Spam, hacking, and malware are the banes and curses of every WordPress site
While WordPress is the best solution for building your business website, it has long been a favorite target for spammers, because most users don’t secure their websites. To be clear, the WordPress core software is secure. It releases regular updates to patch vulnerabilities and provides a large support community who work to keep its operation efficient and and safe. Any weaknesses in the platform are often related third-party plugins and theme code. Still, users of self-hosted websites must do their part to keep the platform resistant to unauthorized intrusion.
Using spam bots—unscrupulous automated computer programs that deceive web servers into delivering spam messages or malware to unsuspecting sites—spammers gain access by posting comments or by filling out website contact and registration forms. Often, their intent is luring visitors to click on links that lead to fake or unscrupulous websites.
Sometimes spam bots may also attempt to send out emails from addresses on your domain infected with malware code, damaging your relationships with customers and possibly exposing connected devices and social media accounts to the risk. Left unchecked, it might affect your site’s SEO ranking and discourage users from posting comments on your site.
WordPress has some built-in protection against spam such as moderation or disallowing comments, and trackbacks—links and optional snippets of text from other blog posts. While these methods help control or eliminate comment spam, they don’t protect contact or registration forms.
I found affordable and effective site protection solutions in a couple of plugins from CleanTalk’s line of products.
Stop bots from wreaking havoc on your site
Contact and registration forms are ideal targets for spammers. One method of combating form spam is by using Google ReCaptcha, which is free, but is difficult to set up and requires heavy user interaction—math problems or those visual puzzles, which I rarely get right the first time. This frustrating encounter might cause legitimate site visitors to become discouraged and give up on trying to contact you. The unremovable ReCaptcha log is also annoying and outdated.
Akismet, the anti-spam plugin often pre-installed with WordPress activations, is effective, but it is not free. $100 for a one-year subscription for one commercial website is a steep price to pay for a small business. I’ve always been leery about pre-installed plugins in this age of subscription-crazed overpriced offerings where premium upgrades and strings attached abound.
Ffter doing some research, I found exceptions to this rule—affordable and effective site protection solutions in a couple of plugins from CleanTalk’s line of products.
CleanTalk Anti-Spam plugin
The first plugin I installed was CleanTalk’s Anti-Spam. It’s fast real-time invisible cloud-based spam protection requires no user interaction.
Installation is straight forward and accomplished from the WordPress dashboard. The plugin can be downloaded through the WordPress dashboard or from the CleanTalk website. To activate the plugin, you’ll need to set up a CleanTalk account, complete the plugin purchase and access the web control panel to find your access key, which you’ll paste into the settings panel in the WordPress dashboard. There’s a guide on CleanTalk’s website to help with the installation process.
The plugin configuration panel can be accessed in WordPress admin welcome screen, from the dashboard Settings submenu, or by choosing the Installed Plugins dashboard submenu.
Once inside the plugin configuration panel, you can scan your site for existing comment spam and enable real-time protection against future spam, including registration and contact forms. The program also offers the option to perform real-time checking of email addresses to see if they exist.
The CleanTalk dashboard makes accessing site reports, or adding and removing sites, IP addresses, and originating countries a breeze.
A few of the other benefits offered by the Anti-spam plugin include:
- anti-spam filtering and logging
- a spam firewall to track and block spam bot access to your website
- removing links from comments and forms
- a whitelist/blacklist option for you to approve or disallow certain IP and email addresses
- email notifications of new comment submissions
- weekly statistics on spam attacks
- a 45-day log
- an intuitive web control panel with detailed identifying and tracking of spam attempts, including country of origin
- email notifications of administrator website logins
- spam attempts in contact and registration forms are filtered, and in most, cases never make it to an email inbox
The second-best thing about this plugin, after its effectiveness, is its pricing—starting at $8.00 for a year’s protection of one website and scaling up to $180.00 for unlimited websites. Right now, I pay $16 a year for protection on this site and two others I manage.
The plugin’s value makes it hard to ignore when you consider its cost.
Security by CleanTalk Plugin
I also purchased and installed the Security by CleanTalk plugin on this website.
Unprotected WordPress sites are subject to intrusion by hackers and their low-life brethren. Distributed Denial of Service (DDoS)— network attacks through multiple computer systems are troublesome, as are brute force attacks where intruders attempt to gain access by guessing admin passwords through trial-and-error testing of common phrases and character combination. The Security by CleanTalk plugin serves as a deterrent to these threats and others.
Like the Anti-Spam plugin, installation of the Security by CleanTalk plugin is quick and easy. As with their other products, a separate online guide is provided on the CleanTalk website along with a plugin download link. The plugin settings can be accessed through Settings menu in the WordPress dashboard. A green check marks or red X at the top of the plugin panel indicates protection status in six critical areas:
- Brute Force Protection
- Firewall
- Malware Scanner
- Security Report
- Security Audit Log
- SSL Installed
The program tracks and logs all logins to administrator accounts and sends email notification of successful attempts. If it encounters five consecutive failed login attempts within 15 minutes, it will block access for the default setting of one hour. This setting can be adjusted from as little as 2 minutes to 24 hours. Added layers of protection are available in the options of turning on 2-Factor Authentication (2FA) for all logins or only for new devices or changing the default login address to a login script or redirecting them to a private page.
Firewall settings blocks malicious code injections and dangerous uploaded files. It also monitors excessive visitor requests and blocks visitors who exceed a set threshold for a user-determined time ranging from 30 minutes to 4 hours.
By default, the malware scanner is auto enabled to scan a website every 24 hours and send an email report of its results.
A tab button in the plugin panel gives access to the cloud security control panel, the WordPress support forum, and permits easy synchronization with settings adjusted in the cloud security control panel.
As of the date of this post, Security By CleanTalk ranges in price for $9/year for one website to $18/month for unlimited websites. I’m paying $24/year to protect three websites.
Final observations
When it comes to your WordPress website is there anything more annoying and dangerous than spam and hacking attempts? Sure, a theme or plugin that does not work as advertised can get on your nerves, but spam and malware intrusion rank right near the top in the frustration department. Add over-paying for a plugin you need to that list and you get the picture.
If you’re like me, I look for every opportunity to save money on business expenditures, including those associated with my website. But I also need to know my site is protected, since it’s my income lifeline.
Thanks to CleanTalk’s Anti-Spam and Security by CleanTalk, all my websites run without disturbance from spammers and other cyber ne’er-do- wells. The plugins are easy to install, effective, easy to use, have excellent reporting functions accentuated by the intuitive cloud-based dashboard that lets me check the health of my site anytime day or night.
A one-year investment of $40 has my sites protected, has helped me to save lots of money, and gives me a couple of less things to worry about.
To find out more about these plugins, visit their website at cleantalk.org.
Share This Story!
Related Posts
Spam, hacking, and malware are the banes and curses of every WordPress site
While WordPress is the best solution for building your business website, it has long been a favorite target for spammers, because most users don’t secure their websites. To be clear, the WordPress core software is secure. It releases regular updates to patch vulnerabilities and provides a large support community who work to keep its operation efficient and and safe. Any weaknesses in the platform are often related third-party plugins and theme code. Still, users of self-hosted websites must do their part to keep the platform resistant to unauthorized intrusion.
Using spam bots—unscrupulous automated computer programs that deceive web servers into delivering spam messages or malware to unsuspecting sites—spammers gain access by posting comments or by filling out website contact and registration forms. Often, their intent is luring visitors to click on links that lead to fake or unscrupulous websites.
Sometimes spam bots may also attempt to send out emails from addresses on your domain infected with malware code, damaging your relationships with customers and possibly exposing connected devices and social media accounts to the risk. Left unchecked, it might affect your site’s SEO ranking and discourage users from posting comments on your site.
WordPress has some built-in protection against spam such as moderation or disallowing comments, and trackbacks—links and optional snippets of text from other blog posts. While these methods help control or eliminate comment spam, they don’t protect contact or registration forms.
I found affordable and effective site protection solutions in a couple of plugins from CleanTalk’s line of products.
Stop bots from wreaking havoc on your site
Contact and registration forms are ideal targets for spammers. One method of combating form spam is by using Google ReCaptcha, which is free, but is difficult to set up and requires heavy user interaction—math problems or those visual puzzles, which I rarely get right the first time. This frustrating encounter might cause legitimate site visitors to become discouraged and give up on trying to contact you. The unremovable ReCaptcha log is also annoying and outdated.
Akismet, the anti-spam plugin often pre-installed with WordPress activations, is effective, but it is not free. $100 for a one-year subscription for one commercial website is a steep price to pay for a small business. I’ve always been leery about pre-installed plugins in this age of subscription-crazed overpriced offerings where premium upgrades and strings attached abound.
Ffter doing some research, I found exceptions to this rule—affordable and effective site protection solutions in a couple of plugins from CleanTalk’s line of products.
CleanTalk Anti-Spam plugin
The first plugin I installed was CleanTalk’s Anti-Spam. It’s fast real-time invisible cloud-based spam protection requires no user interaction.
Installation is straight forward and accomplished from the WordPress dashboard. The plugin can be downloaded through the WordPress dashboard or from the CleanTalk website. To activate the plugin, you’ll need to set up a CleanTalk account, complete the plugin purchase and access the web control panel to find your access key, which you’ll paste into the settings panel in the WordPress dashboard. There’s a guide on CleanTalk’s website to help with the installation process.
The plugin configuration panel can be accessed in WordPress admin welcome screen, from the dashboard Settings submenu, or by choosing the Installed Plugins dashboard submenu.
Once inside the plugin configuration panel, you can scan your site for existing comment spam and enable real-time protection against future spam, including registration and contact forms. The program also offers the option to perform real-time checking of email addresses to see if they exist.
The CleanTalk dashboard makes accessing site reports, or adding and removing sites, IP addresses, and originating countries a breeze.
A few of the other benefits offered by the Anti-spam plugin include:
- anti-spam filtering and logging
- a spam firewall to track and block spam bot access to your website
- removing links from comments and forms
- a whitelist/blacklist option for you to approve or disallow certain IP and email addresses
- email notifications of new comment submissions
- weekly statistics on spam attacks
- a 45-day log
- an intuitive web control panel with detailed identifying and tracking of spam attempts, including country of origin
- email notifications of administrator website logins
- spam attempts in contact and registration forms are filtered, and in most, cases never make it to an email inbox
The second-best thing about this plugin, after its effectiveness, is its pricing—starting at $8.00 for a year’s protection of one website and scaling up to $180.00 for unlimited websites. Right now, I pay $16 a year for protection on this site and two others I manage.
The plugin’s value makes it hard to ignore when you consider its cost.
Security by CleanTalk Plugin
I also purchased and installed the Security by CleanTalk plugin on this website.
Unprotected WordPress sites are subject to intrusion by hackers and their low-life brethren. Distributed Denial of Service (DDoS)— network attacks through multiple computer systems are troublesome, as are brute force attacks where intruders attempt to gain access by guessing admin passwords through trial-and-error testing of common phrases and character combination. The Security by CleanTalk plugin serves as a deterrent to these threats and others.
Like the Anti-Spam plugin, installation of the Security by CleanTalk plugin is quick and easy. As with their other products, a separate online guide is provided on the CleanTalk website along with a plugin download link. The plugin settings can be accessed through Settings menu in the WordPress dashboard. A green check marks or red X at the top of the plugin panel indicates protection status in six critical areas:
- Brute Force Protection
- Firewall
- Malware Scanner
- Security Report
- Security Audit Log
- SSL Installed
The program tracks and logs all logins to administrator accounts and sends email notification of successful attempts. If it encounters five consecutive failed login attempts within 15 minutes, it will block access for the default setting of one hour. This setting can be adjusted from as little as 2 minutes to 24 hours. Added layers of protection are available in the options of turning on 2-Factor Authentication (2FA) for all logins or only for new devices or changing the default login address to a login script or redirecting them to a private page.
Firewall settings blocks malicious code injections and dangerous uploaded files. It also monitors excessive visitor requests and blocks visitors who exceed a set threshold for a user-determined time ranging from 30 minutes to 4 hours.
By default, the malware scanner is auto enabled to scan a website every 24 hours and send an email report of its results.
A tab button in the plugin panel gives access to the cloud security control panel, the WordPress support forum, and permits easy synchronization with settings adjusted in the cloud security control panel.
As of the date of this post, Security By CleanTalk ranges in price for $9/year for one website to $18/month for unlimited websites. I’m paying $24/year to protect three websites.
Final observations
When it comes to your WordPress website is there anything more annoying and dangerous than spam and hacking attempts? Sure, a theme or plugin that does not work as advertised can get on your nerves, but spam and malware intrusion rank right near the top in the frustration department. Add over-paying for a plugin you need to that list and you get the picture.
If you’re like me, I look for every opportunity to save money on business expenditures, including those associated with my website. But I also need to know my site is protected, since it’s my income lifeline.
Thanks to CleanTalk’s Anti-Spam and Security by CleanTalk, all my websites run without disturbance from spammers and other cyber ne’er-do- wells. The plugins are easy to install, effective, easy to use, have excellent reporting functions accentuated by the intuitive cloud-based dashboard that lets me check the health of my site anytime day or night.
A one-year investment of $40 has my sites protected, has helped me to save lots of money, and gives me a couple of less things to worry about.
To find out more about these plugins, visit their website at cleantalk.org.
