Brute force, Login security & Two Factor Auth (2FA). Limit login. Malware & Vulnerabilities scan. FireWall. Enterprise ready security plugin.

Why are they attacking me?

Hackers want to get access to your website and use it to get backlinks from your site to improve their site’s PageRank or redirect your visitors to malicious sites or use your website to send spam and viruses or other attacks.These attacks can damage your reputation with readers and commentators if you fail to tackle it. It is not uncommon for some WordPress websites to receive hundreds or even thousands of attacks every week. However, by using the Security CleanTalk plugin, all attacks will be stopped on your WordPress website.

How to test the security service?

Please use the wrong username or password to log-in to your WP admin panel to see how the Security Plugin works. Then you may log-in with your correct account name and see the logs for the last actions in the settings or our plugin. Also, Audit Log will display the last visited URL's of the current user.

Is the plugin compatible with WordPress MultiUser (WPMU or WordPress network)?

Yes, the plugin is compatible with WordPress MultiUser.

How to control security activities on your website?

Go to your CleanTalk account->Log. Use filters to sort data for analyses.

Security logs provide you to receive and keep information for 45 days. You have the following possibilities: 1. Time period for all records you want to see.

1. Website for which you want to see security records. Leave the field empty to see security records for all websites.

2. Choose an event you want to see:

   • Authorization Login — all successful logins to your website.
   • Authorization Logout — all closed sessions.
   • Authorization Invalid username — login attempts with not existing username.
   • Authorization Auth failed — wrong password login attempts.
   • Audit View — records of actions and events of users in your website backend.

3. Searching records by IP address.

4. Searching records by country.

There are date and time of events for each record, username who performed an action and his IP (country) address. How to use Security Log https://cleantalk.org/help/Security-Log

Is it possible to set custom email for notification?

Yes, it is possible. Go to your CleanTalk account->Change email https://cleantalk.org/my/change-email

Why do you need an access key?

Access Key allows you to keep statistics up to 45 days in the cloud and different additional settings and has more possibilities to sort the data and analyses. Our plugin evolves to Cloud Technology and all its logs are transferred to Cloud. Cloud Service takes data processing and data storage and allows to reduce your webserver load.

How to use Security Log

• First go to your Security Dashboard. Choose "Site Security" in the "Services" menu.
• Then go to your Security Log.

You have the following possibilities:

• Time period for all records you want to see.
• Website for which you want to see security records. Leave the field empty to see security records for all websites.

Choose an event you want to see:

• Authorization Login — all successful logins to your website.
• Authorization Logout — all closed sessions.
• Authorization Invalid username — login attempts with not existing username.
• Authorization Auth failed — wrong password login attempts.

Audit View — records of actions and events of users in your website backend.

• Searching records by IP address.
• Searching records by username.
• Searching records by country.

List of records. Each record has the following columns:

• Date — when the event happened.
• User Log — who performed actions.
• Event — what did he do.
• Status — was he Passed or Banned.
• IP — his IP address.
• Country — what country that IP belongs to.
• Details — some details if they are available.

Please, read more https://cleantalk.org/help/Security-Log

If you wish to block some countries from visiting your website, please, use this instruction: https://cleantalk.org/help/Security-Firewall

How to use Security Firewall

First go to your Security Dashboard. Choose "Site Security" in the "Services" menu. Then press the line "Black&White Lists" under the name of your website.

You can add records of different types to your black list or white list:

• IP-Addresses (For example 10.150.20.250, 10.10.10.10)
• Subnets (For example 10.150.20.250/24, 10.10.10.10/8)
• Countries. Click the line "Add a country" to blacklist or whitelist all IP-addresses of the chosen countries.

The records can be added one by one or all at once using separators: comma, semicolon, space, tab or new line. After filling the field press the button "Whitelist" or "Blacklist". All added records will be displayed in your list below. Please note, all changes will be applied in 5-10 minutes.

Please, read full instruction here https://cleantalk.org/help/Security-Firewall

How to test Security Firewall?

1. Open another browser or enter the incognito mode.
2. Type address YOUR_WEBSITE/?security_test_ip=ANY_IP_FROM_BLACK_LIST 2.1 Address 10.10.10.10 is local address and it's in blacklist constantly. So address YOUR_WEBSITE/?security_test_ip=10.10.10.10 will works everytime.
3. Make sure that you saw page with the blocking message.
4. FireWall works properly, if it is not, see item 4 of the list.

How does malware scanner work?

Malware scanner will check and compare with the original WP files and show you what files were changed, deleted or added. Malware scanner could be used to find an added code in WP files. On your Malware Security Log page, you will see the list of all scans that were performed for your website. The CleanTalk Cloud saves the list of the found files for you to know where to look them for.

How to start malware scanner?

At the moment malware scanner may be started one time per day and manually. To start malware scanner go to the WordPress Admin Page —> Settings —> Security by CleanTalk —> "Malware Scanner" tab —> Perform Scan. Give the Malware Scanner some time to check all necessary files on your website.

Is it free or paid?

The plugin is free. But the plugin uses CleanTalk cloud security service. You have to register an account and then you will receive a free trial to test. When the trial (on CleanTalk account) is finished, you can renew the subscription for 1 year or deactivate the Security by CleanTalk plugin. If you haven’t got access key, the plugin will work and you will have logs only on the plugin settings page for last 20 requests.

What happens after the end of the trial period?

The plugin will fully perform its functions after the end of the trial period and will protect your website from brute force attacks and will keep Action Log in your WP Dashboard, but the number of entries in the log will be limited to the last 20 entries/24 hours. Also, you will receive a short daily security report to your email.

Premium version allows to storage all logs for 45 days in the CleanTalk Dashboard for further analysis.

Brute Force security for WordPress

Brute force attack is an exhaustive password search to get full access to an Administrator account. Passwords are not the hard part for hackers taking into account the quantity of sent password variants per second and the big amount of IP-addresses.

Brute force attack is one of the most security issues as an intruder gets full access to your website and can change your code. Consequences of these break-ins might be grievous, your website could be added to the [botnet] and it could participate in attacks to other websites, it could be used to keep hidden links or automatic redirection to a suspicious website. Consequences for your website reputation might be very grievous.

Why is the CleanTalk Security Plugin Added to the Must Use Section?

This is required for the Security FireWall to function properly. Plugins that are placed in this section are being launched first, so it is very important that the Security FireWall is launched before any plugins and hooks. Thus, hacker requests will be stopped before they can get access to any site code.

Can I use CleanTalk Security and Wordfence together?

CleanTalk is a strong alternative to Wordfence, especially for users of Wordfence Premium. Anyway, you can use CleanTalk Security and Wordfence. Quite often we get question from our customers, will there be a conflict between CleanTalk and Wordfence? We tested CleanTalk Security and Wordfence working together and they work without any conflicts.

Can CleanTalk Security protect from DDoS?

Security FireWall can mitigate HTTP/HTTPS DDoS attacks. When an intruder makes GET requests to attack your website, Security FireWall blocks all requests from bad IP addresses. If your website under DDoS attack you will be able to add IPs to your personal BlackList to block all Post and GET requests.

= 2.181 June 08 2026 New. Settings. Signup wizard implemented. Upd. Renaming login page. Password-protected pages behavior fixed. Upd. Vulnerability Alarm Service. Cloud analysis logic implemented. Upd. Scanner. Minor code optimization.

= 2.180 May 25 2026 * Upd. Logging FW update. * New. EarlyTranslation. New class implemented to perform translations before init hook. * Mod. React. Continue switch auth block. (#640) * Upd. Scan. Improve Surface flow to count files. (#652) * Mod. Settings. Moving to React for Firewall settings, jest tests, bug fixes. * Fix. Vulnerability Alarm. Fixed typos in the description. * Upd. Scan. Improve flow to analyze irrelevant files. (#655) * Fix. PHP8. Prevent duplicate headers before sending HTTP response code. * Mod. Backups. Refactoring procedural functions into class methods (#626) * Fix. TimeLineWidget. Editing the grouping by hour intervals for the Most Active Users chart * Fix. Settings. Quick nav menu translating implemented. * Fix. Settings. Api-key validating fixed. * Fix. Settings. Initial settings render fixed. * Fix. Settings. Debug tab display fixed.

= 2.179 May 12 2026 Upd. Logging FW update. Auto-tests. Upd. Scan. Improve Surface flow to count files. Mod. React. Continue switch auth block. Mod. Link. Changing the link. Fix. Code. Github action fixed (xdebug activated). Fix. Logger. Logs update fixed.

= 2.178 Apr 27 2026 Upd. Vulnerability Alarm. Show badge for PSC safe plugins on the installed plugins list. Upd. Settings. Removing the link to install Gravity Forms to doBoard extension. Upd. Exclusion from external file. Updated refresh logic and conditions. Upd. Code. Unused code removed. Fix. FileStorage. Editing the use of arguments in fputcsv() Fix. Strings. Checking the definition of the file path. Fix. React. Api key get manual link. Fixed construction.

= 2.177 Apr 13 2026 Upd. User pass leak. Updates. Upd. Pass leaks. New class of limiter used. Upd. Rate limiter. Logic fixed. Mod. Auth. Mandatory password change, rate limit Mod. BFP. Disabling BFP by constant Fix. Auth. Edits to the Password Leak functionality Fix. Auth. Accounting for 2FA when setting authorization cookies Fix. Firewall. Confirm text for allow/ban fixed. Fix. Plugin uninstall. Remove all traces on WPMS. Fix. SecFW. Process files during FW update fixed. Fix. Security logs. Confirm modal for allow/ban actions implemented. Fix. Scanner. Quarantine action fixed. Fix. Firewall/Security tab. Data display fixed.

= 2.176 Mar 30 2026 New. RateLimiter. Classes implemented for strict calls frequency. Upd. 2FA. User with sufficient caps now can disable 2FA app. Upd. JestTests. Add new tests for settings tab, fix jest run. Upd. Settings. Update RC flow for license_update. Upd. Settings. React updates. Fix. GetModulesHashes. Filtering empty keys and delete cache after saving results. Fix. ListTable. Editing the display of all external links of the same domain. Fix. ListTable. Edit when using prepare(). Fix. LoginPageRename. Editing the connection wp-login.php with action = postpass. Fix. Security log. Loop logs ajax load fixed. Fix. Security log. Show more logs behavior fixed and updated.

= 2.175 Mar 17 2026 Upd. Links. Editing links Request Malware removal Fix. Links. Edit domain name Fix. Settings. Last sync date implementation. (#606) Fix. Firewall. Firewall logs interface fixed. (#608) Upd. Settings. Updated RC to init settings update. Fix. Settings. React - Settings Api key implemented. (#613) Fix. BFP. Edits to the authorization page definition Fix. Scanner. Actions description fixed. Fix. Code. Redirect check Fix. Pass check. Module working fixes. (#620) Fix. Settings debug. Debug collection and drop fixed. (#621) Upd. AdminBanners. Update user notification with detailed security recommendations. (#612) Fix. Settings. WPMS sync fixed. Fix. Password leak. Redirect after password change fixed. Fix. Editor disabler. Disabling plugins/themes editor fixed.

= 2.174 Mar 02 2026 New. Settings. Settings overview implemented. Upd. Security log. Login with token event added. Upd. Outbound links. Sanitize data before output. Upd. Security log. Sanitize data before output. Upd. Firewall. Sanitize data before output. Upd. Code. Gulp. CSS minifying updated.

= 2.173 Feb 16 2026 Upd. FileEditorDisable. Updated structure to keep file editor disabled. Upd. Banners. Improve dismiss statement. Upd. Scan. Improved sort opportunity. Fix. Code. Edits ip resolving Fix. SecFW. Checking request against logged_in fixed. Fix. Admin bar. Admins counter description fixed. Fix. Remote Calls. Skip check if no sign of RC action provided in Request.

= 2.172 Feb 02 2026 * Fix. Settings. Display modules list fixed. * Fix. Settings. check_pass__enable enabled for the new users. * Fix. Firewall. Changes to the Firewall test page * Fix. Code. Protects against PTR spoofing * Fix. Code. Checking the class_exists variable storage

= 2.171 Jan 18 2026 New. Code. Separate GitHub action for libraries checking. New. Settings. Added project management menu item. New. Settings. Added RC to init settings update. Upd. Code. PHP compatibility increased to 7.2. Upd. Settings. Disable REST access. Merged options. Upd. SecurityLogs. Improve operations with data on multisite. Upd. Scanner interface. Logs actions updated. Upd. Settings. Disable REST access. Merged options. Fix. Code. Heuristic library updated. Fix. Cron. Task spbc_scanner_update_pscan_files_status fixed. Fix. Activator. WPMS new blog activation fixed.

= 2.170 Dec 15 2025 Upd. Code. Refactoring Firewall tab to react. Upd. Automatic assets. Use .7zignore file. Code. PHPUnit. Now use SpbcTestCase as extension to force units isolation. Fix. Firewall. Fixed data providing. Fix. ScannerQueue. Edit using the plugins_api hook.

= 2.169 Dec 01 2025 * Fix. 2FA. Fixed 2FA for WooCommerce login. * Fix. Settings. Children elements state fixed. * Fix. Settings. Escaping page_url output in the Firewall table * Fix. Settings. Escaping user_agent output in the Firewall table * Fix. Settings. Fixed 2FA users roles setting. * Fix. WpFooter. Removed unnecessary styles and duplicates. * Github. Added action to create assets from dev/fix on push event * New. Scan. Added AJAX action for bulk restoring files from quarantine. * Upd. Dashboard widget. Show widget for roles filtered by hook. * Upd. Code. Libraries. Updated common libraries. * Upd. UserPassCheck. Added default roles depending on capabilities * Upd. UserPassCheck. Updated password change form.

= 2.168 Nov 10 2025 * Mod. Header. Splitting the Header component into separate components * Mod. Header. Editing styles * Fix. Header. Moving common styles to a higher level * Fix. SyncSettings. Reloading the page after syncing. * Fix. FSWatcher. Cron run implemented. * Fix. Settings. Settings validating fixed. * Upd. Settings. Updated wrong key banner show rules. * New. Banner. A banner about an empty key has been added, and the error block output has been corrected

= 2.167.2 Oct 30 2025 * Revert "Fix. Vulnerability alarm. Finally fixed the vulnerable and installed version comparison."

= 2.167.1 Oct 29 2025 * Fix. SyncSettings. Reloading the page after syncing. * Fix. Settings. Settings validating fixed.

= 2.167 Oct 27 2025 * Code. FSW Jest prepared. * Upd. Local domain host added. * New. FileOfPluginChecker. Trying to detect if a file is a part of non-wordpress repository plugin. * Fix. VulnerabilityAlarm. Slugs getting unified. * Upd. File of plugin. PHPUnit fixes. * Fix. VA. Psalm fixed. * Fix. Vulnerability alarm. Finally fixed the vulnerable and installed version comparison. * Fix. Settings. Traffic Control description fixed. * Upd. FSWatcher. Refactored to react. * Code. Removed unused FSW code. * Code. Localiztion removed. * New. VulnarabilityAlarm. Notification output in the theme details folder * Upd. Settings. Added UTM parameters to the registration link. * Fix. Ajax. Ajax actions checking fixed. * Fix. List Table. Query for limit/offset data fixed. * Upd. Settings. Added UTM parameters to the registration link. * Fix. FSWComparisonTableRow. Added React import * Fix. ListTable. Condition for adding actions

= 2.166.1 Oct 14 2025 * Fix. Settings. Settings updater fixed.

= 2.166 Oct 13 2025 * New. ProtectUploadsDir. Prevent PHP execution in uploads directory. * Fix. React. Active tab state issues resolved. * Fix. Settings. Simplified conditions and updated descriptions. * Upd. Timeline. Enhanced tooltip positioning and event highlighting. * Upd. Timeline. Activity now shown in widget header. * Mod. ScannerExclusions. Improved scan exclusion functionality. * Mod. UDPPhpExec. Updated handle() output and status collection logic. * Mod. SetCookies. Added security enhancements for cookie installation. * Mod. AltSessions. Removed REST route registration for security. * Mod. 2FA. Renamed Google authentication to 2FA app throughout codebase. * Ref. Code. Major refactoring for spbc-scanner file command.

= 2.165 Sep 29 2025 * New. CriticalUpdates. Switching to the Critical Updates react * Fix. CriticalUpdates. Using the research link from the backend * Upd. Scanner. Files row actions now has tooltips. * Upd. Scanner. Updated missed descriptions. * Ref. Code. Remove unnecessary Surface execution. * Mod. React. Switching from Critical Upd tab to react * Fix. React. Edits based on the review * Fix. React. The condition for adding Secure cookies * Mod. Security Log. Filtering unauthorized users in the widget graph * Fix. Remote calls. Debug RC now hide sensitive data.

= 2.164 Sep 11 2025 * Fix. Settings. Long description and long recommendation fixed. * Fix. Settings. Backups tab ico fixed. * New. Security log. Timeline widget. * Fix. UpdaterScript. Editing indexes for the spbc_users_pass table

= 2.163 Sep 01 2025 * Upd. Integrations. Add exclusions to prevent cache firewall block page. * Fix. React interface. Tabs has been rebuild to the own components. * Fix. SyncReact. Returned the file for processing synchronization requests * Fix. React. Error block * Fix. Settings. Fix long description

Look for early changelogs in changelog.txt

DEFAULT INSTALLATION

Here is a video guide with installation process or you can use the text version down below.

https://youtu.be/Ar18iIfHsdw

1. Download, install and activate 'Security by CleanTalk'.

2. Get Access key https://cleantalk.org/wordpress-security-plugin

3. Enter Access key in the settings WordPress console -> Settings -> Security by CleanTalk -> General settigns. Save Changes.

4. Go to Malware scanner tab and do the very first scan.

5. Done! The plugin is ready to use.

INSTALLATION FROM THIRD-PARTY SOURCE

1. Download latest version on your computer's hard drive,

https://downloads.wordpress.org/plugin/security-malware-firewall.zip

1. Go to your WordPress Dashboard->Plugins->Add New->Upload CleanTalk zip file.

2. Click Install Now and Activate.

3. After activated, go to plugin settings. Then you will need to create an API key, this is done automatically for you. Just click on "Get access key automatically"

Installation completed successfully.

Installation from wordpress.org directory

1. Navigate to Plugins Menu option in your WordPress administration panel and click the button "Add New".

2. Type CleanTalk in the Search box, and click Search plugins.

3. When the results are displayed, click Install Now.

4. Select Install Now.

5. Then choose to Activate the plugin.

6. After activated, go to plugin settings. Then you will need to create an API key, this is done automatically for you. Just click on "Get access key automatically"

Installation completed successfully.

Firewall log tab. The log includes detailed info about each of visitor that reached the site and his firewall check status. Also show Traffic Control activity for the user.



Critical Updates tab. Critical Updates interface.



File System Watcher tab. File System Watcher interface.



Malware scanner tab. Here you can scan all WordPress files for malicious and suspicious code and see the result.



Security Log tab. The log includes list of Brute force attacks or failed logins and list of successful logins for up to 45 days. The plugin keeps the log on CleanTalk servers to make the log not accessible for hackers.



General settings tab. Here you can manage all the plugin settings.



Summary tab. The general info about the plugin state.



Backups interface. How the backups interface looks.



General settings - authentication and log in. Here you can manage Brute-Force protection, 2FA auth and change login URL.



General settings - firewall. Here you can manage Firewall modules and Traffic Control settings.



General settings - scanner. Here you can manage automatic scanner start, types of checks, directories exclusions for scanner and enable important files monitoring.



General settings - admin bar. Here you can set behavior of admin bar module.



Admin bar. How the admin bar module looks.



General settings - trusted text. Here you can manage your affiliate links and trusted text shown for visitors.



Trusted text. How the trusted text looks.



Malware scanner results - critical. There is a list of files that contains dangerous code or malware signatures.



Malware scanner results - suspicious. There is a list of files that contains suspicious code.



Malware scanner results - approved. There is a list of files that were approved by user, Cloud analysis or CleanTalk team.



Malware scanner results - analysis log. There is a list of files that were sent for Cloud Malware Scanner analysis and their status.



Malware scanner results - unknown. There is a list of files that contain no malware, but they are not a part of WordPress core or plugins/themes.



Malware scanner results - cured. There is a list of files that have been automatically cured.



Malware scanner results - frontend malware. There is a list of frontend pages that contains malicious HTML/JavaScript code.



Malware scanner results - unsafe permissions. There is a list of files that could be reached by a hacker because of unsafe permission set.



Malware scanner results - PFD report. How the PDF report of scan results looks.



Templates interface. Using this interface you can apply the settings from another site of your CleanTalk account or a template saved before.



Example of blocking page - Firewall. If the visitor IP is in hazardous net list or blacklisted in your personal list, he will see this screen.



Example of blocking page - XSS. If the visitor attempts to implement XXS, he will see this screen.



Example of blocking page - SQL. If the visitor attempts to implement SQL injection, he will see this screen.



Example of blocking page - Brute-Force. If the visitor tried to use wrong credentials for many times, he will see this screen.



Example of blocking page - Traffic Control. If the visitor has requested site pages too often, he will see this screen.