WordPress.org

Plugin Directory

Spam Protection by CleanTalk (no Captcha Anti-Spam)

Spam protection, anti-spam, all-in-one, premium plug-in. No comments spam & users spam, no contact form & WooCommerce spam. Forget spam.

Does the plugin protect from brute force, DoS attacks and spam attacks?

Yes, it does. Please turn the option 'SpamFireWall' on in the plugin settings to protect your website from DoS/DDoS, XML-RPC attacks.

Is the anti-spam protection safe for mobile visitors?

Yes, it is. The plugin doesn't block mobile visitors as well as desktop website visitors. It uses several independent anti-spam tests to decrease the number of false outcomes and to have as low false-positive rate as possible. Multiple anti-spam tests help to avoid false/positive blocks for real website visitors even if one of the tests failed.

What does the plugin do with spam comments?

Spam comments are being moved to SPAM folder by default or you can set the option to ban spam comments silently.

How does the plugin stop spam?

Please, note — administrator's actions are NOT being checked.

The plugin uses several simple tests to stop spammers:

  1. JavaScript anti-spam test. 99% of spam bots don't have full JavaScript functions support. So, the plugin has the code which can be run by normal visitor and can't be run by the spam bot.
  2. Email, IP, domain spam activity list entries check. The plugin uses spam activity database online at cleantalk.org, consisting of more than 20 billion spam activity records of IPs, Emails, Domains and ASN. If the sender's IP or Email is in the database, the sender gets some spam scores. To reduce false/positive rate the plugin not only uses the blacklist test to ban spammers, the sender will be banned when and only when multiple spam tests have been failed.
  3. Comment submit time. Spam bots usually submit the info immediately after the page has been loaded, this happens because spam bots don't actually fill the web form, they just send $_POST data to the blog. The normal visitor sends the data after several seconds or minutes.

Will the anti-spam plugin protect my theme?

Yes, it will. The Anti-spam by CleanTalk is compatible with any WordPress theme.

How can I test the anti-spam protection?

Please use the email stop_email@example.com for comments, contacts or signups to see how the anti-spam protection works. Also you can see the logs for the last 7 days at the Control panel or look at the folder "Spam" for banned comments.

Is the plugin effective against spam bots?

The plugin Anti-Spam by CleanTalk stops up to 99.998% of spam comments, spam signups (registrations), spam contact emails, spam subscriptions, spam bookings or spam orders.

What about pingback, trackback spam?

The plugin passes pingbacks without any checks by default. All trackbacks will be blocked if the sender had spam activity.

Can I use CleanTalk with Akismet?

Sure, you can use CleanTalk with Akismet. In this case you will probably have higher false/positive rate (when legitimate comments/signups are being denied), but you will have stronger antispam protection on your website.

Is CleanTalk better than Akismet?

Please look at this features comparison here https://cleantalk.org/cleantalk-vs-akismet

Can I use CleanTalk to remove pending spam comments?

Yes, you can. The plugin has the option to test all pending comments via database of spam active IP/Email, found spam comments will be moved to Trash folder.

How does the plugin find spam in pending comments or registered accounts?

The plugin checks all non-spam comments in the blacklist database and shows you those senders who have spam activity on other websites. There are some differences between blacklist database and API to protect you from spam bot registrations/comments online. Blacklists show all history of spam activity, but our API (which is used in spam tests) relies on other parameters too: last day of activity, number of spam attacks during the last days etc. These mechanisms help us to reduce the number of false outcomes. So, there is nothing strange, if some emails/IPs are not found by bulk comments/accounts test.

To check comments please go here:

WordPress console -> Comments -> Find spam comments

To check users please go here:

WordPress console -> Users -> Find spam users

Should I use other anti-spam tools (Captcha, reCaptcha and etc.)?

CleanTalk stops up to 99.998% of spam bots, so you can disable other anti-spam plugins (especially CAPTCHA-type anti-spam plugins). In some cases several anti-spam plugins could conflict with each other, so it would be better to use just one plugin.

Is the plugin compatible with WordPress MultiUser (WPMU or WordPress network)?

Yes, the plugin is compatible with WordPress MultiUser. Each blog in multisite environment has individual anti-spam options for the protection from spam bots.

After the installation I noticed that the number of spam attacks has been increased in the statistics

There are a few reasons for this:

  • With the indexing of your web-site by the search systems, appearance of external links and better search results position, your web-site attracts more and more spambots.
  • Non-transparent protection systems like CAPTCHA or question/answer, that don't have spam attacks statistics, don't let you see the whole picture, or the picture is incomplete.
  • Counting methods for spam attacks and spam bots are different for different systems, thus the diversity appears. We seek to provide detailed statistics.

Why my dummy "spam" comment passed to the WordPress?

The plugin has several options to detect spam bots and humans. If you just post spammy text like this:

"I want to sell something", "Buy something here.." and etc

the comments will be passed, because the plugin detects sender as a human. So, use special email stop_email@example.com to test the anti-spam functionality or wait a few days to see how the plugin works.

Is it free or paid?

The plugin is free. But the plugin uses CleanTalk cloud service to filter spam bots. You have to register an account and then you will receive a free trial to test anti-spam for comments, registrations, bookings, contacts or orders. When the trial (on CleanTalk account) is finished, you can renew the subscription for 1 year or deactivate anti-spam plugin.

Can I use CleanTalk with cache plugins?

Anti-spam by CleanTalk doesn't use static HTML code in its templates, so all anti-spam functions work correctly with any WordPress cache plugins.

Does the plugin protect from spam bots if I use forms with third-party services?

Yes, it does. Plugin protects web-forms on your websites which send data to third-party servers (like MailChimp). To enable this protection set the option 'Protect external forms' in the plugin settings.

Does CleanTalk compatible with Cloudflare?

CleanTalk is fully compatible with CloudFlare. Service doesn't filter CloudFlares IP's (AS13335) through blacklists database, so in this case plugin/service filters spam bots using other anti-spam tests.

Is CleanTalk compatible with a content delivery network (CDN)?

Yes, it is. CleanTalk works with any CDN system, i.e. CloudFlare, MaxCDN, Akamai.

Can I use CleanTalk functionality in my plugins?

Yes, you can. Just use following snippet:

<?php 
if(!function_exists('ct_test_message')){
    include_once( ABSPATH . '/wp-content/plugins/cleantalk-spam-protect/cleantalk.php' );
}   
//for registration test:
$res=ct_test_registration("nickname", "stop_email@example.com", "127.0.0.1");
//or for some other messages (contact forms, comments etc.)
$res=ct_test_message("nickname", "stop_email@example.com", "127.0.0.1", "test message");

$res now contents array with two parameters: * $res['allow'] - is request allowed (1) or not (0) * $res['comment'] - comment for our server's decision.

I see two loads of script cleantalk_nocache.js. Why do you use it twice?

This script is used for AJAX JavaScript checking. Different themes use different mechanisms of loading, so we use two methods for loading our script. If you absolutely know what you are doing, you can switch one of the methods off by defining constants in your wp-config.php file:

define('CLEANTALK_AJAX_USE_BUFFER', false); //false - don't use output buffering to include AJAX script, true - use it

or

define('CLEANTALK_AJAX_USE_FOOTER_HEADER', false); //false - don't use wp_footer() and wp_header() for including AJAX script, true - use it

Can I add exclusions for some pages of my site?

Yes, you can. Add this string in your wp-config.php file before defining database constants:

$cleantalk_url_exclusions = Array('url1', 'url2', 'url3');

Now, all pages containing strings 'url1', 'url2', or 'url3' will be excluded from anti-spam checking. Remember, that this option will not be applied in registration and comment checking — they are always protected from spam.

Can I not send my personal data to CleanTalk servers?

Yes, you can exclude your data. Add this string in your wp-config.php file before defining database constants:

$cleantalk_key_exclusions = Array('key1', 'key2', 'key3'); 

Now all fields in your submissions with the keys named 'key1', 'key2' or 'key3' will be excluded from spam checking.

How to test SpamFireWall?

Use special IP 10.10.10.10 in URL to test SpamFireWall. For example,

https://cleantalk.org/blog/?sfw_test_ip=10.10.10.10

How can I enter access key in WPMU version?

To set up global CleanTalk access key for all websites in WPMU, define constant in your wp-config.php file before defining database constants:

define('CLEANTALK_ACCESS_KEY', 'place your key here');

Now, all subsites will have this access key.

Why is CleanTalk faster and more reliable than stand-alone solutions?

All anti-spam checks are held in the cloud and don't overload the web server. The cloud solutions have a huge advantage since the parameters are being compared with information from more than 100,000 websites.

I see a lot of blocked messages with the reason "Forbidden. Please enable JavaScript. Spam sender name." in my logs

A lot of spam bots can't perform JavaScript code, so it is one of the important checks and most of the spam bots will be blocked with the reason "Forbidden. Please enable JavaScript. Spam sender name." All browsers can perform JS code, so real visitors won't be blocked.

If you or some of your visitors have the error "Forbidden. Enable JavaScript." please check JavaScript support in your browser and do this JavaScript test at this page: https://cleantalk.org/checkout-javascript-support.

If you think that there is something wrong in the messages blocking, let us know about it. Please submit a support request here: https://cleantalk.org/my/support.

Does the plugin work with Varnish?

CleanTalk works with Varnish, it protects WordPress against spam, but by default the plugin generates a few cookies for the protection from spam bots and it also disables Varnish cache on pages where CleanTalk's cookies have been stored. To get rid of the issue with cache turn off the option 'Set cookies' in the plugin settings.

WordPress console -> Settings -> CleanTalk -> Advanced settings

Now the plugin will protect WordPress comments, registrations and most of popular contact forms, but will not protect some of rarely used contact forms.

Does the anti-spam plugin work with Accelerated Mobile Pages (AMP)?

Yes, it does. But you have to turn off the option 'Use AJAX for JavaScript check' in Advanced settigns of the plugin to be fully compatible with Accelerated Mobile Pages.

How to close renewal or trial notice in the WordPress backend?

To close the notice please save the plugin settings again or it will be closed automatically within 60 minutes after the renewal.

Requires: 3.0 or higher
Compatible up to: 4.6.1
Last Updated: 1 hour ago
Active Installs: 40,000+

Ratings

4.9 out of 5 stars
5 stars 1,422

Support

1 of 1 support threads in the last two months have been marked resolved.

Got something to say? Need help?

Compatibility

+
=
Works!

5 people say it works.
0 people say it's broken.

100,2,2
100,2,2
100,3,3 100,1,1
100,1,1 100,1,1 100,1,1 100,1,1
100,1,1 100,2,2 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1
100,3,3 100,2,2 100,2,2 100,3,3 100,4,4 100,4,4 100,4,4 100,1,1 100,3,3 100,1,1
100,6,6 100,4,4 100,4,4 100,3,3
100,2,2 100,7,7 100,4,4 100,6,6 100,1,1
100,7,7 100,4,4
100,5,5
83,6,5 100,7,7 100,7,7 100,6,6 100,8,8 100,4,4 100,1,1 100,5,5 100,5,5
100,5,5 100,7,7 100,5,5 100,5,5
100,1,1 100,6,6 100,5,5 100,7,7 100,4,4 100,4,4 100,5,5
100,4,4
100,5,5
100,4,4 100,4,4 100,4,4 100,3,3 100,1,1
100,2,2 100,6,6 100,4,4 100,5,5 100,4,4 100,4,4 80,5,4 100,1,1 100,4,4 100,4,4 100,4,4 100,4,4 100,3,3 100,1,1
100,1,1 100,3,3 100,4,4 100,4,4 100,4,4 100,4,4 100,1,1
100,4,4 100,4,4 100,4,4 100,5,5 100,5,5 100,6,6 100,4,4 100,4,4 100,4,4 100,5,5 100,5,5 100,5,5
100,4,4 100,3,3 100,3,3 100,4,4 71,7,5 100,5,5
100,1,1 100,2,2 100,1,1 100,5,5 100,4,4 100,4,4 100,4,4 80,5,4 100,4,4
100,4,4 100,4,4 100,5,5 100,4,4 100,4,4 100,4,4 100,5,5 100,7,7 100,4,4 100,4,4 100,3,3
100,1,1
100,1,1 100,1,1
100,2,2 100,3,3
100,1,1 100,5,5 100,3,3
100,4,4 100,5,5 80,5,4 100,4,4 100,2,2 100,3,3 100,4,4 100,2,2 100,1,1 100,1,1 100,1,1 100,2,2 100,3,3 100,3,3 100,3,3 100,4,4
100,4,4 100,4,4
100,4,4 100,4,4 100,4,4
100,5,5 100,4,4 100,4,4 100,5,5 100,4,4 100,4,4 100,4,4 100,5,5 100,1,1 100,1,1 100,2,2 100,1,1 100,1,1 100,2,2 100,2,2 100,2,2 100,2,2 100,2,2 100,2,2 100,1,1 100,1,1 100,1,1 100,2,2
100,4,4 100,3,3 100,4,4 100,4,4 100,4,4 100,5,5 100,4,4 100,5,5 100,4,4 100,4,4 100,5,5 100,4,4 100,4,4 100,6,6 100,2,2
100,4,4 100,5,5 100,5,5 100,2,2 100,2,2
100,4,4 100,6,6
100,5,5 100,4,4 100,9,9 100,4,4 100,1,1 100,5,5 100,5,5
100,5,5 100,4,4
100,5,5 100,5,5
100,3,3 100,6,6 100,7,7 100,7,7 100,6,6
100,1,1 100,6,6 100,6,6 100,5,5 100,3,3 100,4,4 100,7,7 100,5,5
100,6,6 100,5,5
100,1,1 100,5,5