Descripción
Brute force, Login security & Two Factor Auth (2FA). Limit login. Malware & Vulnerabilities scan. FireWall. Enterprise ready security plugin.
SECURITY PLUGIN BY CLEANTALK (SPBCT)
We focus on eliminating the most common security threats for WordPress. At the same time, we strive to ensure that site performance remains unaffected. To achieve this, each release goes through automated and expert-driven testing pipelines. We also verify performance using Google PageSpeed Insights and GTMetrix. Typically, we release a new version twice a month to keep features up to date and protection strong.
SECURITY FEATURES
- Limit Login Attempts and rate limits for logins.
- Two Factor Authentication (2FA)
- Custom wp-login URL (wp-login.php)
- Hide Login Default Login Page
- Brute force protection for WordPress accounts and passwords
- Security Protection for WordPress login form
- Security FireWall by IP, Networks or Countries
- Web Application Firewall (WAF)
- Real-time traffic monitor (Visitors per pages, IPs, Countires and hits counts per page)
- Malware scanner with auto-cure function
- Daily auto malware scan
- Vulnerabilities scanner among installed plugins and themes
- Informes semanales de seguridad al correo electrónico
- Notifications of administrator users authorizations to your website
FREE TRIAL THEN $9 PER YEAR
CleanTalk is a Cloud security service that protects your website from online threats and provides you great security instruments to control your website security. We provide detailed security stats for all of our security features to have a full control of security.
We believe the most honest approach is when every user pays a small fee for using the service, rather than relying on a freemium model where some users subsidize others. The fee is as low as price of a good cup of coffee! So, the security plugin does not have a PRO version-it is completely free and works in combination with our premium Cloud security service at cleantalk.org. Every user has full access to all features of both the service and the plugin. Also, please take a note about WordPress.org policy
BRUTE FORCE PROTECTION
Our default anti–brute-force policy works as follows,
- For any failed login attempt to the WordPress admin area, the plugin introduces a brief delay of a few seconds.
- The plugin reviews the security audit log every hour. If any IP address records 10 or more login attempts in that period, it will be blocked for 24 hours.
ALL BRUTE FORCE PROTECTION FUNCTIONS
- Maximum failed attemtps to login before ban (default is 5). A failed attempt happens when either the login or password is incorrect.
- Time frame to count login attempts (default is 15 minutes).
- Ban to login time frame from 2 minutes to 24 hours (default is 1 hour).
- Two-factor authentication (2FA) with abillity to apply policy to specific users roles.
- Prevent collecting of login on password reset error. The option exclude the info about the login existing on password change error. Error message will be replaced with followed text: “If the user with the specified credentials exists, check your email for the password reset confirmation link. Then visit login page.”
- Security Audit Log. Keeps track of actions in the WP Dashboard to let you know what is happening on your blog. With the Security Audit Log is very easy to see user activity in order to understand what changes have done and who made them. Security Audit Log shows who logged in and when and how much time they spent on each page.
- Two Factor Authentication (2FA). It requires a bit of your time but Two Factor (2 Step) Authentication immediately gives a much higher level of security.With your first authorization, the CleanTalk Security plugin remembers your browser and you won’t have to input your authorization code every time anymore. However, if you started to use a new device or a new browser then you are required to input your security authorization code. CleanTalk security plugin will remember your browser for 30 days.
-
Change the URL of the wp-login page. This option helps you change the default wp-login URL (wp-login.php). Hackers use scripts for massive brute-force attacks, and since most sites use a default login page URL, hackers configure scripts for such URLs. When you change the URL of the authorization page, hackers will not have the opportunity to perform brute-force attacks in scripts in automatic mode. To change the URL,
- Go to the WP Dashboard plugin settings -> Settings -> Security by CleanTalk -> General Settings and check box Change address to login script.
- Add a new URL and click Save Settings.
- Make a note for the new URL!!! Unless you are going to forget the login url for yourself.
- Done! wp-login.php as well as directory wp-admin became unavaible.
This option does not change files and does not rewrite URLs in system files. To return the address of the default authorization page, it is enough to disable the option in the plugin settings or set a new value. If you are using caching plugins, then you need to add a new authorization page in the caching exceptions.
SECURITY FIREWALL
To enhance the security of your site, you can use the CleanTalk Security FireWall, which will allow you to block access by HTTP/HTTPS to your website for individual IP addresses, IP networks and block access to users from specific countries. Use personal BlackList to block IP addresses with a suspicious activity to enhance the WordPress security.
Security FireWall may significantly reduce the risk of hacking and reduces the load on your web server. CleanTalk Security is fully compatible with the most popular VPN services. Also, CleanTalk security supports all search engines Google, Bing, Yahoo, Baidu, MSN, Yandex and etc.
LIST OF FIREWALL FUNCTIONS
- Blocks or bypass visitors by IP, IP Network, Country. It also has option to avoid blocking hits from major search engines like Google, Bing, Yahoo, Baidu, Yandex and etc.
- Traffic control. CleanTalk security Traffic Control will track every single visitor no matter if they are using JavaScript or not and provides many valuable traffic parameters. Another option in Security Traffic Control – “Block user after requests amounts more than” – blocks access to the site for any IP that has exceeded the number of HTTP requests per hour. If this number of requests will be exceeded, this IP will be added to the Security FireWall Black List for 24 hours. Security Firewall has a limit for requests to your website (by default 1000 requests per hour, so you can change it) and if any IP exceed this threshold it will be added to security firewall for next 24 hours. It allows you to break some of the DDoS attacks.
- Limit Login Attempts. Limit Login Attempts – is a part of brute-force protection and security firewall.
- Web Application FireWall (WAF) for WordPress Security Plugin. The main purpose of Web Application FireWall (WAF) is real-time protection from unauthorized access, even if there are critical known/unknown vulnerabilities. Security Web Application FireWall catches all requests to your website and checks HTTP parameters that include,
- SQL Injection,
- Cross Site Scripting (XSS),
- uploading files from non-authorised users,
- PHP constructions/code,
- the presence of malicious code in the downloaded files.
In addition to effective information security and information security applications are required to know what is quality of protection and CleanTalk Security has logged all blocked requests that allow you to know and analyze accurate information. - You can see your Cleantalk Security Logs in your Dashboard CleanTalk’s research team updates WAF database each time as we find a vulnerability, it means plugin’s users get protection even against unpublished vulnurebilites.
- Learn more how to set up and test About Security Web Application Firewall
- Email Notifications when administrators or users are logged in. We added this option to our security plugin. Now you can receive notifications if you want to know about an unauthorized entrance to your WP Dashboard. Notification will be sent only when a user was able to authorize entering login and password. If you are logged into the admin panel from the saved session, then the alert won’t be sent.
MALWARE SCANNER WITH AUTO-CURE FUNCTION
Scans WordPress files for hacker files or code for hacker code. Performs antivirus functions.
Security Malware Scanner runs manually by users requests or automaticaly by WordPress cron. All of the results will send in your Security CleanTalk Dashboard with the details and you will be able to investigate them and see if that was a legitimate change or some bad code was injected.
LIST OF MALWARE SCANNER, ANTIVIRUS FUNCTIONS
- Malware autoscanning. Scans the website automatically at intervals ranging from once every 12 hours to once every 30 days.
- Cure malware. It cures infected files automatically if the scanner knows cure methods for these specific cases. If the option is disabled then when the scanning process ends you will be presented with several actions you can do to the found files,
- Cure. Malicious code will be removed from the file.
- Replace. The file will be replaced with the original file.
- Delete. The file will be put in quarantine. Do nothing.
Before any action is chosen, backups of the files will be created and if the cure is unsuccessful it’s possible to restore each file.
- Security Malware Heuristic Check. This option allows you to check files of plugins and themes with heuristic analysis. Probably it will find more than you expect.
- Security Malware scanner to find SQL Injections. The CleanTalk Security Malware Scanner allows you to find code that allows performing SQL injection. It is this problem that the scanner solves.
- Operating system cron tasks analysis. This functional provides an overview of scheduled cron jobs on server that perform automated tasks.
- DB Trigger analysis. Will search for known malicious signatures in database triggers.
- List unknown files. Shows the list of found unknown files in the malware scanner report. Unknown files do not have known virus signatures and do not have suspicious code. Meanwhile, unknown files do not belong to the public plugins and themes at wordpress.org.
- File System Watcher. File system Watcher monitors changes in the file system. This allows to quickly respond to a site infection by tracking which files were affected. The Watcher makes file system snapshots as often as one hour and show difference up to seven days time frame.
- Feedback System. If you don’t have programming experience and don’t know, is there security issue or not, you send some files to CleanTalk Cloud and we check them for malware code. After checking we send you an email notification with results, is there viruses or not. Please, look at our guide How malware file analysis works About Scanner Feedback System
LIST OF THE MOST ACTIVE MALWARES BY FILENAMES
- radio.php
- admin-ajax.php
- .1235512.css
- 8sjdakSJ3.php
- wso.php
- cmd.php
- shell.php
- reverse_shell.php
- xmlrpc.php
- admin.php
The list is actual on July 15th, 2025. The latest data is the article Is my site infected?
VULNERABILITIES SCANNER AMONG INSTALLED PLUGINS AND THEMES
Plugin checks installed plugins and themes for known (published) vulnerabilities. If finds vulnerable plugin/theme, it sends an Email notification and shows data in the Critical updates tab.
List of the most recent vulnerabilities found and published by CleanTalk Research team,
- CVE-2025-5921 – SureForms – Unauthenticated XSS – POC, 200k+ installs.
- CVE-2025-3582 – Newsletter – Stored XSS to JS Backdoor Creation – POC, 300k+ installs.
- CVE-2025-2560 – Ninja Forms – Stored XSS to JS Backdoor Creation – POC, 700k+ installs.
The list is effective on July 18th, 2025. Updates are avaible on https://research.cleantalk.org/.
MISCELLANEOUS SECURITY OPTIONS
- Send additional HTTP headers option. There are several additional http-headers which added to the every http-requests by the plugin if this option is enabled:
- “X-Content-Type-Options” improves the security of your site (and your users) against some types of drive-by-downloads.
- “X-XSS-Protection” header improves the security of your site against some types of XSS (cross-site scripting) attacks.
- “Strict-Transport-Security” response header (often abbreviated as HSTS) informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS.
- “Referrer-Policy” make the
Refererhttp-header transferring more strictly.
- Collect and send PHP logs. Collect and send PHP error logs to your CleanTalk Dashboard where you can list them.
- Prevent collecting of authors logins. Prevent visitors from collecting logins of the content authors from the website links (like example.com/?author=1).
- Prevent collecting of user login on password reset. The password reset error will not contain the data about selected username does not exist.
- Disable REST API for non-authenticated users. Turn this on to deny access to WordPress REST API for non-authenticated users. Denied requests will get a 401 HTTP Code (Unauthorized).
- Disable the WordPress endpoint “users” REST API. Disables access to /wp-json/wp/v2/users and /wp-json/wp/v2/users/”id_user”.
- Disable File Editor. By prohibiting file editing, you protect the site from malicious attacks that may try to change the code and gain access to the site or steal confidential information.
TRANSLATE INTO YOUR LANGUAGE
- Thank you for helping translate the plugin!
- 感谢您帮助翻译这个插件! (Gǎnxiè nín bāngzhù fānyì zhège chājìan!)
- प्लगइन का अनुवाद करने में मदद के लिए धन्यवाद! (Plugin ka anuvaad karne mein madad ke liye dhanyavaad!)
- ¡Gracias por ayudar a traducir el complemento!
- Merci d’avoir aidé à traduire le plugin !
- شكرًا لمساعدتك في ترجمة الإضافة! (Shukran limusaa’adatika fi tarjamat al-idafa!)
- প্লাগইন অনুবাদে সাহায্য করার জন্য ধন্যবাদ! (Plug-in onubade shahajjo korar jonno dhonnobad!)
- Спасибо за помощь в переводе плагина! (Spasibo za pomoshch v perevode plagina!)
- Obrigado por ajudar a traduzir o plugin! (Obrigada if female)
- پلگ ان کا ترجمہ کرنے میں مدد کرنے کا شکریہ! (Plug-in ka tarjuma karne mein madad karne ka shukriya!)
- Terima kasih telah membantu menerjemahkan plugin!
- Danke, dass du beim Übersetzen des Plugins geholfen hast!
- プラグインの翻訳を手伝ってくれてありがとうございます! (Puraguin no hon’yaku o tetsudatte kurete arigatou gozaimasu!)
https://translate.wordpress.org/projects/wp-plugins/security-malware-firewall/
Capturas de pantalla
Firewall log tab. The log includes detailed info about each of visitor that reached the site and his firewall check status. Also show Traffic Control activity for the user. 
Critical Updates tab. Critical Updates interface. 
File System Watcher tab. File System Watcher interface. 
Malware scanner tab. Here you can scan all WordPress files for malicious and suspicious code and see the result. 
Security Log tab. The log includes list of Brute force attacks or failed logins and list of successful logins for up to 45 days. The plugin keeps the log on CleanTalk servers to make the log not accessible for hackers. 
General settings tab. Here you can manage all the plugin settings. 
Summary tab. The general info about the plugin state. 
Interfaz de copias de seguridad. Aspecto de la interfaz de copias de seguridad. 
General settings – authentication and log in. Here you can manage Brute-Force protection, 2FA auth and change login URL. 
General settings – firewall. Here you can manage Firewall modules and Traffic Control settings. 
General settings – scanner. Here you can manage automatic scanner start, types of checks, directories exclusions for scanner and enable important files monitoring. 
General settings – admin bar. Here you can set behavior of admin bar module. 
Barra de administración. Cómo se ve el módulo de la barra de administración. 
General settings – trusted text. Here you can manage your affiliate links and trusted text shown for visitors. 
Texto confiable. Cómo se ve el texto confiable. 
Resultados del escáner de malware – Críticos. Hay una lista de archivos que contienen código peligroso o firmas de malware. 
Resultados del escáner de malware – Sospechosos. Hay una lista de archivos que contienen código sospechoso. 
Resultados del escáner de malware – Aprobados. Hay una lista de archivos que fueron aprobados por el usuario, el análisis en la nube o el equipo de CleanTalk. 
Resultados del escáner de malware – registro de análisis. Hay una lista de los archivos que se enviaron para el análisis del escáner de malware en la nube y su estado. 
Resultados del escáner de malware – desconocidos. Hay una lista de archivos que no contienen malware, pero no forman parte del núcleo de WordPress ni de los plugins/temas. 
Resultados del escáner de malware – Curados. Hay una lista de archivos que han sido curados automáticamente. 
Malware scanner results – frontend malware. There is a list of frontend pages that contains malicious HTML/JavaScript code. 
Resultados del escáner de malware – Permisos inseguros. Hay una lista de archivos a los que un hacker podría acceder debido a la configuración de permisos inseguros. 
Resultados del escáner de malware – Informe PFD. Aspecto del informe en PDF de los resultados del escáner. 
Interfaz de plantillas. Utilizando esta interfaz, puedes aplicar la configuración de otro sitio de tu cuenta CleanTalk o de una plantilla guardada anteriormente. 
Ejemplo de página de bloqueo – Cortafuegos. Si la dirección IP del visitante está en una lista de redes peligrosas o está en la lista negra personal, verá esta pantalla. 
Ejemplo de página de bloqueo – XSS. Si el visitante intenta implementar XSS, verá esta pantalla. 
Ejemplo de página de bloqueo – SQL. Si el visitante intenta realizar una inyección SQL, verá esta pantalla. 
Ejemplo de página de bloqueo – Ataque de fuerza bruta. Si el visitante intenta usar credenciales incorrectas varias veces, verá esta pantalla. 
Ejemplo de página de bloqueo – Control de tráfico. Si el visitante ha solicitado páginas del sitio con demasiada frecuencia, verá esta pantalla.
Instalación
DEFAULT INSTALLATION
-
Download, install and activate ‘Security by CleanTalk’.
-
Get Access key https://cleantalk.org/register
-
Enter Access key in the settings WordPress console -> Settings -> Security by CleanTalk -> General settigns. Save Changes.
-
Go to Malware scanner tab and do the very first scan.
-
Done! The plugin is ready to use.
INSTALLATION FROM THIRD-PARTY SOURCE
- Descarga la última versión en el disco duro de tu computador,
https://downloads.wordpress.org/plugin/security-malware-firewall.zip
-
Go to your WordPress Dashboard->Plugins->Add New->Upload CleanTalk zip file.
-
Click Install Now and Activate.
-
After activated, go to plugin settings. Then you will need to create an API key, this is done automatically for you. Just click on “Get access key automatically”
Installation completed successfully.
Instalación desde el directorio de wordpress.org
-
Navigate to Plugins Menu option in your WordPress administration panel and click the button “Add New”.
-
Type CleanTalk in the Search box, and click Search plugins.
-
When the results are displayed, click Install Now.
-
Select Install Now.
-
Then choose to Activate the plugin.
-
After activated, go to plugin settings. Then you will need to create an API key, this is done automatically for you. Just click on “Get access key automatically”
Installation completed successfully.
FAQ
-
¿Por qué me atacan?
-
Hackers want to get access to your website and use it to get backlinks from your site to improve their site’s PageRank or redirect your visitors to malicious sites or use your website to send spam and viruses or other attacks.These attacks can damage your reputation with readers and commentators if you fail to tackle it. It is not uncommon for some WordPress websites to receive hundreds or even thousands of attacks every week. However, by using the Security CleanTalk plugin, all attacks will be stopped on your WordPress website.
-
¿Cómo probar el servicio de seguridad?
-
Please use the wrong username or password to log-in to your WP admin panel to see how the Security Plugin works. Then you may log-in with your correct account name and see the logs for the last actions in the settings or our plugin. Also, Audit Log will display the last visited URL’s of the current user.
-
Is the plugin compatible with WordPress MultiUser (WPMU or WordPress network)?
-
Yes, the plugin is compatible with WordPress MultiUser.
-
How to control security activities on your website?
-
Ve a tu cuenta CleanTalk->Iniciar sesión. Utiliza filtros para ordenar datos para análisis.
Los registros de seguridad le permiten recibir y conservar información durante 45 días. Tienes las siguientes posibilidades:
1. Período de tiempo para todos los registros que deseas ver.-
Website for which you want to see security records. Leave the field empty to see security records for all websites.
-
Elige un evento que quieras ver:
- Authorization Login — all successful logins to your website.
- Autorización de cierre de sesión — todas las sesiones cerradas.
- Authorization Invalid username — login attempts with not existing username.
- Authorization Auth failed — wrong password login attempts.
- Audit View — records of actions and events of users in your website backend.
-
Búsqueda de registros por dirección IP.
-
Búsqueda de registros por país.
Hay fecha y hora de los eventos para cada registro, nombre de usuario que realizó una acción y su dirección IP (país). Cómo utilizar el registro de seguridad https://cleantalk.org/help/Security-Log
-
-
Is it possible to set custom email for notification?
-
Sí, es posible. Ve a tu cuenta CleanTalk->Cambiar correo electrónico https://cleantalk.org/my/change-email
-
¿Por qué necesitas una clave de acceso?
-
Access Key allows you to keep statistics up to 45 days in the cloud and different additional settings and has more possibilities to sort the data and analyses. Our plugin evolves to Cloud Technology and all its logs are transferred to Cloud. Cloud Service takes data processing and data storage and allows to reduce your webserver load.
-
How to use Security Log
-
- First go to your Security Dashboard. Choose “Site Security” in the “Services” menu.
- Then go to your Security Log.
Tienes las siguientes posibilidades:
- Período de tiempo para todos los registros que desea ver.
- Website for which you want to see security records. Leave the field empty to see security records for all websites.
Elige un evento que quieras ver:
- Authorization Login — all successful logins to your website.
- Autorización de cierre de sesión — todas las sesiones cerradas.
- Authorization Invalid username — login attempts with not existing username.
- Authorization Auth failed — wrong password login attempts.
Audit View — records of actions and events of users in your website backend.
- Búsqueda de registros por dirección IP.
- Búsqueda de registros por nombre de usuario.
- Búsqueda de registros por país.
Lista de registros. Cada registro tiene las siguientes columnas:
- Fecha — fecha en la que se produjo el suceso.
- Registro de usuarios — quién ha realizado las acciones.
- Evento — lo que ha hecho.
- Status — was he Passed or Banned.
- IP — su dirección IP.
- País — a qué país pertenece esa IP.
- Detalles — algunos detalles si están disponibles.
Por favor, lee más
https://cleantalk.org/help/Security-LogIf you wish to block some countries from visiting your website, please, use this instruction: https://cleantalk.org/help/Security-Firewall
- First go to your Security Dashboard. Choose “Site Security” in the “Services” menu.
-
How to use Security Firewall
-
First go to your Security Dashboard. Choose “Site Security” in the “Services” menu. Then press the line “Black&White Lists” under the name of your website.
You can add records of different types to your black list or white list:
- Direcciones IP (Por ejemplo 10.150.20.250, 10.10.10.10)
- Subredes (Por ejemplo 10.150.20.250/24, 10.10.10.10/8)
- Countries. Click the line “Add a country” to blacklist or whitelist all IP-addresses of the chosen countries.
The records can be added one by one or all at once using separators: comma, semicolon, space, tab or new line. After filling the field press the button “Whitelist” or “Blacklist”. All added records will be displayed in your list below. Please note, all changes will be applied in 5-10 minutes.
Por favor, lee las instrucciones completas aquí
https://cleantalk.org/help/Security-Firewall -
How to test Security Firewall?
-
- Abre otro navegador o entra en el modo incógnito.
- Type address YOUR_WEBSITE/?security_test_ip=ANY_IP_FROM_BLACK_LIST
2.1 Address 10.10.10.10 is local address and it’s in blacklist constantly. So address YOUR_WEBSITE/?security_test_ip=10.10.10.10 will works everytime. - Asegúrate de haber visto la página con el mensaje de bloqueo.
- FireWall works properly, if it is not, see item 4 of the list.
-
¿Cómo funciona el escáner de malware?
-
Malware scanner will check and compare with the original WP files and show you what files were changed, deleted or added. Malware scanner could be used to find an added code in WP files. On your Malware Security Log page, you will see the list of all scans that were performed for your website. The CleanTalk Cloud saves the list of the found files for you to know where to look them for.
-
¿Cómo iniciar el escáner de malware?
-
At the moment malware scanner may be started one time per day and manually.
To start malware scanner go to the WordPress Admin Page —> Settings —> Security by CleanTalk —> “Malware Scanner” tab —> Perform Scan.
Give the Malware Scanner some time to check all necessary files on your website. -
¿Es gratis o de pago?
-
The plugin is free. But the plugin uses CleanTalk cloud security service. You have to register an account and then you will receive a free trial to test. When the trial (on CleanTalk account) is finished, you can renew the subscription for 1 year or deactivate the Security by CleanTalk plugin.
If you haven’t got access key, the plugin will work and you will have logs only on the plugin settings page for last 20 requests. -
¿Qué sucede una vez finalizado el período de prueba?
-
The plugin will fully perform its functions after the end of the trial period and will protect your website from brute force attacks and will keep Action Log in your WP Dashboard, but the number of entries in the log will be limited to the last 20 entries/24 hours. Also, you will receive a short daily security report to your email.
Premium version allows to storage all logs for 45 days in the CleanTalk Dashboard for further analysis.
-
Seguridad de fuerza bruta para WordPress
-
El ataque de fuerza bruta es una búsqueda exhaustiva de contraseñas para obtener acceso completo a una cuenta de administrador. Las contraseñas no son la parte difícil para los piratas informáticos, teniendo en cuenta la cantidad de variantes de contraseñas enviadas por segundo y la gran cantidad de direcciones IP.
Brute force attack is one of the most security issues as an intruder gets full access to your website and can change your code. Consequences of these break-ins might be grievous, your website could be added to the [botnet] and it could participate in attacks to other websites, it could be used to keep hidden links or automatic redirection to a suspicious website. Consequences for your website reputation might be very grievous.
-
Why is the CleanTalk Security Plugin Added to the Must Use Section?
-
This is required for the Security FireWall to function properly. Plugins that are placed in this section are being launched first, so it is very important that the Security FireWall is launched before any plugins and hooks. Thus, hacker requests will be stopped before they can get access to any site code.
-
¿Puedo usar CleanTalk Security y Wordfence juntos?
-
Claro, puedes utilizar CleanTalk Security y Wordfence. Muy a menudo, nuestros clientes nos preguntan si habrá algún conflicto entre CleanTalk y Wordfence. Hemos probado CleanTalk Security y Wordfence trabajando juntos, y funcionan sin ningún conflicto.
-
Can CleanTalk Security protect from DDoS?
-
Security FireWall can mitigate HTTP/HTTPS DDoS attacks. When an intruder makes GET requests to attack your website, Security FireWall blocks all requests from bad IP addresses. If your website under DDoS attack you will be able to add IPs to your personal BlackList to block all Post and GET requests.
Reseñas
Colaboradores & Desarrolladores
“Login Security, FireWall, Malware removal by CleanTalk” es software de código abierto. Las siguientes personas han contribuido a este plugin.
Colaboradores
“Login Security, FireWall, Malware removal by CleanTalk” ha sido traducido en 4 idiomas. Gracias a los traductores por sus contribuciones.
Traduce “Login Security, FireWall, Malware removal by CleanTalk” a tu idioma.
¿Interesado en el desarrollo?
Revisa el código, echa un vistazo al repositorio SVN, o suscríbete al registro de desarrollo por RSS .
Historial de cambios
= 2.160 July 14 2025
* Mod. SettingsDesc. Description of suspicious vulnerabilities.
* Mod. RemoteCalls. Updated test calls error formatting.
* Code. Unit Test. Disable admin bar exclaim test.
* Fix. AjaxActions. Added nonce verification.
* Fix. Code. Code direct call prevention.
* Fix. FileEditorDisabler. Do not write error_log. Messages refactored.
* Fix. Admin bar. Hide exclaim sign if no SPBC banners need user attention.
* Fix. VulnerabilityAlarm. Set autoload for option to ‘off’.
= 2.159.1 July 10 2025
* Fix. Code. React. Return ErrorBlock component.
= 2.159 June 30 2025
* New. FileEditorDisabler. New functionality for disabling the file editor
* New. FileEditorDisabler. Multisite setup mode, dashboard banners, and settings page
* New. FileEditorDisabler. Two new banners for Dashboard and Settings page, psalm edits
* Fix. FileEditorDisabler. Editing the isconfigaccessive condition
* New. Common class SupportUser implemented. Child class for SPBC settings implemented.
* Fix. FileEditorDisabler. Post-test edits
* Upd. SecurityLog. Added posibility to change user role.
* Fix. FileEditorDisabler. Edit and delete a block with a constant
* Upd. Firewall. Added ability for custom action before blocking page.
* Mod. ChangingRole. Displaying a list of permissions for the role, adding the Tech Freelancer role
* Fix. ChangingRole. Filtering outdated permissions
* Fix. RadioTemplate. Edit duplicate id
* Code. Hook explanation added for “spbct_firewall_before_die”.
* Upd. Settings. Fix layout and tests.
* Fix. Scanner. Heuristics. Mathematics. Fixed regex to find math expressions.
* Fix. Login. SPBC link refactored. Layout fixed on mobile layout.
* Upd. Scanner. Add signature analysis for js files to scanner.
* Fix. Table. Edit action Restore, defining the accordion for Restore
= 2.158 June 16 2025
* Mod. Firewall. Skip user-ignored country even if largest subnet is blacklisted by another country.
* Fix. After tests. Old logic for 99 status is removed.
* Fix. Settings. Custom jquery-ui support removed.
* Fix. Settings. Loading more scan logs fixed.
* Upd. UploadChecker. Refactoring UploadCheckWPModules.
* Fix. Scanner. Display path found malware’s fixed.
= 2.157 June 02 2025
* Upd. Preventing logins collection. Description updated.
* New. Security. Prevent login collection via password reset logic.
* Fix. Settings. 2FA modal window fixed.
* New. DBTriggerScan.
* Upd. Scan. Localize clear btn.
* Fix. Firewall. Rewriting permalinks fixed.
* Upd. Scan. Update cure log description.
* Upd. LoginPage. Update description layout.
* Upd. Settings. Replace error notification to react component.
* Ref. Settings. Remove gdpr popup.
* Fix. Settings. Improve notifications render.
* Fix. Header component. Remove unnecessary data attribute from error block.
* Fix. Code. Editing the textdomain, editing the synchronization logic
* Fix. NetworkDashboard. Editing the display of the SpbctPageNetworkDashboard component for a multisite
* Fix. Code. Edit Textdomain error
= 2.156 May 19 2025
* New. Code. New react structure.
* New. WP-CLI. Implemented actions for service create, settings and templates management and scanner actions.
* New. GitHub Actions. All actions notifications changed to Matrix.
* Upd. Scan. Enhance scanner execution time management by implementing a maximum execution time check.
* Upd. WP-CLI. Docs added.
* Upd. Firewall. Enhance IP data retrieval by adding subdivision and city information to the country report.
* Fix. Remote calls. Remote action escape.
* Fix. Scanner. Heuristic. SQL issues collection fixed.
* Fix. Scanner. Remove some actions from CORE files.
* Fix. Code. Editing the Texdomain error
* Fix. Scanner. Deleting from Analysis log fixed.
* Fix. Scanner. Approving. Do not rewrite files status on applying deined hashes rules.
= 2.155 Apr 21 2025
* New. Scanner. Heuristic. Entropy analysis updated to find suspicious array key calls.
* Fix. SettingsPage. Textdomain fix
* Fix. HTTP. Get DNS records. False result handled.
* Ref. Admin page. CSS styles and JS scripts enqueuing refactored.
* Upd. Admin. jQuery lib automatic dependency implemented (built-in/cutom setup).
* Fix. Scanner. Heuristic. Entropy. Variables. WeakSpots reduction fixed.
* Ref. Code. Update validation.
* Fix. Settings. Block API-key layout fixed.
* Fix. Surface. Skip symlinks.
* Fix. Scanner. Heuristic. Entropy. Array keys detection fixed.
* Fix. Scan. Skip directories we can’t access.
* Fix. Scan. Implement error handling and filter management for themes_api calls.
* Fix. DB. Improved compatibility with mysql.
* Fix. WL Mode. WL entities updated on whole project.
* Fix. Code. Deprecated notices about FILTER_SANITIZE_STRING fixed.
* Fix. Scanner. Checking for the file_exists function argument
= 2.154 Mar 25 2025
* Upd. Settings. Improved FW test block page.
* Upd. Settings. Improved 2fa handler.
* Ref. Scanner. Code. Removed unused code.
= 2.153 Mar 10 2025
* Fix. Http. Hard-coded cleantalk IPs removed.
* Fix. OSCron. Skip task parsing on regexp empty result.
* Fix. Scanner. Removed some trial restrictions.
* Fix. WAF. False blocking logged-in user by WafBlocker fixed.
* Mod. GetKeyAuto. Checking the query result code.
* Mod. Scanner. Getting approved hashes. Memory usage reduced.
* New. Code. UI tests. Jest/Puppeteer.
* Upd. Backup Restore. Lot of interaction improvements.
= 2.152 Feb 24 2025
* Fix. FW update. A second delay required for wordpress.com hosting to avoid 429 errors
* Fix. FW update. Empty error on RC call fixed.
* Upd. Scan. Show all actions in suspicious accordion.
* Fix. Account status check. Unknown key fixed and logic refactored.
* Upd. Banners. Updated text.
* Fix. Scanner. Files count check. Ignoring symlinks improved.
* Upd. SecurityLog. Improved UX.
= 2.151 Feb 10 2025
* Upd. Vulnerability Alarm. PSC badge. Now use research_url param to construct PSC details link for plugins/themes.
* Mod. White Label. Modification of the White Label mode
* Mod. Compare Scan Files. Removing the function of comparing scanned files
* Mod. Compare Scan Files. Removing the comparison functionality
* Mod. Compare Scan Files. Removing unnecessary css
* Fix. OSCron. Prevented error appear if function not exists.
* Upd. HTTP. API servers ping updated.
* Fix. HTTP. Ping. Handle case of socket_create unavailable.
* Fix. White Lable. Correction of WL mode operation
* Fix. SignatureAnalyser. Edit signature scanner
* Fix. White Label. Edits based on the review
* Upd. Scan. Added cure action for critical accordion.
* Fix. Settings. Prevented browser notice on 2fa save.
* Fix. Settings. Correcting a typo
= 2.150.1 Jan 29 2025
* Fix. OS Cron. Fixed case of fatal error when shell_exec is not available.
= 2.150 Jan 21 2025
* Mod. Scanner tabs. View action. Remove non-existed file from table and scanner tab on view action.
* Fix. Scanner. Frontend malwares actions fixed.
* Fix. Cron. Added cast for value from database.
* Fix. UploadChecker. Fixed flow.
* Upd. Account data. Notice about auto-update is redundant, removed from state.
* Fix. BulkAction. Edit the use of confirm for BulkAction
* Upd. ScannerTbl. Remove the display of empty files in unknown
* New. Scanner. Added OSCron module.
= 2.149 Jan 13 2025
* Fix. Deactivator. Drop table surface_completed_dirs
* Upd. Scan. Improved delete action.
* Upd. Settings. Improved scan tab render.
* Fix. Scanner. Cure stage. Correct curing if file has been modified with no renaming.
* Fix. Vulnerability alarm. False detected vulnerabilities fixed.
* Fix. Code. Code style fixed.
* Ref. Scanner. Cure. New manual cure attempts refactored.
* Fix. Scanner. Cure. Cure on modified files after once cure fixed.
* Upd. Scanner tabs. Accordion refresh after curing.
* Fix. Remote calls. Debug RC fatal error fixed.
* New. Code. New class SpbcEnqueue extends Enqueue to enqueue css/js scripts.
* Fix. Settings. Fixed backups links on site where wordpress installed not in root.
* Fix. Scanner. Cure. Fixed cci counters on manual run.
* New. Scanner. Several weakspots curing implemented. Weakspots workwith log implemented.
* Fix. Common libs. Signature analysis fixed on several equal signatures matches.
* Fix. Forgotten debug removed.
* Upd. Docs added and redundant separator removed.
* New. VulnerabilityAlarmService. Added output of PSC on plugins list page.
* Ref. Scanner. Cure. Restore. Restoring files refactored.
* Fix. Enqueue. Regex on webpath validate fixed.
* Fix. Enqueue. Regex on webpath validate fixed.
* Fix. Cure. Skip cure process on background if cure stage exists but setting is disabled.
* Fix. Heuristic. Variables. Fix non-numeric notice.
* Upd. Scanner. Cure. Next cure single tries will rescan files before cure.
* Fix. Cure. Fixed occasion if CCI is null.
* Fix. ScannerQueue. Debug state removed.
* Fix. ListTable. Added a data type check
= 2.148.1 Dec 23 2024
* Fix. Vulnerability alarm. False detected vulnerabilities fixed.
= 2.148 Dec 09 2024
* New. Plugin settings. Navigation bar implemented for settings general.
* Upd. Code. Removed the plugin dependency on jQuery for site public pages.
* Fix. Vulnerability Alarm. Fixed the name detection of module being checked.
= 2.147 Nov 25 2024
* New. Admin Banners. Critical files warning banner implemented.
* Upd. Readme. Tagline, description has been updated.
* Upd. Readme. Tested up to: 6.7.
* Upd. Code. Psalm. Checking “prepare” SQL requests handled.
= 2.146 Nov 11 2024
* Upd. Scan. Updated heuristic module.
* Upd. Frontend scanner. Exclusion domains list updated.
* Fix. Security logs. Fixed case when a lot of logs kept unsent.
* Fix. FSWatcher. The huge refactoring has been completed.
* Upd. Settings. Improved UX.
* Upd. Scan. Added scan logs to pdf export file and possibility to copy scan logs to clipboard.
* Fix. Firewall. Brute force protection for xmlrpc requests enabled.
* Upd. Code. Heuristic analyser common lib updated.
* Fix. FSWatcher. Check only for fswatcher actions on checkRateLimit().
* Fix. FSWatcher. Stripping filepath slashes on view action.
* Fix. Remote Calls. Remote calls calling without api key fixed.
* Fix. Vulnerability alarm. New API method report_vulnerability_in_use implemented.
* Code. Refactoring. Estimated analysis time updater.
* Fix. Scanner. Restoring quarantine fixed.
* Fix. Scanner. Upload checker module fixed.
= 2.145.1 Nov 01 2024
* Fix. Remote Calls. RC calling without token fixed. (#438)
= 2.145 Oct 28 2024
* Fix. Setting. React components i18n fixed.
* Fix. Code. Frontend malware scanner disabled by default.
* Fix. Code. Frontend malware scanner describe fixed.
* Fix. Code. Frontend malware scanner option name fixed.
* Upd. Scan. Added restore to cure log.
* Fix. Scanner. Sending results. FMS logs. Modified date validation added.
= 2.144 Oct 14 2024
* Fix. PSC. Only PSC will be shown on install plugins/themes screen.
* Fix. Scanner. Manual cure logic fixed – added stage creating a backup.
* Fix. HTTP. Ping. If fsockopen() is unavailable return current server as fastest.
* Fix. Scanner. Cron. Fixed timezone detection on cron jobs.
* Fix. Settings. React components are translate-ready now.
* Upd. Sending for analysis. Long description provided.
* Fix. Backend logs collecting. Fixed option status dependency of account status check.
* Upd. Scanner. Results. Do not show unknown files of zero-byte size if service constant defined.
* Fix. FW update. Do not warn user and do not force direct update if ..fw_files_for_blog_*/index.php cannot be deleted.
* Upd. White label. Hide links to “research.cleantalk.org” and “l.cleantalk.org/website-malware-removal” on plugin settings page if WL mode is enabled.
* Fix. Settings template. Modal window layout and styles fixed.
* Fix. Modal. Modal window max height fixed.
* Fix. Settings. PSC texts fixed.
= 2.143 Sep 30 2024
* Fix. Scanner. JS extension excluded from scanner.
* Fix. Important files monitoring. Do not follow redirects on check.
* Fix. ScannerQueue. Unset CSV parse result after hashes receiving.
* Fix. Firewall. Do not run WAF only case for admin area URI if user is not logged in.
* Fix. Scanner. Counting modules. TypeError case prevented.
= 2.142 Sep 16 2024
* Upd. Settings. Modal window common style updated.
* Mod. Settings. Scanner tab. Quarantine action text updated.
* Mod. Scanner. Accordion actions. Approve action is require active license now. No confirmation requested for restricted actions.
* Fix. Scanner. Accordion actions. Bulk action confirm fixed.
* Upd. Code. Security logs DTO classes implemented.
* Fix. CSS. Adaptive content. Nav wrapper flex direction.
* Fix. CSS. Adaptive content. Long description places.
* Fix. CSS. Adaptive content. Get more details clicks.
* Fix. CSS. Adaptive content. Scanner legend.
* Fix. CSS. Adaptive content. Path full description.
* Upd. SQL schema. The column “view” of spbc_auth_log table set to varchar(16).
* Fix. CSS. Adaptive content. Malware removal top settings banner adapted.
* Upd. Modal window. Support link removed from restricted actions notice.
* Upd. Auth. Open 2fa support link in new page.
* Fix. Code. Get admin email call moved.
* Fix. Security log. Parse URL. Fix for wptexturize.
* Fix. Settings. Unknown accordion description fixed.
* Fix. FSwatcher. Skip init on WP_Estimation_Form
= 2.141 Sep 02 2024
* Upd. Security admin. Adaptive version
* Fix. FSW. Added exclude for ListingPro output hook.
* Fix. FSW. Comparing snapshots when showing a file
* Fix. Vulnerability alarm. Checking vulnerabilities via synchronization implemented
* Upd. BannerLinks. Compiling links to treatment through class LinkConstructor
* Upd. SignatureAnalysis. Removing the link and checking for v0 signatures (#409)
* New. Settings. New option to change and delete the technical support link on the authorization page (#410)
* Fix. Settings. File system watcher settings fixed.
* Fix. Scanner. Timeout increased for the action delete.
* Fix. FSW. Updated statement to exclude buffer handler by const.
= 2.140 Aug 19 2024
* Upd. WAR. Analysis php://input
* Fix. FSWatcher. Added exclusion for NotifierForPhone.
* Fix. Phpcs
* Upd. WAF. Exploit check from php://input
* Fix. Typo. Updated warning message.
* Upd. WAF. Error Control Operators
* Fix. Code. Unit tests fixed.
* Fix. FSW. Added exclude for GFForms output hook.
* Upd. Scanner. Trial license not allowed curing malware.
* Upd. Scanner. Trial license not allowed quarantine and delete actions.
* Fix. Code. Code style fixed.
* Fix. Modal window. Error modal title fixed.
* Fix. Scanner. Outbound links page_url parameter fixed.
* Fix. Scanner. Outbound links collecting fixed.
* Fix. ScannerQueue. Checking for the existence of a key when scanning frontend
= 2.139 Aug 05 2024
* Fix. Backups. Backups tab fixed.
* Fix. FSWatcher. Added exclusion for RapidLoad.
* Fix. FSWatcher. Added exclusion for Sendinblue.
* Fix. Heuristic. SQLs. Fixed error on empty request.
* Fix. Settings. Security logs display fixed.
* Fix. Scanner. Cure. Delete the failed cure tries from the cure log on first iteration to avoid files to cure missing.
* Fix. Scanner. Cure. Not cured files selection fixed.
* Fix. Vulnerability Alarm. CVE ID layout fixed.
* Fix. Vulnerability alarm. Display alarms fixed.
* Fix. Vulnerability Alarm. PSC version gathering adapted to new cloud states.
* Mod. Scanner. Cure. Malware replacing now uses block comment instead of row comment.
* Mod. Scanner. Filesystem Analysis. SurfaceNew class implemented to speed up the stage.
* Mod. Scanner. Sending results. Sending unknown files removed.
* Upd. Settings. Critical updates tab. Description and header implemented.
* Upd. Settings. Critical updates tab. Modules name are clickable now and proceeds to the appropriate modules page.
* Upd. Settings. Critical updates tab. Outdated plugins removed. Legend added.
* Upd. Settings. Renewal links. Get premium badge updated using LinkConstructor.
= 2.138.1 July 24 2024
* Fix. Settings. Security logs display fixed.
* Revert “Fix. FS Watcher. Module working only in the admin side.”
= 2.138 July 23 2024
* New. Settings. Added alarm to admin menu.
* New. Settings. Added function to upload exclusions.
* Upd. Scan. Updated handler for cloud results method.
* Fix. Deactivation possible notices fixed.
* Fix. Vulnerability Alarm. Installed themes checking fixed.
* Fix. Deactivating. Logging failed deactivation fixed.
* Fix. Deactivating. Tables deleting fixed.
* Fix. Settings. Tabs. Debug tab on local domains revived.
* Fix. FS Watcher. Module working only in the admin side.
* Fix. Scanner. Cure. Not cured files selection fixed.
* Fix. Scanner. Cure. Delete the failed cure tries from the cure log on first iteration to avoid files to cure missing.
* Fix. UpdaterScripts. Fix type on update_option call.
= 2.137 July 09 2024
* New. Settings. Added alarm to admin menu.
* New. Settings. Added function to upload exclusions.
* Upd. Scan. Updated handler for cloud results method.
* Fix. Deactivation possible notices fixed.
* Fix. Vulnerability Alarm. Installed themes checking fixed.
* Fix. Deactivating. Logging failed deactivation fixed.
* Fix. Deactivating. Tables deleting fixed.
* Fix. Settings. Tabs. Debug tab on local domains revived.
* Fix. FS Watcher. Module working only in the admin side.
* Fix. Scanner. Cure. Not cured files selection fixed.
* Fix. Scanner. Cure. Delete the failed cure tries from the cure log on first iteration to avoid files to cure missing.
* Fix. UpdaterScripts. Fix type on update_option call.
= 2.137 July 09 2024
* Fix. Psalm suppress UndefinedMethod
* Fix. Eslint
* Upd. Disabling analyse Long Line
* Upd. Checking memory_limit
* Upd. Scan. Updated flow for upload hashes.
* Fix. Deprecated conversion of false to array in getPluginReportStatic
* Upd. Changes in the operation of modal windows
* Fix. CamelCase attributes for CriticalUpdate
* Fix. Code. Common lib updated.
* Fix. Settings. Visited pages output in security logs fixed.
* New. Scan. Update front estimates time.
* Upd. Local results clearance. Delete backups, cure logs, cured files data.
* Ref. Cure. New CureStage class used to run curing.
* New. AdjustModule. Setup handler to adjust w3tc
* New. Settings. Critical updates tab implemented.
* Upd. VulnerabilityAlarmView.php. Text updates.
* Upd. VulnerabilityAlarm Service. Every vulnerable theme has unique link now.
* Upd. VulnerabilityAlarmView. Padding added for lists of items on the tab.
* Upd. VulnerabilityAlarm Service. Show PSC modules. Other fixes.
* Fix. VulnerabilityAlarmView.php. Text.
* Fix. VulnerabilityAlarmService. Fix logic.
* Upd. VulnerabilityAlarmService. Update SGV on tab.
* Upd. VulnerabilityAlarmService. Fixed versions check on checkModule iteration.
* Fix. Sacnner. Backups. Backup ID fixed.
* New. RemoteCalls. New RC “launch_background_scan” to launch scan in background.
* Fix. VulnerabilityAlarm.php. Themes collecting fixed.
* Ref. VulnerabilityAlarm. Names.
* Fix. VulnerabilityAlarmService. PHP 8.1 compat fix.
* Upd. VulnerabilityAlarmView. Versions added.
* Fix. Call function on null
= 2.136.1 July 02 2024
* Fix. Settings. Visited pages output in security logs fixed.
= 2.136 June 24 2024
* Fix. Settings. Get key auto button depends on agreement.
* Fix. Cookie. Added nofollow attribute.
* Fix. Settings. Updated statement for 2fa.
* Fix. Security. The upload checker used signatures analysis only for now.
* Upd. WAF. Added waf for admin area.
* Fix. Settings. Updated 2fa handler.
* Upd. FW. Send logs. Signature ID added to logs for WAF blocks cases.
* Fix. FW. Update is_admin handler.
* Upd. Firewall. Logging. Do not rewrite records with different signatures but same type.
* Upd. Scanner. Signatures getting. Plugin is ready to version 3.
* Upd. Scan. Refactoring scan send stage.
* Fix. Settings. Updated timezone format for get_api_key.
* New. Scanner. New category Approved By Cloud implemented.
* Fix. FSWatcher. Logs naming fixed.
* Upd. HeuristicAnalyser. CodeStyle. Long lines check enabled.
* Fix. Fixed the changes when installing composer
* Fix. Added index files
* Fix. FSW. Added rate limit.
= 2.135 June 10 2024
* New. Modal window. Confirm action implemented.
* New. List table. Custom confirm window implemented.
* Upd. Recording and displaying an event from wp_spbc_auth_logs
* Fix. Settings. Don’t show Frontend scanner results category if this option is disabled
* Fix. Scanner. Scan log details – triggered module name added.
* Fix. Firewall. Updated logging process.
* Upd. SQLSchema. Signature body size extended. Schema updated and updater script ready for v2.135.
* Fix. Scanner. Reset weak_spot and severity on modified files.
* Upd. Settings. “About” block refactored. Cure services links added.
* Fix. Firewall. Fixed logged admin counting.
* Fix. Login page. Brute force protection description fixed.
* Fix. Scanner. Outbound links actions fixed.
* Fix. Scanner. Show more button fixed.
* Fix. Settings. 2fa setting long description fixed.