Title: Login Security, FireWall, Malware removal by CleanTalk Author: CleanTalk Inc Published: August 24, 2016 Last modified: April 13, 2026 --- Search plugins ![](https://ps.w.org/security-malware-firewall/assets/banner-772x250.jpg?rev=3340297) ![](https://ps.w.org/security-malware-firewall/assets/icon-256x256.gif?rev=2295231) # Login Security, FireWall, Malware removal by CleanTalk By [CleanTalk Inc](https://profiles.wordpress.org/cleantalk/) [Download](https://downloads.wordpress.org/plugin/security-malware-firewall.2.177.zip) * [Details](https://wordpress.org/plugins/security-malware-firewall/#description) * [Reviews](https://wordpress.org/plugins/security-malware-firewall/#reviews) * [Installation](https://wordpress.org/plugins/security-malware-firewall/#installation) * [Development](https://wordpress.org/plugins/security-malware-firewall/#developers) [Support](https://wordpress.org/support/plugin/security-malware-firewall/) ## Description Brute force, Login security & Two Factor Auth (2FA). Limit login. Malware & Vulnerabilities scan. FireWall. Enterprise ready security plugin. ### SECURITY PLUGIN BY CLEANTALK (SPBCT) We focus on eliminating the most common security threats for WordPress. At the same time, we strive to ensure that **site performance remains unaffected**. To achieve this, each release goes through automated and expert-driven testing pipelines. We also verify performance using Google PageSpeed Insights and GTMetrix. Typically, we release a new version twice a month to keep features up to date and protection strong. #### SECURITY FEATURES * **Limit Login Attempts and rate limits for logins.** * **Two Factor Authentication (2FA)** * **Custom wp-login URL (wp-login.php)** * **Hide Login Default Login Page** * **Disable or Stop User Enumeration** * **Brute force protection for WordPress accounts and passwords** * **Security Protection for WordPress login form** * **Security FireWall by IP, Networks or Countries** * **Web Application Firewall (WAF)** * **Real-time traffic monitor (Visitors per pages, IPs, Countires and hits counts per page)** * **Malware scanner with auto-cure function** * **Daily auto malware scan** * **Vulnerabilities scanner among installed plugins and themes** * **Security weekly reports to email** * **Notifications of login events to your website** #### FREE TRIAL THEN $9 PER YEAR CleanTalk is a Cloud security service that protects your website from online threats and provides you great security instruments to control your website security. We provide detailed security stats for all of our security features to have a full control of security. We believe the most honest approach is when every user pays a small fee for using the service, rather than relying on a freemium model where some users subsidize others. The fee is as low as price of a good cup of coffee! So, the security plugin does not have a PRO version-it is completely free and works in combination with our premium Cloud security service at cleantalk.org. Every user has full access to all features of both the service and the plugin. Also, please take a note about [WordPress.org policy](https://developer.wordpress.org/plugins/wordpress-org/detailed-plugin-guidelines/#6-software-as-a-service-is-permitted) ### BRUTE FORCE PROTECTION Our default anti–brute-force policy works as follows, * For any failed login attempt to the WordPress admin area, the plugin introduces a brief delay of a few seconds. * The plugin reviews the security audit log every hour. If any IP address records 10 or more login attempts in that period, it will be blocked for 24 hours. #### ALL BRUTE FORCE PROTECTION FUNCTIONS * **Maximum failed attemtps to login before ban (default is 5).** A failed attempt happens when either the login or password is incorrect. * **Time frame to count login attempts (default is 15 minutes).** * **Ban to login time frame from 2 minutes to 24 hours (default is 1 hour).** * **Two-factor authentication (2FA) with abillity to apply policy to specific users roles.** * **Prevent collecting of login on password reset error.** The option exclude the info about the login existing on password change error. Error message will be replaced with followed text: “If the user with the specified credentials exists, check your email for the password reset confirmation link. Then visit login page.” * **Security Audit Log.** Keeps track of actions in the WP Dashboard to let you know what is happening on your blog. With the Security Audit Log is very easy to see user activity in order to understand what changes have done and who made them. Security Audit Log shows who logged in and when and how much time they spent on each page. * **Two Factor Authentication (2FA).** It requires a bit of your time but Two Factor( 2 Step) Authentication immediately gives a much higher level of security.With your first authorization, the CleanTalk Security plugin remembers your browser and you won’t have to input your authorization code every time anymore. However, if you started to use a new device or a new browser then you are required to input your security authorization code. CleanTalk security plugin will remember your browser for 30 days. * **Change the URL of the wp-login page.** This option helps you change the default wp-login URL (wp-login.php). Hackers use scripts for massive brute-force attacks, and since most sites use a default login page URL, hackers configure scripts for such URLs. When you change the URL of the authorization page, hackers will not have the opportunity to perform brute-force attacks in scripts in automatic mode. This option does not change files and does not rewrite URLs in system files. To return the address of the default authorization page, it is enough to disable the option in the plugin settings or set a new value. If you are using caching plugins, then you need to add a new authorization page in the caching exceptions. * **Leaked password check.** This feature enhances your website’s security by continuously monitoring users’ passwords for potential exposure in known data breaches and on the dark web. It works in the background and requires no action from users unless a leak is detected. ### SECURITY FIREWALL To enhance the security of your site, you can use the CleanTalk Security FireWall, which will allow you to block access by HTTP/HTTPS to your website for individual IP addresses, IP networks and block access to users from specific countries. Use personal BlackList to block IP addresses with a suspicious activity to enhance the WordPress security. Security FireWall may significantly reduce the risk of hacking and reduces the load on your web server. CleanTalk Security is fully compatible with the most popular VPN services. Also, CleanTalk security supports all search engines Google, Bing, Yahoo, Baidu, MSN, Yandex and etc. #### LIST OF FIREWALL FUNCTIONS * **Blocks or bypass visitors by IP, IP Network. Country blocking.** It also has option to avoid blocking hits from major search engines like Google, Bing, Yahoo, Baidu, Yandex and etc. * **Traffic control.** CleanTalk security Traffic Control will track every single visitor no matter if they are using JavaScript or not and provides many valuable traffic parameters. Another option in Security Traffic Control – “Block user after requests amounts more than” – blocks access to the site for any IP that has exceeded the number of HTTP requests per hour. If this number of requests will be exceeded, this IP will be added to the Security FireWall Black List for 24 hours. Security Firewall has a limit for requests to your website (by default 1000 requests per hour, so you can change it) and if any IP exceed this threshold it will be added to security firewall for next 24 hours. It allows you to break some of the DDoS attacks. * **Limit Login Attempts.** Limit Login Attempts – is a part of brute-force protection and security firewall. * **Web Application FireWall (WAF) for WordPress Security Plugin**. The main purpose of Web Application FireWall (WAF) is real-time protection from unauthorized access, even if there are critical known/unknown vulnerabilities. Security Web Application FireWall catches all requests to your website and checks HTTP parameters that include, - SQL Injection, - Cross Site Scripting (XSS), - uploading files from non-authorised users, - PHP constructions/code, - the presence of malicious code in the downloaded files. In addition to effective information security and information security applications are required to know what is quality of protection and CleanTalk Security has logged all blocked requests that allow you to know and analyze accurate information. - You can see your Cleantalk Security Logs in your [Dashboard](https://cleantalk.org/my/logs_firewall) CleanTalk’s research team updates WAF database each time as we find a vulnerability, it means plugin’s users get protection even against unpublished vulnurebilites. - Learn more how to set up and test [About Security Web Application Firewall](https://cleantalk.org/help/security-waf) * **Email Notifications when administrators or users are logged in.** We added this option to our security plugin. Now you can receive notifications if you want to know about an unauthorized entrance to your WP Dashboard. Notification will be sent only when a user was able to authorize entering login and password. If you are logged into the admin panel from the saved session, then the alert won’t be sent. ### MALWARE SCANNER WITH AUTO-CURE FUNCTION Scans WordPress files for hacker files or code for hacker code. Performs antivirus functions. Security Malware Scanner runs manually by users requests or automaticaly by WordPress cron. All of the results will send in your Security CleanTalk Dashboard with the details and you will be able to investigate them and see if that was a legitimate change or some bad code was injected. If you are unsure how to identify, remove, or clean malware using the plugin, you can book a [malware removal service](https://cleantalk.org/wordpress-malware-removal) with our Security & Pentest team. As an alternative, you can use the [Website Malware Scanner](https://cleantalk.org/website-malware-scanner) for frontend security and malware checks. It scans by URL and requires no plugins. #### LIST OF MALWARE SCANNER, ANTIVIRUS FUNCTIONS * **Malware autoscanning.** Scans the website automatically at intervals ranging from once every 12 hours to once every 30 days. * **Cure malware.** It cures infected files automatically if the scanner knows cure methods for these specific cases. If the option is disabled then when the scanning process ends you will be presented with several actions you can do to the found files, - **Cure.** Malicious code will be removed from the file. - **Replace.** The file will be replaced with the original file. - **Delete.** The file will be put in quarantine. Do nothing. Before any action is chosen, backups of the files will be created and if the cure is unsuccessful it’s possible to restore each file. * **Security Malware Heuristic Check**. This option allows you to check files of plugins and themes with heuristic analysis. Probably it will find more than you expect. * **Security Malware scanner to find SQL Injections.** The CleanTalk Security Malware Scanner allows you to find code that allows performing SQL injection. It is this problem that the scanner solves. * **Operating system cron tasks analysis.** This functional provides an overview of scheduled cron jobs on server that perform automated tasks. * **DB Trigger analysis.** Will search for known malicious signatures in database triggers. * **List unknown files.** Shows the list of found unknown files in the malware scanner report. Unknown files do not have known virus signatures and do not have suspicious code. Meanwhile, unknown files do not belong to the public plugins and themes at wordpress.org. * **File System Watcher.** File system Watcher monitors changes in the file system. This allows to quickly respond to a site infection by tracking which files were affected. The Watcher makes file system snapshots as often as one hour and show difference up to seven days time frame. * **Feedback System.** If you don’t have programming experience and don’t know, is there security issue or not, you send some files to CleanTalk Cloud and we check them for malware code. After checking we send you an email notification with results, is there viruses or not. Please, look at our guide How malware file analysis works [About Scanner Feedback System](https://cleantalk.org/help/files-analysis) #### LIST OF THE MOST ACTIVE MALWARES BY FILENAMES * radio.php * admin-ajax.php * .1235512.css * 8sjdakSJ3.php * wso.php * cmd.php * shell.php * reverse_shell.php * admin.php The list is actual on July 15th, 2025. The latest data is the article [Is my site infected?](https://research.cleantalk.org/major-signs-of-malware-on-an-infected-wordpress-site/) ### VULNERABILITIES SCANNER AMONG INSTALLED PLUGINS AND THEMES Plugin checks installed plugins and themes for known (published) vulnerabilities. If finds vulnerable plugin/theme, it sends an Email notification and shows data in the _Critical updates_ tab. List of the most recent vulnerabilities found and published by CleanTalk Research team, * CVE-2025-5921 – SureForms – Unauthenticated XSS – POC, 200k+ installs. * CVE-2025-3582 – Newsletter – Stored XSS to JS Backdoor Creation – POC, 300k+ installs. * CVE-2025-2560 – Ninja Forms – Stored XSS to JS Backdoor Creation – POC, 700k+ installs. The list is effective on July 18th, 2025. Updates are avaible on [https://research.cleantalk.org/](https://research.cleantalk.org/). ### MISCELLANEOUS SECURITY OPTIONS * **Send additional HTTP headers option.** There are several additional http-headers which added to the every http-requests by the plugin if this option is enabled: - “X-Content-Type-Options” improves the security of your site (and your users) against some types of drive-by-downloads. - “X-XSS-Protection” header improves the security of your site against some types of XSS (cross-site scripting) attacks. - “Strict-Transport-Security” response header (often abbreviated as HSTS) informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS. - “Referrer-Policy” make the `Referer` http-header transferring more strictly. * **Collect and send PHP logs.** Collect and send PHP error logs to your CleanTalk Dashboard where you can list them. * **Prevent collecting of authors logins.** Prevent visitors from collecting logins of the content authors from the website links (like example.com/?author=1). Also this function known as Stop User Enumeration. * **Prevent collecting of user login on password reset.** The password reset error will not contain the data about selected username does not exist. * **Disable REST API for non-authenticated users.** Turn this on to deny access to WordPress REST API for non-authenticated users. Denied requests will get a 401 HTTP Code (Unauthorized). * **Disable the WordPress endpoint “users” REST API.** Disables access to /wp-json/ wp/v2/users and /wp-json/wp/v2/users/”id_user”. * **Disable File Editor.** By prohibiting file editing, you protect the site from malicious attacks that may try to change the code and gain access to the site or steal confidential information. ### TRANSLATE INTO YOUR LANGUAGE * Thank you for helping translate the plugin! * 感谢您帮助翻译这个插件! (Gǎnxiè nín bāngzhù fānyì zhège chājìan!) * प्लगइन का अनुवाद करने में मदद के लिए धन्यवाद! (Plugin ka anuvaad karne mein madad ke liye dhanyavaad!) * ¡Gracias por ayudar a traducir el complemento! * Merci d’avoir aidé à traduire le plugin ! * شكرًا لمساعدتك في ترجمة الإضافة! (Shukran limusaa’adatika fi tarjamat al-idafa!) * প্লাগইন অনুবাদে সাহায্য করার জন্য ধন্যবাদ! (Plug-in onubade shahajjo korar jonno dhonnobad!) * Спасибо за помощь в переводе плагина! (Spasibo za pomoshch v perevode plagina!) * Obrigado por ajudar a traduzir o plugin! (Obrigada if female) * پلگ ان کا ترجمہ کرنے میں مدد کرنے کا شکریہ! (Plug-in ka tarjuma karne mein madad karne ka shukriya!) * Terima kasih telah membantu menerjemahkan plugin! * Danke, dass du beim Übersetzen des Plugins geholfen hast! * プラグインの翻訳を手伝ってくれてありがとうございます! (Puraguin no hon’yaku o tetsudatte kurete arigatou gozaimasu!) [https://translate.wordpress.org/projects/wp-plugins/security-malware-firewall/](https://translate.wordpress.org/projects/wp-plugins/security-malware-firewall/) ## Screenshots * [[ * **Firewall log tab**. The log includes detailed info about each of visitor that reached the site and his firewall check status. Also show Traffic Control activity for the user. * [[ * **Critical Updates tab**. Critical Updates interface. * [[ * **File System Watcher tab**. File System Watcher interface. * [[ * **Malware scanner tab**. Here you can scan all WordPress files for malicious and suspicious code and see the result. * [[ * **Security Log tab**. The log includes list of Brute force attacks or failed logins and list of successful logins for up to 45 days. The plugin keeps the log on CleanTalk servers to make the log not accessible for hackers. * [[ * **General settings tab**. Here you can manage all the plugin settings. * [[ * **Summary tab**. The general info about the plugin state. * [[ * **Backups interface**. How the backups interface looks. * [[ * **General settings – authentication and log in**. Here you can manage Brute-Force protection, 2FA auth and change login URL. * [[ * **General settings – firewall**. Here you can manage Firewall modules and Traffic Control settings. * [[ * **General settings – scanner**. Here you can manage automatic scanner start, types of checks, directories exclusions for scanner and enable important files monitoring. * [[ * **General settings – admin bar**. Here you can set behavior of admin bar module. * [[ * **Admin bar**. How the admin bar module looks. * [[ * **General settings – trusted text**. Here you can manage your affiliate links and trusted text shown for visitors. * [[ * **Trusted text**. How the trusted text looks. * [[ * **Malware scanner results – critical**. There is a list of files that contains dangerous code or malware signatures. * [[ * **Malware scanner results – suspicious**. There is a list of files that contains suspicious code. * [[ * **Malware scanner results – approved**. There is a list of files that were approved by user, Cloud analysis or CleanTalk team. * [[ * **Malware scanner results – analysis log**. There is a list of files that were sent for Cloud Malware Scanner analysis and their status. * [[ * **Malware scanner results – unknown**. There is a list of files that contain no malware, but they are not a part of WordPress core or plugins/themes. * [[ * **Malware scanner results – cured**. There is a list of files that have been automatically cured. * [[ * **Malware scanner results – frontend malware**. There is a list of frontend pages that contains malicious HTML/JavaScript code. * [[ * **Malware scanner results – unsafe permissions**. There is a list of files that could be reached by a hacker because of unsafe permission set. * [[ * **Malware scanner results – PFD report**. How the PDF report of scan results looks. * [[ * **Templates interface**. Using this interface you can apply the settings from another site of your CleanTalk account or a template saved before. * [[ * **Example of blocking page – Firewall**. If the visitor IP is in hazardous net list or blacklisted in your personal list, he will see this screen. * [[ * **Example of blocking page – XSS**. If the visitor attempts to implement XXS, he will see this screen. * [[ * **Example of blocking page – SQL**. If the visitor attempts to implement SQL injection, he will see this screen. * [[ * **Example of blocking page – Brute-Force**. If the visitor tried to use wrong credentials for many times, he will see this screen. * [[ * **Example of blocking page – Traffic Control**. If the visitor has requested site pages too often, he will see this screen. ## Installation #### DEFAULT INSTALLATION Here is a video guide with installation process or you can use the text version down below. 1. Download, install and activate ‘Security by CleanTalk’. 2. Get Access key [https://cleantalk.org/register](https://cleantalk.org/register?product_name=security) 3. Enter Access key in the settings _WordPress console -> Settings -> Security by CleanTalk -> General settigns_. Save Changes. 4. Go to Malware scanner tab and do the very first scan. 5. Done! The plugin is ready to use. #### INSTALLATION FROM THIRD-PARTY SOURCE 1. Download latest version on your computer’s hard drive, [https://downloads.wordpress.org/plugin/security-malware-firewall.zip](https://downloads.wordpress.org/plugin/security-malware-firewall.zip) 1. Go to your WordPress Dashboard->Plugins->Add New->Upload CleanTalk zip file. 2. Click Install Now and Activate. 3. After activated, go to plugin settings. Then you will need to create an API key, this is done automatically for you. Just click on “Get access key automatically” Installation completed successfully. **Installation from wordpress.org directory** 1. Navigate to Plugins Menu option in your WordPress administration panel and click the button “Add New”. 2. Type CleanTalk in the Search box, and click Search plugins. 3. When the results are displayed, click Install Now. 4. Select Install Now. 5. Then choose to Activate the plugin. 6. After activated, go to plugin settings. Then you will need to create an API key, this is done automatically for you. Just click on “Get access key automatically” Installation completed successfully. ## FAQ ### Why are they attacking me? Hackers want to get access to your website and use it to get backlinks from your site to improve their site’s PageRank or redirect your visitors to malicious sites or use your website to send spam and viruses or other attacks.These attacks can damage your reputation with readers and commentators if you fail to tackle it. It is not uncommon for some WordPress websites to receive hundreds or even thousands of attacks every week. However, by using the Security CleanTalk plugin, all attacks will be stopped on your WordPress website. ### How to test the security service? Please use the wrong username or password to log-in to your WP admin panel to see how the Security Plugin works. Then you may log-in with your correct account name and see the logs for the last actions in the settings or our plugin. Also, Audit Log will display the last visited URL’s of the current user. ### Is the plugin compatible with WordPress MultiUser (WPMU or WordPress network)? Yes, the plugin is compatible with WordPress MultiUser. ### How to control security activities on your website? Go to your CleanTalk account->Log. Use filters to sort data for analyses. Security logs provide you to receive and keep information for 45 days. You have the following possibilities: 1. Time period for all records you want to see. 1. Website for which you want to see security records. Leave the field empty to see security records for all websites. 2. Choose an event you want to see: 3. * Authorization Login — all successful logins to your website. * Authorization Logout — all closed sessions. * Authorization Invalid username — login attempts with not existing username. * Authorization Auth failed — wrong password login attempts. * Audit View — records of actions and events of users in your website backend. 4. Searching records by IP address. 5. Searching records by country. There are date and time of events for each record, username who performed an action and his IP (country) address. How to use Security Log https://cleantalk.org/help/ Security-Log ### Is it possible to set custom email for notification? Yes, it is possible. Go to your CleanTalk account->Change email https://cleantalk. org/my/change-email ### Why do you need an access key? Access Key allows you to keep statistics up to 45 days in the cloud and different additional settings and has more possibilities to sort the data and analyses. Our plugin evolves to Cloud Technology and all its logs are transferred to Cloud. Cloud Service takes data processing and data storage and allows to reduce your webserver load. ### How to use Security Log * First go to your Security Dashboard. Choose “Site Security” in the “Services” menu. - Then go to your Security Log. You have the following possibilities: * Time period for all records you want to see. * Website for which you want to see security records. Leave the field empty to see security records for all websites. Choose an event you want to see: * Authorization Login — all successful logins to your website. * Authorization Logout — all closed sessions. * Authorization Invalid username — login attempts with not existing username. * Authorization Auth failed — wrong password login attempts. Audit View — records of actions and events of users in your website backend. * Searching records by IP address. * Searching records by username. * Searching records by country. List of records. Each record has the following columns: * Date — when the event happened. * User Log — who performed actions. * Event — what did he do. * Status — was he Passed or Banned. * IP — his IP address. * Country — what country that IP belongs to. * Details — some details if they are available. Please, read more https://cleantalk.org/help/Security-Log If you wish to block some countries from visiting your website, please, use this instruction: https://cleantalk.org/help/Security-Firewall ### How to use Security Firewall First go to your Security Dashboard. Choose “Site Security” in the “Services” menu. Then press the line “Black&White Lists” under the name of your website. You can add records of different types to your black list or white list: * IP-Addresses (For example 10.150.20.250, 10.10.10.10) * Subnets (For example 10.150.20.250/24, 10.10.10.10/8) * Countries. Click the line “Add a country” to blacklist or whitelist all IP-addresses of the chosen countries. The records can be added one by one or all at once using separators: comma, semicolon, space, tab or new line. After filling the field press the button “Whitelist” or “ Blacklist”. All added records will be displayed in your list below. Please note, all changes will be applied in 5-10 minutes. Please, read full instruction here https://cleantalk.org/help/Security-Firewall ### How to test Security Firewall? 1. Open another browser or enter the incognito mode. 2. Type address YOUR_WEBSITE/?security_test_ip=ANY_IP_FROM_BLACK_LIST 2.1 Address 10.10.10.10 is local address and it’s in blacklist constantly. So address YOUR_WEBSITE/? security_test_ip=10.10.10.10 will works everytime. 3. Make sure that you saw page with the blocking message. 4. FireWall works properly, if it is not, see item 4 of the list. ### How does malware scanner work? Malware scanner will check and compare with the original WP files and show you what files were changed, deleted or added. Malware scanner could be used to find an added code in WP files. On your Malware Security Log page, you will see the list of all scans that were performed for your website. The CleanTalk Cloud saves the list of the found files for you to know where to look them for. ### How to start malware scanner? At the moment malware scanner may be started one time per day and manually. To start malware scanner go to the WordPress Admin Page —> Settings —> Security by CleanTalk —> “Malware Scanner” tab —> Perform Scan. Give the Malware Scanner some time to check all necessary files on your website. ### Is it free or paid? The plugin is free. But the plugin uses CleanTalk cloud security service. You have to register an account and then you will receive a free trial to test. When the trial (on CleanTalk account) is finished, you can renew the subscription for 1 year or deactivate the Security by CleanTalk plugin. If you haven’t got access key, the plugin will work and you will have logs only on the plugin settings page for last 20 requests. ### What happens after the end of the trial period? The plugin will fully perform its functions after the end of the trial period and will protect your website from brute force attacks and will keep Action Log in your WP Dashboard, but the number of entries in the log will be limited to the last 20 entries/24 hours. Also, you will receive a short daily security report to your email. Premium version allows to storage all logs for 45 days in the CleanTalk Dashboard for further analysis. ### Brute Force security for WordPress Brute force attack is an exhaustive password search to get full access to an Administrator account. Passwords are not the hard part for hackers taking into account the quantity of sent password variants per second and the big amount of IP-addresses. Brute force attack is one of the most security issues as an intruder gets full access to your website and can change your code. Consequences of these break-ins might be grievous, your website could be added to the [botnet] and it could participate in attacks to other websites, it could be used to keep hidden links or automatic redirection to a suspicious website. Consequences for your website reputation might be very grievous. ### Why is the CleanTalk Security Plugin Added to the Must Use Section? This is required for the Security FireWall to function properly. Plugins that are placed in this section are being launched first, so it is very important that the Security FireWall is launched before any plugins and hooks. Thus, hacker requests will be stopped before they can get access to any site code. ### Can I use CleanTalk Security and Wordfence together Sure, you can use CleanTalk Security and Wordfence. Quite often we get question from our customers, will there be a conflict between CleanTalk and Wordfence? We tested CleanTalk Security and Wordfence working together and they work without any conflicts. ### Can CleanTalk Security protect from DDoS? Security FireWall can mitigate HTTP/HTTPS DDoS attacks. When an intruder makes GET requests to attack your website, Security FireWall blocks all requests from bad IP addresses. If your website under DDoS attack you will be able to add IPs to your personal BlackList to block all Post and GET requests. ## Reviews ![](https://secure.gravatar.com/avatar/7968e030f3bdad0b36918d45f5092ff84f54c2a5d50292cc101e4ec53c8552e5? s=60&d=retro&r=g) ### 󠀁[Software works](https://wordpress.org/support/topic/software-works/)󠁿 [Historic City News](https://profiles.wordpress.org/historic-city-news/) March 31, 2026 1 reply I like software that just works. ![](https://secure.gravatar.com/avatar/291412926ba4a2155fbc85c352f1ba7aa35fd5fc25e6e8aa2fd99bdceaa9e50f? s=60&d=retro&r=g) ### 󠀁[I got hacked](https://wordpress.org/support/topic/i-got-hacked-7/)󠁿 [](https://profiles.wordpress.org/enricooo/) March 12, 2026 3 replies Hi, I’m writing to get some feedback. I have the Cleantalk antispam and security installed and my website got hacked via the password recovery hack. It seems there is no way to protect the wordpress login form with Cleantalk, no possibility to put a recaptcha on the login form. That’s why my bad low score for this plugin. After my website got hacked I went into the Cleantalk security panel to check if there was any anomalies and the plugin is not reporting any issues. ![](https://secure.gravatar.com/avatar/130d679dbac3cfa5ed38c2cdbe3677afb863ec996b87078b44eac65fb0d76977? s=60&d=retro&r=g) ### 󠀁[This plugin is AWESOME!](https://wordpress.org/support/topic/this-plugin-is-awesome-122/)󠁿 [dennismcooper](https://profiles.wordpress.org/dennismcooper/) February 24, 2026 1 reply I’ve been using this plugin for a few months now and it has never let me down! Easy to manage and block potential invaders. ![](https://secure.gravatar.com/avatar/eacda4195d9af1844c2f72e3d37be42f99b31152b637e68c1199e2a17c60016d? s=60&d=retro&r=g) ### 󠀁[Easy to manage](https://wordpress.org/support/topic/easy-to-manage-31/)󠁿 [antcw](https://profiles.wordpress.org/antcw/) February 23, 2026 1 reply I’ve tried antispam and security. Both are easy to set up and with useful reporting. Support is excellent ![](https://secure.gravatar.com/avatar/cb10940f7d1071715744be0446f5700d35bc4ac494fce4be7dfc90dbfe345fd2? s=60&d=retro&r=g) ### 󠀁[Dieses Plugin muss sein](https://wordpress.org/support/topic/dieses-plugin-muss-sein/)󠁿 [Waldemar Kaubukowski](https://profiles.wordpress.org/waldemar1708/) January 29, 2026 1 reply Auf Vieles kann man gerne verzichten. Wenn’s um Sicherheit geht, gibt es keine Kompromisse. Wenn ich durch dieses Plugin sehe, wer oder was versucht von meiner Seite Besitzt zu ergreifen bekomme ich regelmäßig Gänsehaut, echt gruselig was für Kreaturen das Netz durchstreifen. Ich bin jedenfalls jederzeit sicher! Vielen Dank!!!! ![](https://secure.gravatar.com/avatar/3f4ccbac7917bdf401877bd24dc6cd870e066902d50ae933d31d8ea537d2ad7d? s=60&d=retro&r=g) ### 󠀁[Spam Wave stopped instantly](https://wordpress.org/support/topic/spam-wave-stopped-instantly/)󠁿 [webbeat](https://profiles.wordpress.org/webbeat/) January 20, 2026 1 reply After installing of CleanTalk Antispam, the ongoing Spamwave was stopped instantly. Great ! [ Read all 381 reviews ](https://wordpress.org/support/plugin/security-malware-firewall/reviews/) ## Contributors & Developers “Login Security, FireWall, Malware removal by CleanTalk” is open source software. The following people have contributed to this plugin. Contributors * [ CleanTalk Inc ](https://profiles.wordpress.org/cleantalk/) * [ glomberg ](https://profiles.wordpress.org/glomberg/) * [ alexandergull ](https://profiles.wordpress.org/alexandergull/) * [ sergefcleantalk ](https://profiles.wordpress.org/sergefcleantalk/) “Login Security, FireWall, Malware removal by CleanTalk” has been translated into 6 locales. Thank you to [the translators](https://translate.wordpress.org/projects/wp-plugins/security-malware-firewall/contributors) for their contributions. [Translate “Login Security, FireWall, Malware removal by CleanTalk” into your language.](https://translate.wordpress.org/projects/wp-plugins/security-malware-firewall) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/security-malware-firewall/), check out the [SVN repository](https://plugins.svn.wordpress.org/security-malware-firewall/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/security-malware-firewall/) by [RSS](https://plugins.trac.wordpress.org/log/security-malware-firewall/?limit=100&mode=stop_on_copy&format=rss). ## Changelog = 2.177 Apr 13 2026 Upd. User pass leak. Updates. Upd. Pass leaks. New class of limiter used. Upd. Rate limiter. Logic fixed. Mod. Auth. Mandatory password change, rate limit Mod. BFP. Disabling BFP by constant Fix. Auth. Edits to the Password Leak functionality Fix. Auth. Accounting for 2FA when setting authorization cookies Fix. Firewall. Confirm text for allow/ban fixed. Fix. Plugin uninstall. Remove all traces on WPMS. Fix. SecFW. Process files during FW update fixed. Fix. Security logs. Confirm modal for allow/ban actions implemented. Fix. Scanner. Quarantine action fixed. Fix. Firewall/Security tab. Data display fixed. = 2.176 Mar 30 2026 New. RateLimiter. Classes implemented for strict calls frequency. Upd. 2FA. User with sufficient caps now can disable 2FA app. Upd. JestTests. Add new tests for settings tab, fix jest run. Upd. Settings. Update RC flow for license_update. Upd. Settings. React updates. Fix. GetModulesHashes. Filtering empty keys and delete cache after saving results. Fix. ListTable. Editing the display of all external links of the same domain. Fix. ListTable. Edit when using prepare(). Fix. LoginPageRename. Editing the connection wp-login.php with action = postpass. Fix. Security log. Loop logs ajax load fixed. Fix. Security log. Show more logs behavior fixed and updated. = 2.175 Mar 17 2026 Upd. Links. Editing links Request Malware removal Fix. Links. Edit domain name Fix. Settings. Last sync date implementation. (#606) Fix. Firewall. Firewall logs interface fixed. (#608) Upd. Settings. Updated RC to init settings update. Fix. Settings. React – Settings Api key implemented. (#613) Fix. BFP. Edits to the authorization page definition Fix. Scanner. Actions description fixed. Fix. Code. Redirect check Fix. Pass check. Module working fixes. (#620) Fix. Settings debug. Debug collection and drop fixed. (#621) Upd. AdminBanners. Update user notification with detailed security recommendations. (#612) Fix. Settings. WPMS sync fixed. Fix. Password leak. Redirect after password change fixed. Fix. Editor disabler. Disabling plugins/themes editor fixed. = 2.174 Mar 02 2026 New. Settings. Settings overview implemented. Upd. Security log. Login with token event added. Upd. Outbound links. Sanitize data before output. Upd. Security log. Sanitize data before output. Upd. Firewall. Sanitize data before output. Upd. Code. Gulp. CSS minifying updated. = 2.173 Feb 16 2026 Upd. FileEditorDisable. Updated structure to keep file editor disabled. Upd. Banners. Improve dismiss statement. Upd. Scan. Improved sort opportunity. Fix. Code. Edits ip resolving Fix. SecFW. Checking request against logged_in fixed. Fix. Admin bar. Admins counter description fixed. Fix. Remote Calls. Skip check if no sign of RC action provided in Request. = 2.172 Feb 02 2026 * Fix. Settings. Display modules list fixed. * Fix. Settings. check_pass__enable enabled for the new users. * Fix. Firewall. Changes to the Firewall test page * Fix. Code. Protects against PTR spoofing * Fix. Code. Checking the class_exists variable storage = 2.171 Jan 18 2026 New. Code. Separate GitHub action for libraries checking. New. Settings. Added project management menu item. New. Settings. Added RC to init settings update. Upd. Code. PHP compatibility increased to 7.2. Upd. Settings. Disable REST access. Merged options. Upd. SecurityLogs. Improve operations with data on multisite. Upd. Scanner interface. Logs actions updated. Upd. Settings. Disable REST access. Merged options. Fix. Code. Heuristic library updated. Fix. Cron. Task spbc_scanner_update_pscan_files_status fixed. Fix. Activator. WPMS new blog activation fixed. = 2.170 Dec 15 2025 Upd. Code. Refactoring Firewall tab to react. Upd. Automatic assets. Use .7zignore file. Code. PHPUnit. Now use SpbcTestCase as extension to force units isolation. Fix. Firewall. Fixed data providing. Fix. ScannerQueue. Edit using the plugins_api hook. = 2.169 Dec 01 2025 * Fix. 2FA. Fixed 2FA for WooCommerce login. * Fix. Settings. Children elements state fixed. * Fix. Settings. Escaping page_url output in the Firewall table * Fix. Settings. Escaping user_agent output in the Firewall table* Fix. Settings. Fixed 2FA users roles setting. * Fix. WpFooter. Removed unnecessary styles and duplicates. * Github. Added action to create assets from dev/fix on push event * New. Scan. Added AJAX action for bulk restoring files from quarantine. * Upd. Dashboard widget. Show widget for roles filtered by hook. * Upd. Code. Libraries. Updated common libraries. * Upd. UserPassCheck. Added default roles depending on capabilities * Upd. UserPassCheck. Updated password change form. = 2.168 Nov 10 2025 * Mod. Header. Splitting the Header component into separate components * Mod. Header. Editing styles * Fix. Header. Moving common styles to a higher level * Fix. SyncSettings. Reloading the page after syncing. * Fix. FSWatcher. Cron run implemented. * Fix. Settings. Settings validating fixed. * Upd. Settings. Updated wrong key banner show rules. * New. Banner. A banner about an empty key has been added, and the error block output has been corrected = 2.167.2 Oct 30 2025 * Revert “Fix. Vulnerability alarm. Finally fixed the vulnerable and installed version comparison.” = 2.167.1 Oct 29 2025 * Fix. SyncSettings. Reloading the page after syncing. * Fix. Settings. Settings validating fixed. = 2.167 Oct 27 2025 * Code. FSW Jest prepared. * Upd. Local domain host added. * New. FileOfPluginChecker. Trying to detect if a file is a part of non-wordpress repository plugin. * Fix. VulnerabilityAlarm. Slugs getting unified. * Upd. File of plugin. PHPUnit fixes. * Fix. VA. Psalm fixed. * Fix. Vulnerability alarm. Finally fixed the vulnerable and installed version comparison. * Fix. Settings. Traffic Control description fixed. * Upd. FSWatcher. Refactored to react. * Code. Removed unused FSW code. * Code. Localiztion removed. * New. VulnarabilityAlarm. Notification output in the theme details folder * Upd. Settings. Added UTM parameters to the registration link. * Fix. Ajax. Ajax actions checking fixed. * Fix. List Table. Query for limit/offset data fixed. * Upd. Settings. Added UTM parameters to the registration link. * Fix. FSWComparisonTableRow. Added React import * Fix. ListTable. Condition for adding actions = 2.166.1 Oct 14 2025 * Fix. Settings. Settings updater fixed. = 2.166 Oct 13 2025 * New. ProtectUploadsDir. Prevent PHP execution in uploads directory. * Fix. React. Active tab state issues resolved. * Fix. Settings. Simplified conditions and updated descriptions. * Upd. Timeline. Enhanced tooltip positioning and event highlighting. * Upd. Timeline. Activity now shown in widget header. * Mod. ScannerExclusions. Improved scan exclusion functionality. * Mod. UDPPhpExec. Updated handle() output and status collection logic. * Mod. SetCookies. Added security enhancements for cookie installation. * Mod. AltSessions. Removed REST route registration for security. * Mod. 2FA. Renamed Google authentication to 2FA app throughout codebase.* Ref. Code. Major refactoring for spbc-scanner file command. = 2.165 Sep 29 2025 * New. CriticalUpdates. Switching to the Critical Updates react* Fix. CriticalUpdates. Using the research link from the backend * Upd. Scanner. Files row actions now has tooltips. * Upd. Scanner. Updated missed descriptions. * Ref. Code. Remove unnecessary Surface execution. * Mod. React. Switching from Critical Upd tab to react * Fix. React. Edits based on the review * Fix. React. The condition for adding Secure cookies * Mod. Security Log. Filtering unauthorized users in the widget graph * Fix. Remote calls. Debug RC now hide sensitive data. = 2.164 Sep 11 2025 * Fix. Settings. Long description and long recommendation fixed.* Fix. Settings. Backups tab ico fixed. * New. Security log. Timeline widget. * Fix. UpdaterScript. Editing indexes for the spbc_users_pass table = 2.163 Sep 01 2025 * Upd. Integrations. Add exclusions to prevent cache firewall block page. * Fix. React interface. Tabs has been rebuild to the own components.* Fix. SyncReact. Returned the file for processing synchronization requests * Fix. React. Error block * Fix. Settings. Fix long description #### Look for early changelogs in 󠀁[changelog.txt](https://github.com/CleanTalk/security-malware-firewall/blob/master/changelog.txt)󠁿 ## Meta * Version **2.177** * Last updated **8 hours ago** * Active installations **30,000+** * WordPress version ** 5.0 or higher ** * Tested up to **7.0** * PHP version ** 7.2 or higher ** * Languages * [Dutch](https://nl.wordpress.org/plugins/security-malware-firewall/), [English (US)](https://wordpress.org/plugins/security-malware-firewall/), [German](https://de.wordpress.org/plugins/security-malware-firewall/), [German (Austria)](https://de-at.wordpress.org/plugins/security-malware-firewall/), [German (Switzerland)](https://de-ch.wordpress.org/plugins/security-malware-firewall/), [Polish](https://pl.wordpress.org/plugins/security-malware-firewall/), and [Russian](https://ru.wordpress.org/plugins/security-malware-firewall/). * [Translate into your language](https://translate.wordpress.org/projects/wp-plugins/security-malware-firewall) * Tags * [firewall](https://wordpress.org/plugins/tags/firewall/)[login](https://wordpress.org/plugins/tags/login/) [malware](https://wordpress.org/plugins/tags/malware/)[security](https://wordpress.org/plugins/tags/security/) [WAF](https://wordpress.org/plugins/tags/waf/) * [Advanced View](https://wordpress.org/plugins/security-malware-firewall/advanced/) ## Ratings 4.8 out of 5 stars. * [ 349 5-star reviews ](https://wordpress.org/support/plugin/security-malware-firewall/reviews/?filter=5) * [ 6 4-star reviews ](https://wordpress.org/support/plugin/security-malware-firewall/reviews/?filter=4) * [ 3 3-star reviews ](https://wordpress.org/support/plugin/security-malware-firewall/reviews/?filter=3) * [ 3 2-star reviews ](https://wordpress.org/support/plugin/security-malware-firewall/reviews/?filter=2) * [ 18 1-star reviews ](https://wordpress.org/support/plugin/security-malware-firewall/reviews/?filter=1) [Your review](https://wordpress.org/support/plugin/security-malware-firewall/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/security-malware-firewall/reviews/) ## Contributors * [ CleanTalk Inc ](https://profiles.wordpress.org/cleantalk/) * [ glomberg ](https://profiles.wordpress.org/glomberg/) * [ alexandergull ](https://profiles.wordpress.org/alexandergull/) * [ sergefcleantalk ](https://profiles.wordpress.org/sergefcleantalk/) ## Support Issues resolved in last two months: 18 out of 22 [View support forum](https://wordpress.org/support/plugin/security-malware-firewall/)