CleanTalk's blog

Sign Up

Stop spam without frustrating your visitors

Create your CleanTalk account and start blocking spam — no CAPTCHA challenges and no impact on visitors.

Security Block Lists

CleanTalk Account

No credit card required • Setup takes less than a minute • Your temporary password will be sent by email.

Category: WordPress

  • Spam Protection – S2Member Memberships

    Spam Protection – S2Member Memberships

    If you prefer to use s2Member Memberships & Subscriptions registration form be sure to use the most effective Anti-Spam plugin. Read the guide below and learn 4 steps to protect your s2Member Registration Forms from spam.

    Once the CleanTalk Anti-Spam plugin is installed it starts to protect all of the existing forms on your WordPress website. It may not only be registration forms but also contact forms and many others.

    CleanTalk Anti-Spam plugin for WordPress | Download s2Member Registration Form plugin 

    How to install CleanTalk Anti-Spam plugin

    To install the Anti-Spam plugin, go to your WordPress admin panelPluginsAdd New.

    Then enter «СleanTalk» in the search box and click the Install button for «Spam protection, Anti-Spam, FireWall by CleanTalk».

    After installing the plugin, click the «Activate»‎ button.

    After it is done go to the plugin settings and click the «Get Access Key Automatically» button. Then just click the «Save Settings»‎ button.

    That’s it! From now you How to completely protect your s2Member Registration Form from spam.

    Check the result to save your s2Member Registration Form from spam

    You can test the work of Anti-Spam protection for your s2Member Registration Form by using a test email s @ cleantalk.org (without spaces). First, open the form in an Incognito browser tab. Fill in all the required form fields and send a form. After submitting the form, you will see a block message about the block on the form submission.

    If you have any questions, add a comment and we will be happy to help you.

    Create your CleanTalk account – Register now and protect your s2Member Registration Form from spam in 5 minutes

    Update

    The protection works only for website visitors, not for website admins. Be sure to test the form protection using Incognito mode.

    Additional features

    • CleanTalk protects all forms at once: comments, registrations, feedbacks, contacts, reviews.
    • Installation takes about 1-2 minutes.
    • Smart 99% protection against spambots.
    • Always online – 24/7 technical support.
    • Logs, SpamFireWall, personal lists, country filters, stop-words, and many others.

    Discover the complete list of CleanTalk Anti-Spam plugin features here.

  • Our Client’s Review: BRNDTIME

    Our Client’s Review: BRNDTIME

    We’re happy to share feedback from one of our valued clients — Christophe Thielens, founder of BRNDTIME.

    At CleanTalk, we truly appreciate hearing how our anti-spam solution helps agencies and businesses keep their websites clean, fast, and user-friendly. Reviews like this motivate our team to continue improving our technology and delivering invisible, reliable protection against spam.

    About BRNDTIME

    BRNDTIME is a digital marketing agency based in Belgium, focused on helping SMEs and independent professionals grow their online presence.
    The agency specializes in building high-performance WordPress websites, SEO, online advertising, branding, content creation, and email marketing — always with a strong emphasis on usability, performance, and measurable results.

    Client feedback

    Christophe shared his experience with CleanTalk both on WordPress.org and on the BRNDTIME website:

    “Very good plugin — works very well for my agency.
    No captchas, no false positives, no slowdowns.
    A solid and trustworthy plugin.”

    BRNDTIME – Digital marketing bureau 01 29 2026 03 19 PM
    BRNDTIME – Digital marketing bureau 01 29 2026 03 19 PM

    Using CleanTalk Anti-Spam, BRNDTIME protects WordPress websites from spam submissions without affecting visitor experience. The absence of CAPTCHAs, combined with accurate filtering and no performance impact, allows the agency to focus on building and marketing websites — not cleaning up spam.

    We’d like to thank Christophe Thielens and the BRNDTIME team for trusting CleanTalk to protect their projects and for sharing their honest feedback with the WordPress community.

    🔗 Client website: https://brndtime.be/

    🔗 WordPress.org review: https://wordpress.org/support/topic/very-good-plugin-works-very-wel-for-my-agencie/

    🔗 BRNDTIME article about CleanTalk:
    https://brndtime.be/2026/01/27/cleantalk-anti-spam-plugins-spamvrije-wordpress-website/

  • How Spam Activity Changes Over Time — and Why It’s Not Related to License Expiration

    How Spam Activity Changes Over Time — and Why It’s Not Related to License Expiration

    From time to time, website owners report a sudden increase in spam activity and try to link it to plugin settings, hosting, or license status.
    However, these assumptions often overlook how dynamic spam behavior truly is.
    To illustrate this, I conducted a small study analyzing spam distribution over time using data from several of our WordPress sites.

    First, I’ll look at data for three of our WordPress sites, which host our themed blogs. The statistics are for the year.

    1. Our blog, ClanTalk Anti-Spam and Security https://blog.cleantalk.org/

    The screenshot shows the statistics for the year.
    As you can see from the graph, the number of spam attacks isn’t linear, but fluctuates from month to month. Only since August has there been any stability, and the number of spam attacks has been more or less consistent.

    All time 10 979 spam blocked 10 21 2025 11 17 AM
    All time 10 979 spam blocked 10 21 2025 11 17 AM

    2. Our blog, research.cleantalk.org


    The graph shows an increase in spam attacks at the beginning of the year, followed by a decline to almost zero. However, in May, there is a peak in spam attacks, followed by a sharp decline. Subsequently, there is a slight increase in spam attacks.

    All time 6 567 spam blocked 10 21 2025 11 30 AM
    All time 6 567 spam blocked 10 21 2025 11 30 AM

    3. Our blog, blog.doboard.com


    The blog was launched recently, and from the very beginning, it was clear that the number of spam attacks was high, but after some time, there was a decrease.

    All time 195 spam blocked 10 21 2025 11 29 AM
    All time 195 spam blocked 10 21 2025 11 29 AM

    4. Personal WordPress Test Site


    The following graph shows statistics for my personal WordPress site, which I use for testing.
    The graph shows a steady increase, peaking in May and then declining.

    All time 19 510 spam blocked 10 21 2025 11 19 AM
    All time 19 510 spam blocked 10 21 2025 11 19 AM

    What Does This Tell Us?

    Based on this data, I can draw the following conclusions:
    the number of spam attacks does not show any trend, other than a possible seasonal factor.


    The number of spam attacks may not be linear from month to month or even from day to day. At some points, there may be more, at others, fewer. A low-traffic site like my test site can receive a much higher number of spam attacks than a site with more traffic, a larger number of articles, and a higher search engine ranking.

    What I did next?

    Now let’s talk about how a user can evaluate the difference between the amount of spam a client sees while using an anti-spam service and when the license expires.

    First, as you can see on our new site, the number of spam attacks increases as it gets added to spam lists.

    Second, when a client installs the CleanTalk Anti-Spam plugin, we have the SpamFireWall option. This option blocks spammers before they reach the site.

    CleanTalk Anti Spam Dashboard 10 21 2025 11 20 AM
    CleanTalk Anti Spam Dashboard 10 21 2025 11 20 AM

    As you can see from this table, we currently receive 12-14 spam attacks per day. These requests can be found, for example, in the spam folder on their site. On average, there were 57 spam attacks per week, and SpamFireWall (SFW) blocked another 350.

    Then, I disabled SFW, and the number of spam attacks reaching the website form immediately increased to 120 on average. So, we see that when using SFW, 50% of spam attacks reach the website and forms, and the remaining spam attacks were stopped by SFW and simply didn’t reach the website.

    Therefore, when assessing the amount of spam, we must also take into account the portion of SFW traffic that simply didn’t reach the website forms. You can track statistics for your sites in the Trends section of the ClanTalk Dashboard.

    To summarize

    The number of spam attacks is not constant and can be higher or lower. Also, when using SFW, you only see a portion of the spam reaching the forms on your website. Having or not having a CleanTalk license doesn’t affect the number of spam attacks.

  • A critical vulnerability in WP Statistics threatens over 600,000 websites: CleanTalk Research team discovers complete admin panel takeover method

    A critical vulnerability in WP Statistics threatens over 600,000 websites: CleanTalk Research team discovers complete admin panel takeover method

    The CleanTalk Research team has identified a critical vulnerability in the popular WP Statistics plugin (versions up to and including 14.15.3), which is installed on over 600,000 WordPress websites. The vulnerability allows unauthenticated attackers to perform Stored Cross-Site Scripting (XSS), leading to administrative session hijacking, admin panel compromise, and potential code execution on the underlying server OS.

    This Unauthenticated Stored XSS vulnerability operates through the HTTP User-Agent header. Attackers can execute arbitrary JavaScript in the WordPress admin panel, enabling them to steal session tokens and nonces, escalate privileges, create administrator accounts, and potentially expand access to the operating system if additional attack vectors are available. Most critically, no authentication is required—a single HTTP request is sufficient, making mass automated exploitation trivial.

    The WP Statistics development team has released a security update addressing this vulnerability. Website administrators are strongly urged to update WP Statistics to the latest version immediately.

    The CleanTalk Research team specializes in identifying and responsibly disclosing vulnerabilities in popular WordPress plugins and themes. We continue to actively audit plugins and publish technical reports on newly discovered vulnerabilities.

    Stay informed:
    📝 Research Blog: https://research.cleantalk.org/ 
    📱 Telegram Channel: https://t.me/cleantalk_researches/326 


    REFERENCES
    https://research.cleantalk.org/cve-2025-9816/ 
    https://www.cve.org/CVERecord?id=CVE-2025-9816 
    https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-statistics/ 
    https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N 

    CleanTalk Security Plugin automatically scans your plugins for known vulnerabilities. The plugin monitors the versions of all your installed plugins and themes and immediately alerts you if a vulnerability is detected in one. As soon as a problem is detected (like with WP Statistics), you receive a notification.

  • Client Review: Climate Change Dispatch

    Client Review: Climate Change Dispatch

    We are happy to share feedback from one of our clients — Thomas, the owner of climatechangedispatch.com

    Great support, even better spam killer

    I was using Akismet for WordPress for years until I found Cleantalk. I got an email from Automaticc, which owns Akismet and Jetpack, stating that because I had some ads on my site, I had to pay a ridiculous amount of money. They gave me 30 days. I switched to Cleantalk as it was cheaper, and the difference was amazing.
    Not only did it catch spam, but the personal blacklists are a timesaver. No more hits or misses from imprecise wording in the Discussion settings. And the support is absolutely superb. The few times I’ve needed them, they were prompt and fantastic. The firewall and bot-crawler features are also a timesaver. Did you know that auto-bots crawl your site and slow it down? I’m talking spammy bots looking for email addies. This plugin stops them. And also prevents spam after spam from getting through via rate limiting. Try it out, and I swear you will rarely, if ever, have to get rid of spam manually. It’s that good!

    We thank Thomas for his detailed feedback and trust in CleanTalk.
    It’s always a pleasure to hear that our service helps clients protect their websites and save time.

  • Prevent for User Enumeration on WordPress

    Prevent for User Enumeration on WordPress

    I’m happy to announce option Prevent collecting of authors logins which you can find under settings,

    WordPress console -> Settings -> Security by CleanTalk -> General Settings

    This option disables users IDs enumeration in your WordPress. So, it stands against brute force for authors names. Here is example how the enumeration works in the plain WordPress,

    https://blog.cleantalk.org/?author=1

    By executing such links, an attacker brute forces users list on a site to get valid IDs and use it in further attacks.

    If you turn option Prevent collecting of authors logins on, the plugin disable enumeration by showing a blank page instead of valid page of author. URL for the blank page like this,

    https://blog.cleantalk.org/author/honeypot_login_1753432662.9124

    That’s it! Drop questions in the comment form down below.

  • Floating Chat Widget (Chaty) Spam protection for WordPress in 5 minutes

    Floating Chat Widget (Chaty) Spam protection for WordPress in 5 minutes

    Struggling with spam flooding your Chaty Floating Widget on WordPress? You’re not alone — it’s a common headache. The source of spam are only these two widgets and there is a plugin that protects both of them, and does it without using annoying CAPTCHAs.

    0

    The Anti-Spam by CleanTalk grants cloud protection from spam, is absolutely invisible to users and runs in background. Which might be pretty useful – 300,000+ active installations and 3,000+ reviews on WordPress can’t lie. It contains many features such as logging for your control, SpamFirewall, stop words and much more.

    Anti-Spam plugin by CleanTalk

    Step 1: Install the Anti-Spam plugin

    CleanTalk is a powerful plugin that blocks spam silently in the background. It also has direct integration with Chaty Floating Chat and here’s how to set it up:

    1. Firstly, to install the Anti-Spam plugin, go to your WordPress admin panelPluginsAdd New. You can also download it in the WordPress catalog.

      Anti-spam plugin installation

    2. Then enter «СleanTalk» in the search box and click the Install button for «Spam protection, Anti-Spam, FireWall by CleanTalk».

      Anti-spam plugin installation

    3. After installing the plugin, click the «Activate»‎ button.

      Anti-spam plugin installation

    4. After it is done go to the plugin settings and click the «Get Access Key Automatically» button.

      Setting spam protection

    5. Then go to Advanced settings in the right-bottom and find the “Protect external forms” and switch it on. It is needed to protect WhatsApp widget inside Chaty from spam. Then just click the «Save Settings»‎ button.

      Screenshot 2025 07 08 at 12.09.24

    From now Anti-Spam starts protecting all forms on your site including Chaty without any extra setup.

    Step 2: Test Spam Protection of your forms

    Use this simple test to confirm that CleanTalk is active:

    • At first, open your form in an Incognito browser tab
    • Use this test email: stop_email@example.com
    • Submit the form
    1

    If the plugin is working, you’ll see a message that the submission was blocked. That means the Anti-Spam plugin now filters our your Chaty spam!

    Important: You must test in Incognito because admins are not blocked by default.

    Enjoy the result!

    If you have any questions, add a comment and we will be happy to help you.

  • WP CLI support in Security by CleanTalk (WordPress plugin)

    WP CLI support in Security by CleanTalk (WordPress plugin)

    We’ve added to Security by CleanTalk support of WP CLI commands. The list of commands,

    • Service setup, including interactions with cloud to get an API key and synchronization.
    • Various settings of the plugin.
    • Settings for templates.
    • Malware scanner commands.

    Full guide with examples is here https://cleantalk.org/help/security-wp-cli

    It works on plugins starting version 2.156 which has been released on May 19, 2025.

    Have questions? Please drop us a message in the comment form down below.

  • Anti-spam protection for WS Form Lite has been released!

    Anti-spam protection for WS Form Lite has been released!

    We have protected one more contact form for WordPress, this is WP Forms lite,

    WS Form LITE – Drag & Drop Contact Form Builder for WordPress

    Anti-Spam by CleanTalk (plugin) protects all kinds of submissions posted through this form against spambots and spam posted by real visitors (with some rate of false/negatives).

    Anyway, to set up the protection follow steps,

    Screenshot 2025 06 16 at 12.46.47 PM
    Screenshot 2025 06 16 at 12.46.47 PM
    • Post the short code in any post/page on your site.
    Screenshot 2025 06 16 at 12.47.05 PM
    Screenshot 2025 06 16 at 12.47.05 PM
    • Go to the page as a regular website visitor (you must be logged out from WordPress console, for example use Anonymous mode in your browser).
    • Test the form with whatever First, Last name and use email stop_email@example.com. This is email marked to test “spam” submission.
    • If everything is fine, you have a message,

    *** Forbidden. Sender blacklisted. Anti-Spam by CleanTalk. ***

    Screenshot 2025 06 16 at 12.30.54 PM
    Screenshot 2025 06 16 at 12.30.54 PM

    That’s all. Enjoy spam free website!

CleanTalk

About

Create a support ticket

Contact us

Dashboard

Sign up / Sign in

Anti-Spam

Anti-Spam for Websites

Anti-Spam API

Best Anti-Spam Plugins in 2026

Check IP

Check Email

Filter fake emails

Hide contact data

Security

Website Malware Scanner

WordPress Malware Removal

WordPress Security Plugin