前言介紹
- 這款 WordPress 外掛「Security & Malware scan by CleanTalk」是 2016-08-23 上架。
- 目前有 30000 個安裝啟用數。
- 上一次更新是 2025-04-21,距離現在已有 13 天。
- 外掛最低要求 WordPress 5.0 以上版本才可以安裝。
- 外掛要求網站主機運作至少需要 PHP 版本 5.6 以上。
- 有 353 人給過評分。
- 論壇上目前有 33 個提問,問題解答率 91% ,不低,算是個很有心解決問題的開發者團隊了!
外掛協作開發者
glomberg | alexandergull | sergefcleantalk |
外掛標籤
malware | firewall | security | Brute Force | wordpress security |
內容簡介
安全功能
安全防火牆可按 IP、網路或國家篩選網站訪問
網路應用程式安全防火牆
安全惡意程式掃描器,具有防病毒功能
每日自動惡意程式掃描
停止密碼暴力破解攻擊(如 Fail2ban)
停止 WordPress 帳戶尋找的暴力攻擊(如 Fail2ban)
限制登入次數
保護 WordPress 登入表單的安全性
保護 WordPress 後端的安全性
每日的安全報告發送到電子郵件
安全審計日誌
即時流量監控
檢查外部連結
雙因素身份驗證
無惡意程式-無 Google 懲罰,提高 SEO
自定義 wp-login URL
管理者用戶權限授權通知
後端 PHP 日誌
隱藏預設登入頁面
CleanTalk 是一個雲端安全服務,可保護您的網站免受線上威脅並提供您完善的安全工具以控制您的網站安全。我們提供所有安全功能的詳細統計報告,以全面掌握安全狀況。所有安全日誌都存儲在雲端45天。
CleanTalk 安全防火牆是一個免費的外掛,可與高級的 CleanTalk.org 服務一起運作。這個安全外掛程式作為一種服務(請參閱:https://en.wikipedia.org/wiki/Software_as_a_service)。
惡意程式經常對網站所有者造成麻煩。如果您不定期檢查惡意程式,它將悄悄地在很長一段時間內運作並損害您的聲譽。如果您可以預防恶意程式攻擊,您將能夠節省資源。
惡意程式是執行黑客操作的惡意代碼。如果您的網站被惡意程式感染,它將對客戶信任和他們的個人資料帶來問題。首先,您需要掃描網站以確認惡意程式存在。下一步,您應該修復所有帶有惡意程式的檔案。
限制登入次數
限制登入次數 - 是暴力攻擊保護和安全防火牆的一部分。
安全防火牆對網站請求有限制(默認情況下每小時1000個請求,因此您可以進行更改),如果某個 IP 超過此閾值,則其將被添加到安全防火牆中,以供下一個24小時使用。這使您能夠防範某些 DDoS 攻擊。
暴力攻擊保護
對 WordPress 管理區域的任何失敗嘗試登錄都會添加幾秒延遲。CleanTalk 的 WordPress 安全和防火牆可以讓您的網站訪問更安全。服務會每小時檢查您的安全日誌,如果某些 IP 每小時有10次或更多的登錄嘗試,則這些 IP 將在下一個24小時內被封鎖。
安全審計日誌會跟踪 WP 控制台中的操作,以讓您了解有關部落格的更改以及執行更改的人員。
安全審計日誌顯示誰何時登入以及他們在每個頁面上花費的時間。
安全流量控制
CleanTalk 安全流量控制會跟踪每個訪問者,無論他們是否使用 JavaScript,並提供許多有價值的流量參數。
安全流量控制的另一個選項-“在超過請求數量之後封鎖用戶”-將阻止任何超過每小時的 HTTP 請求數量的 IP 訪問網站。如果請求數量超過這個數字,這個 IP 將被添加到安全防火牆黑名單中,並被封鎖24小時。
原文外掛簡介
Security features
Security FireWall to filter access to your site by IP, Networks or Countries
Web Application Security Firewall
Security Malware scanner with AntiVirus functions
Daily auto malware scan
Stops brute force attacks to hack passwords (Brute force protection like Fail2ban)
Stops brute force attacks to find WordPress accounts (like Fail2ban)
Limit Login Attempts
Security Protection for WordPress login form
Security Protection for WordPress backend
Security daily report to email
Security audit log
Security Real-time traffic monitor
Checking Outbound Links
**Two Factor Authentication (2FA) **
No Malware – No Google Penalties. Give your SEO boost.
Custom wp-login URL
Notifications of administrator users authorizations to your website
Backend PHP logs
Hide Login Default Login Page
Known vulnerabilities scanner among installed plugins and themes.
CleanTalk is a Cloud security service that protects your website from online threats and provides you great security instruments to control your website security. We provide detailed security stats for all of our security features to have a full control of security. All security logs are stored in the cloud for 45 days.
Security FireWall by CleanTalk is a free plugin which works with the premium Cloud security service cleantalk.org. This security plugin as a service https://en.wikipedia.org/wiki/Software_as_a_service.
Malware always becomes a headache for site owners. If you don’t regularly check for malware, it will be able to work insensibly a lot of time and damage your reputation. If you prevent malware attacks before they happen, you will be able to save your resources.
What is malware and why does it matter to your business? Malware is malicious code that performs actions for hackers. If your site has been infected with malware it will be able a problem for customer trust and their personal details. First, you need to scan your site to confirm the malware exists. The next step you should fix all files with malware.
Limit Login Attempts
Limit Login Attempts – is a part of brute-force protection and security firewall.
Security Firewall has a limit for requests to your website (by default 1000 requests per hour, so you can change it) and if any IP exceed this threshold it will be added to security firewall for next 24 hours. It allows you to break some of the DDoS attacks.
Brute Force Protection
It adds a few seconds delay for any failed attempt to login to WordPress admin area. WordPress Security & Firewall by CleanTalk makes access to your website more secure. Service will check your security log once per hour and if some IP’s have 10 and more attempts to log in per hour, then these IP’s will be banned for next 24 hours.
Security Audit Log keeps track of actions in the WP Dashboard to let you know what is happening on your blog.
With the Security Audit Log is very easy to see user activity in order to understand what changes have done and who made them.
Security Audit Log shows who logged in and when and how much time they spent on each page.
Security Traffic Control
CleanTalk security Traffic Control will track every single visitor no matter if they are using JavaScript or not and provides many valuable traffic parameters.
Another option in Security Traffic Control – “Block user after requests amounts more than” – blocks access to the site for any IP that has exceeded the number of HTTP requests per hour. If this number of requests will be exceeded, this IP will be added to the Security FireWall Black List for 24 hours.
Security Firewall
To enhance the security of your site, you can use the CleanTalk Security FireWall, which will allow you to block access by HTTP/HTTPS to your website for individual IP addresses, IP networks and block access to users from specific countries. Use personal BlackList to block IP addresses with a suspicious activity to enhance the WordPress security.
Security FireWall may significantly reduce the risk of hacking and reduces the load on your web server.
CleanTalk Security is fully compatible with the most popular VPN services.
Also, CleanTalk security supports all search engines Google, Bing, Yahoo, Baidu, MSN, Yandex and etc.
Security Malware Scanner
Scans WordPress files for hacker files or code for hacker code.
Security Malware Scanner runs manually in the settings. All of the results will send in your Security CleanTalk Dashboard with the details and you will be able to investigate them and see if that was a legitimate change or some bad code was injected.
CleanTalk Antivirus protects your website from viruses and deletes infected code from files. Antivirus scans not only WP core, it will check all of the files on your WordPress. Heuristics antivirus scan allows finding malware/viruses code by bad php constructions.
CleanTalk Security has a “Feedback System” for analyzing suspicious files. This is the client-server feature in CleanTalk Security that allows sending suspicious files from the WordPress backend to CleanTalk cloud.
Security Malware Scanner shows a list of suspicious files and you can view code that was indicated as bad. If you don’t have programming experience and don’t know, is there security issue or not, you will be able to send some files to CleanTalk and we will check them for malware code. After checking we will send you an email notification with results, is there viruses or not.
Every day, CleanTalk Security Malware Scanner will check new files and files that have been changed from the last scanning.
Please, look at our guide How malware file analysis works.
About Scanner Feedback System
Security Malware Heuristic Check
This option allows you to check files of plugins and themes with heuristic analysis. Probably it will find more than you expect.
Security Malware scanner to find SQL Injections
The CleanTalk Security Malware Scanner allows you to find code that allows performing SQL injection. It is this problem that the scanner solves.
Scanner of known vulnerabilities
Plugin checks installed plugins and themes for known (published) vulnerabilities. If finds vulnerable plugin/theme, it sends an Email notification and shows data in the WordPress Dashboard.
Web Application FireWall (WAF) for WordPress Security Plugin
The main purpose of Web Application FireWall (WAF) is real-time protection from unauthorized access, even if there are critical known/unknown vulnerabilities.
Security Web Application FireWall catches all requests to your website and checks HTTP parameters that include: SQL Injection, Cross Site Scripting (XSS), uploading files from non-authorised users, PHP constructions/code, the presence of malicious code in the downloaded files.
In addition to effective information security and information security applications are required to know what is quality of protection and CleanTalk Security has logged all blocked requests that allow you to know and analyze accurate information. You can see your Cleantalk Security Logs in your Control panel. https://cleantalk.org/my/logs_firewall
CleanTalk’s research team updates WAF database each time as we find a vulnerability, it means plugin’s users get protection even against unpublished vulnurebilites.
Learn more how to set up and test
About Security Web Application Firewall
Improve your website security with Two Factor Authentication
It requires a bit of your time but Two Factor (2 Step) Authentication immediately gives a much higher level of security.
With your first authorization, the CleanTalk Security plugin remembers your browser and you won’t have to input your authorization code every time anymore. However, if you started to use a new device or a new browser then you are required to input your security authorization code. CleanTalk security plugin will remember your browser for 30 days.
Change the URL of the wp-login page
This option helps you change the default wp-login URL. Hackers use scripts for massive brute-force attacks, and since most sites use a default login page URL, hackers configure scripts for such URLs. When you change the URL of the authorization page, hackers will not have the opportunity to perform brute-force attacks in scripts in automatic mode.
To enable the option, go to the WP Dashboard plugin settings -> Settings -> Security by CleanTalk -> General Settings and check box Change address to login script. Then add a new URL and click Save Settings.
This option does not change files and does not rewrite URLs in system files. To return the address of the default authorization page, it is enough to disable the option in the plugin settings or set a new value.
If you are using caching plugins, then you need to add a new authorization page in the caching exceptions.
Can I use CleanTalk Security and Wordfence together
Sure, you can use CleanTalk Security and Wordfence. Quite often we get question from our customers, will there be a conflict between CleanTalk and Wordfence? We tested CleanTalk Security and Wordfence working together and they work without any conflicts.
Email Notifications when administrators are logged in
We added this option to our security plugin. Now you can receive notifications if you want to know about an unauthorized entrance to your WP Dashboard.
Notification will be sent only when a user was able to authorize entering login and password. If you are logged into the admin panel from the saved session, then the alert won’t be sent.
You can enable the option “Receive notifications for admin authorizations in your CleanTalk Dashboard. Choose “Site Security” in the “Services” menu, then click “Settings”.
Can CleanTalk Security protect from DDoS?
Security FireWall can mitigate HTTP/HTTPS DDoS attacks. When an intruder makes GET requests to attack your website, Security FireWall blocks all requests from bad IP addresses. If your website under DDoS attack you will be able to add IPs to your personal BlackList to block all Post and GET requests.
`Send additional HTTP headers` option
There are several additional http-headers which added to the every http-requests by the plugin if this option is enabled:
– “X-Content-Type-Options” improves the security of your site (and your users) against some types of drive-by-downloads.
– “X-XSS-Protection” header improves the security of your site against some types of XSS (cross-site scripting) attacks.
– “Strict-Transport-Security” response header (often abbreviated as HSTS) informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS.
– “Referrer-Policy” make the Referer http-header transferring more strictly.
File System Watcher feature
File system Watcher monitors changes in the file system. This allows to quickly respond to a site infection by tracking which files were affected. The Watcher makes file system snapshots as often as one hour and show difference up to seven days time frame.
CleanTalk Research
Attention! Don’t overlook the critical need to fortify your digital defenses. Subscribe to our Telegram channel, “CleanTalk Research” your indispensable source for real-time alerts on plugin vulnerabilities and PSC plugin security certificates. Stay one step ahead of cyber threats.
Learn more: https://t.me/+EjLvMlhx_S02MmIy
各版本下載點
- 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
- 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「Security & Malware scan by CleanTalk」來進行安裝。
(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。
1.0 | 1.1 | 1.2 | 1.3 | 1.5 | 1.6 | 1.7 | 1.8 | 1.9 | 2.0 | 2.1 | 2.2 | 2.3 | 2.4 | 2.5 | 2.6 | 2.7 | 2.8 | 2.9 | dev | 1.10 | 1.11 | 1.12 | 1.13 | 1.14 | 1.15 | 1.16 | 1.17 | 1.18 | 1.19 | 1.20 | 1.21 | 1.22 | 1.23 | 1.24 | 1.25 | 1.26 | 1.27 | 1.28 | 1.29 | 2.10 | 2.11 | 2.12 | 2.13 | 2.14 | 2.15 | 2.16 | 2.17 | 2.18 | 2.19 | 2.20 | 2.21 | 2.22 | 2.23 | 2.24 | 2.25 | 2.26 | 2.27 | 2.28 | 2.29 | 2.30 | 2.31 | 2.32 | 2.33 | 2.34 | 2.35 | 2.36 | 2.37 | 2.38 | 2.39 | 2.40 | 2.41 | 2.42 | 2.43 | 2.44 | 2.45 | 2.46 | 2.47 | 2.48 | 2.49 | 2.50 | 2.51 | 2.52 | 2.53 | 2.54 | 2.55 | 2.56 | 2.57 | 2.58 | 2.59 | 2.60 | 2.61 | 2.62 | 2.63 | 2.64 | 2.65 | 2.66 | 2.67 | 2.68 | 2.69 | 2.70 | 2.71 | 2.72 | 2.73 | 2.74 | 2.75 | 2.76 | 2.77 | 2.78 | 2.79 | 2.80 | 2.81 | 2.82 | 2.83 | 2.84 | 2.85 | 2.87 | 2.88 | 2.89 | 2.90 | 2.91 | 2.92 | 2.93 | 2.94 | 2.95 | 2.96 | 2.97 | 2.98 | 2.99 | 1.0.1 | 1.1.1 | 1.2.1 | 1.2.3 | 1.3.1 | 1.4.2 | 1.4.3 | 1.5.1 | 1.5.2 | 1.6.1 | 1.7.1 | 1.7.2 | 1.8.1 | 1.8.2 | 1.9.1 | 1.9.2 | 1.9.3 | 1.9.4 | 1.9.5 | 1.9.6 | 2.0.1 | 2.100 | 2.101 | 2.102 | 2.103 | 2.104 | 2.105 | 2.106 | 2.107 | 2.108 | 2.109 | 2.110 | 2.111 | 2.112 | 2.113 | 2.114 | 2.115 | 2.116 | 2.117 | 2.118 | 2.119 | 2.120 | 2.121 | 2.122 | 2.123 | 2.124 | 2.125 | 2.126 | 2.127 | 2.128 | 2.129 | 2.130 | 2.131 | 2.132 | 2.133 | 2.134 | 2.135 | 2.136 | 2.137 | 2.138 | 2.139 | 2.140 | 2.141 | 2.142 | 2.143 | 2.144 | 2.145 | 2.146 | 2.147 | 2.148 | 2.149 | 2.150 | 2.151 | 2.152 | 2.153 | 2.154 | 2.155 | 2.2.1 | 2.6.1 | 2.6.2 | 2.8.1 | 2.8.2 | 2.8.3 | trunk | 1.10.1 | 1.11.1 | 1.20.1 | 1.20.2 | 1.21.1 | 1.29.1 | 2.10.1 | 2.14.1 | 2.15.1 | 2.25.1 | 2.30.1 | 2.31.1 | 2.31.2 | 2.32.1 | 2.32.2 | 2.35.1 | 2.37.1 | 2.37.2 | 2.42.1 | 2.43.1 | 2.46.1 | 2.46.2 | 2.47.1 | 2.49.1 | 2.57.1 | 2.57.2 | 2.57.3 | 2.58.1 | 2.59.1 | 2.66.1 | 2.66.2 | 2.66.3 | 2.67.1 | 2.67.2 | 2.72.1 | 2.72.2 | 2.76.1 | 2.76.2 | 2.78.1 | 2.80.1 | 2.81.1 | 2.81.2 | 2.87.1 | 2.91.1 | 2.106.1 | 2.108.1 | 2.109.1 | 2.126.1 | 2.128.1 | 2.130.1 | 2.134.1 | 2.134.2 | 2.134.3 | 2.136.1 | 2.138.1 | 2.145.1 | 2.148.1 | 2.150.1 |
延伸相關外掛(你可能也想知道)
Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall 》Limit Login Attempts Reloaded 是一款WordPress外掛,可阻止暴力破解攻擊並透過限制常規登錄、XMLRPC、Woocommerce和自訂登錄頁面的登錄嘗試次數來優化您的...。
SiteGuard WP Plugin 》版本: 1.6.7, , 您可以在日文網頁和英文網頁上找到文件、常見問題和更詳細的資訊。 , 安裝SiteGuard WP Plugin後,WordPress安全性會得到提高。, 本外掛是一...。
Anti-Malware Security and Brute-Force Firewall 》特點:, , 下載定義更新以保護免受新威脅。, 運行完整掃描以自動刪除已知的安全威脅、後門腳本和資料庫注入等問題。, 阻止防火牆 SoakSoak 和其他惡意軟體利...。
WP fail2ban – Advanced Security 》Fail2ban是您可以實施來保護 WordPress 網站的最簡單和最有效的安全措施之一。, WP fail2ban 提供 WordPress 與 fail2ban 之間的連接:, Oct 17 20:59:54 foo...。
XO Security 》XO Security 是一個可增強登入相關安全性的外掛程式。, 此外掛程式不會寫入 .htaccess 檔案,除了 Apache 外,也支援 LiteSpeed、Nginx 和 IIS。, 功能, , 記...。
CloudSecure WP Security 》管理画面とログインURLをサイバー攻撃から守る、安心の国産・日本語対応プラグインです。, かんたんな設定を行うだけで、不正アクセスや不正ログインからあな...。
IP Geo Block 》安裝越多主題和外掛,你的網站越容易受到攻擊,即使你對其進行了安全加固。, 雖然 WordPress.org 提供了優秀的資源,如關於主題和外掛安全性的文件,但是由於...。
HTTP Auth 》啟用此外掛可在您的網站上設置 HTTP 認證。您可以輕鬆地為 HTTP 認證設置使用者名稱和密碼。, 這個外掛程式有助於:, , 保護您的管理頁面免於暴力攻擊。, 在...。
Protection Against DDoS 》這個外掛能夠解決由 WordPress Codex 中描述的暴力破解攻擊引起的性能問題,詳細內容可參考https://codex.wordpress.org/Brute_Force_Attacks, , 來自 WordPr...。
MelaPress Login Security 》提高 WordPress 登入安全性,實現自定義安全 WordPress 登入策略, 透過將自己置於驅動器座位的策略,實現更好的 WordPress 登入安全性。這些登入安全策略具有...。
WordPress Brute Force Protection – Stop Brute Force Attacks 》er a certain number of failed login attempts. However, this can also lead to locking out genuine users who simply forgot their password or mistyped...。
WebDefender Security – Protection & AntiSpam 》一款專業的 WP 安全保護外掛, , WebDefender 是由安全專家團隊開發,針對 WordPress 網站的全方位保護和預防威脅,提供專業安全工具。包括 GDPR 合規性模組。...。
WordPress Security – Firewall, Malware Scanner, Secure Login and Backup 》WORDPRESS 最受歡迎的防火牆和安全掃描器, Wp security pro 包含專門為 WordPress 創建的恶意軟件掃描器和終端防火牆。為了保障您的網站安全,我們的威脅防禦...。
tinyShield – Simple. Focused. Security. 》tinyShield是一款適用於任何WordPress網站的安全外掛。它會監控所有進入和離開網站的連接,並封鎖任何識別為惡意的流量。它通過連接到其他WordPress網站的網...。
Security-Protection 》, Security-Protection, 捐款, WordPress 外掛, , 為什麼要讓人類通過填寫驗證碼來證明他們是人類? 讓(bot)機器人添加JavaScript到他們的使用代理來證明它們...。