Pro
  • Fix: IP detection.
  • Fix: Error: SFW_DISABLED.
  • Fix: Formidable form. Error with sophisticated field types.
  • Fix: Remote Calls. Cooldown checking for the SFW update fixed.
  • Fix: easy-login-woocommerce requests exclusion fixed.
  • Fix: Jackmail plugin. Skip all admin-side actions.
  • Fix: Remote Calls. Unused deactivation option removed.
  • Fix: Users checker. Last check date fixed.
  • Fix: Users checker. Total users count description fixed.

5.153.1 Feb 20 2021

  • Fix: CF7. Modified spam hook #2

5.153 Feb 17 2021

  • New: Integrations. WPDiscuz integration implemented.
  • New: Using custom modal message instead allert.
  • New: JS cleantalk-modal added.
  • New: Cleantalk\ApbctWP\RemoteCalls class.
  • New: Remote calls using Cleantalk\ApbctWP\RemoteCalls class.
  • New: Cleantalk\ApbctWP\Helper::http__request__rc_to_host(). Wrapper to using RC to the website itself. Makes testing RC before make main.
  • New: Cleantalk\ApbctWP\State::error_toggle().
  • New: SFW update. Make test RC before main.
  • Udp: Integrations. Support several hooks for one integration.
  • Fix: Users. Feedback sending via deleting user fixed.
  • Fix: Users checker. Feedback sending via deleting user fixed.
  • Fix: IP detection.
  • Fix: Users scan. Confirmation message fixed.
  • Fix: SFW. The anti-flood option moved to the advanced settings.
  • Fix: SFW. Show the right url on block page for WPMS.
  • Fix: SFW. The anti-crawler option description fixed.
  • Fix: SFW. The anti-flood option description fixed.
  • Fix: SFW. AC checking on login page fixed.
  • Fix: CF7. Modified spam hook.
  • Fix: SFW. send_logs returning error.
  • Fix: Cleantalk class fixed.
  • Fix: Clearing errors storage before sync.
  • Fix: Clearing SFW errors on updating to 5.151.6.
  • Fix: Updater. Support updating for versions without fix number implemented.
  • Fix: “Email Before Download” plugin request will be skipped.
  • Fix: SFW. Auto-updating option fixed for multisite activation.
  • Fix: Exception for Xoo login form.
  • Fix: Users deleting feedback fixed.

5.152.5 Feb 04 2021

  • Fix: SFW. Auto-updating interval decreased to 5 mins.
  • Fix: Divi. Skip saving epanel.
  • New: Find users/comments table. Add footer description.
  • Fix: SFW. UA option removed.
  • Fix: SFW. AC checking by UA enabled by default.
  • Fix: SFW. AF disabled by default for the new installations.

5.152.4 Feb 01 2021

  • Fix: Cron tasks compare fixed.

5.152.3 Jan 31 2021

  • Fix: Error: SFW_DISABLED.
  • Fix: Moderate connection timeout increased to 6sec.
  • Fix: SFW uses the right API class.

5.152.2 Jan 30 2021

  • Fix: API-requests.

5.152.1 Jan 29 2021

  • Fix: Errors in IP detection.

5.152 Jan 29 2021

  • Fix: Using server protocol for AC checking.
  • Fix: Prevent caching db queries for SFW.
  • Fix: mgm registration temp fix.
  • Upd: Checking skipped request replaced.
  • Fix: Bookly plugin service requests checking skipped.
  • Fix: Youzier login form skipped.
  • Fix: InJob theme lost password skipped.
  • Upd: Showing plugin version on SFW block page.
  • Fix: fix request id rotation.
  • Mod: Show “Insert users” button only for local web servers.
  • Upd: Checking skipped request replaced for non-ajax requests.
  • Fix: BuddyPress edit profile checking skippped.
  • Fix: Unused code removed.
  • Upd: Helper::ip__get() method updated.
  • Fix: UltimateMember password reset skipped.
  • Del: Unused code removed.
  • New: Server::get() now can accept ‘URI’ as an parameter. Returns full URI like ‘http://domain.net/request/path?parameter=value#fragment
  • Mod: apbct_exclusions_check__url__reversed() simplifed and PHPDoc’ed.
  • Mod: apbct_base_call exclusions revised.
  • Mod: $cleantalk_executed chaos simplified.
  • Upd: Shedule sfw update once again if it failed.
  • Fix: Delete cleantalk options via uninstalling.
  • Fix: Deleting table for network sites fixed.
  • Fix: Using host header for AC checking.
  • Fix: Expression formatting fixed.
  • Mod: Cron. Do not runs when it already runs.
  • Mod: Cron class updated.

5.151.4 Jan 18 2021

  • Fix: Users checking performance fix.
  • Fix: AC disabled if SFW contains less than 50 entries.

5.151.3 Jan 15 2021

  • Fix: Prevent logging false blocking for whitelisted networks.
  • Integration: Rafflepress integration implemented.
  • Fix: AF limit increased to 20 by default.
  • Fix: skip Sumo waitlist internal request.
  • Fix: skip raq internal request.
  • Fix: check comments number if comment email exists.
  • New: Schema class added.
  • Fix: SFW – Creation sfw table if not exist.
  • Fix: Updater – Creation sfw table if not exist.
  • New: Schema class used.
  • New: AC disabled if networks count is 0.
  • Fix: SFW updating id getting fixed.
  • Fix: SFW networks counter fixed.
  • Fix: Deleting options fixed.

Early changelogs look in changelog.txt

Meta

Ratings

See all
Log in to submit a review.

Contributors

Support

Issues resolved in last two months:

108 out of 136

View support forum