Security & Malware scan by CleanTalk


Security features

  • Security FireWall to filter access to your site by IP, Networks or Countries
  • Web Application Security Firewall
  • Security Malware scanner with AntiVirus functions
  • Daily auto malware scan
  • Stops brute force attacks to hack passwords(Like Fail2ban)
  • Stops brute force attacks to find WordPress accounts(Like Fail2ban)
  • Limit Login Attempts
  • Security Protection for WordPress login form
  • Security Protection for WordPress backend
  • Security daily report to email
  • Security audit log
  • Security Real-time traffic monitor
  • Checking Outbound Links
  • Two Factor Authentication
  • No Malware – No Google Penalties. Give your SEO boost.
  • Custom wp-login URL
  • Notifications of administrator users authorizations to your website
  • Backend PHP logs
  • Hide Login Default Login Page

CleanTalk is a Cloud security service that protects your website from online threats and provides you great security instruments to control your website security. We provide detailed security stats for all of our security features to have a full control of security. All security logs are stored in the cloud for 45 days.

Security FireWall by CleanTalk is a free plugin which works with the premium Cloud security service This security plugin as a service

Malware always becomes a headache for site owners. If you don’t regularly check for malware, it will be able to work insensibly a lot of time and damage your reputation. If you prevent malware attacks before they happen, you will be able to save your resources.

What is malware and why does it matter to your business? Malware is malicious code that performs actions for hackers. If your site has been infected with malware it will be able a problem for customer trust and their personal details. First, you need to scan your site to confirm the malware exists. The next step you should fix all files with malware.

Limit Login Attempts

Limit Login Attempts – is a part of brute-force protection and security firewall.

Security Firewall has a limit for requests to your website (by default 1000 requests per hour, so you can change it) and if any IP exceed this threshold it will be added to security firewall for next 24 hours. It allows you to break some of the DDoS attacks.

Brute Force Protection

It adds a few seconds delay for any failed attempt to login to WordPress admin area. WordPress Security & Firewall by CleanTalk makes access to your website more secure. Service will check your security log once per hour and if some IP’s have 10 and more attempts to log in per hour, then these IP’s will be banned for next 24 hours.

Security Audit Log keeps track of actions in the WP Dashboard to let you know what is happening on your blog.
With the Security Audit Log is very easy to see user activity in order to understand what changes have done and who made them.
Security Audit Log shows who logged in and when and how much time they spent on each page.

Security Traffic Control

CleanTalk security Traffic Control will track every single visitor no matter if they are using JavaScript or not and provides many valuable traffic parameters.

Another option in Security Traffic Control – “Block user after requests amounts more than” – blocks access to the site for any IP that has exceeded the number of HTTP requests per hour. If this number of requests will be exceeded, this IP will be added to the Security FireWall Black List for 24 hours.

Security Firewall

To enhance the security of your site, you can use the CleanTalk Security FireWall, which will allow you to block access by HTTP/HTTPS to your website for individual IP addresses, IP networks and block access to users from specific countries. Use personal BlackList to block IP addresses with a suspicious activity to enhance the WordPress security.

Security FireWall may significantly reduce the risk of hacking and reduces the load on your web server.

CleanTalk Security is fully compatible with the most popular VPN services.
Also, CleanTalk security supports all search engines Google, Bing, Yahoo, Baidu, MSN, Yandex and etc.

Security Malware Scanner

Scans WordPress files for hacker files or code for hacker code.

Security Malware Scanner runs manually in the settings. All of the results will send in your Security CleanTalk Dashboard with the details and you will be able to investigate them and see if that was a legitimate change or some bad code was injected.

CleanTalk Antivirus protects your website from viruses and deletes infected code from files. Antivirus scans not only WP core, it will check all of the files on your WordPress. Heuristics antivirus scan allows finding malware/viruses code by bad php constructions.

CleanTalk Security has a “Feedback System” for analyzing suspicious files. This is the client-server feature in CleanTalk Security that allows sending suspicious files from the WordPress backend to CleanTalk cloud.

Security Malware Scanner shows a list of suspicious files and you can view code that was indicated as bad. If you don’t have programming experience and don’t know, is there security issue or not, you will be able to send some files to CleanTalk and we will check them for malware code. After checking we will send you an email notification with results, is there viruses or not.

Every day, CleanTalk Security Malware Scanner will check new files and files that have been changed from the last scanning.

Please, look at our guide How malware file analysis works.
About Scanner Feedback System

Security Malware Heuristic Check

This option allows you to check files of plugins and themes with heuristic analysis. Probably it will find more than you expect.

Security Malware scanner to find SQL Injections

The CleanTalk Security Malware Scanner allows you to find code that allows performing SQL injection. It is this problem that the scanner solves.

CleanTalk Web Application FireWall for WordPress Security Plugin

The main purpose of Security Web Application FireWall is to protect the Web application from unauthorized access, even if there are critical vulnerabilities.

Security Web Application FireWall catches all requests to your website and checks HTTP parameters that include: SQL Injection, Cross Site Scripting (XSS), uploading files from non-authorised users, PHP constructions/code, the presence of malicious code in the downloaded files.

In addition to effective information security and information security applications are required to know what is quality of protection and CleanTalk Security has logged all blocked requests that allow you to know and analyze accurate information. You can see your Cleantalk Security Logs in your Control panel.

Security CleanTalk Web Application FireWall for WordPress is the proactive defense against known and unknown vulnerabilities to prevent hacks in real-time.

Learn more how to set up and test
About Security Web Application Firewall

Improve your website security with Two Factor Authentication

It requires a bit of your time but Two Factor (2 Step) Authentication immediately gives a much higher level of security.

With your first authorization, the CleanTalk Security plugin remembers your browser and you won’t have to input your authorization code every time anymore. However, if you started to use a new device or a new browser then you are required to input your security authorization code. CleanTalk security plugin will remember your browser for 30 days.

Change the URL of the wp-login page

This option helps you change the default wp-login URL. Hackers use scripts for massive brute-force attacks, and since most sites use a default login page URL, hackers configure scripts for such URLs. When you change the URL of the authorization page, hackers will not have the opportunity to perform brute-force attacks in scripts in automatic mode.

To enable the option, go to the WP Dashboard plugin settings -> Settings -> Security by CleanTalk -> General Settings and check box Change address to login script. Then add a new URL and click Save Settings.
This option does not change files and does not rewrite URLs in system files. To return the address of the default authorization page, it is enough to disable the option in the plugin settings or set a new value.

If you are using caching plugins, then you need to add a new authorization page in the caching exceptions.

Can I use CleanTalk Security and Wordfence together

Sure, you can use CleanTalk Security and Wordfence. Quite often we get question from our customers, will there be a conflict between CleanTalk and Wordfence? We tested CleanTalk Security and Wordfence working together and they work without any conflicts.

Email Notifications when administrators are logged in

We added this option to our security plugin. Now you can receive notifications if you want to know about an unauthorized entrance to your WP Dashboard.

Notification will be sent only when a user was able to authorize entering login and password. If you are logged into the admin panel from the saved session, then the alert won’t be sent.

You can enable the option “Receive notifications for admin authorizations in your CleanTalk Dashboard. Choose “Site Security” in the “Services” menu, then click “Settings”.

Can CleanTalk Security protect from DDoS?

Security FireWall can mitigate HTTP/HTTPS DDoS attacks. When an intruder makes GET requests to attack your website, Security FireWall blocks all requests from bad IP addresses. If your website under DDoS attack you will be able to add IPs to your personal BlackList to block all Post and GET requests.

`Send additional HTTP headers` option

There are several additional http-headers which added to the every http-requests by the plugin if this option is enabled:
– “X-Content-Type-Options” improves the security of your site (and your users) against some types of drive-by-downloads.
– “X-XSS-Protection” header improves the security of your site against some types of XSS (cross-site scripting) attacks.
– “Strict-Transport-Security” response header (often abbreviated as HSTS) informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS.
– “Referrer-Policy” make the Referer http-header transferring more strictly.

File System Watcher feature

File system Watcher monitors changes in the file system. This allows to quickly respond to a site infection by tracking which files were affected. The Watcher makes file system snapshots as often as one hour and show difference up to seven days time frame.

CleanTalk Research

Attention! Don’t overlook the critical need to fortify your digital defenses. Subscribe to our Telegram channel, “CleanTalk Research” your indispensable source for real-time alerts on plugin vulnerabilities and PSC plugin security certificates. Stay one step ahead of cyber threats.
Learn more:


  • Firewall log tab. The log includes detailed info about each of visitor that reached the site and his firewall check status. Also show Traffic Control activity for the user.
  • Security Log tab. The log includes list of Brute force attacks or failed logins and list of successful logins for up to 45 days. The plugin keeps the log on CleanTalk servers to make the log not accessible for hackers.
  • General settings tab. Here you can manage all the plugin settings.
  • General settings – authentication and log in. Here you can manage Brute-Force protection, 2FA auth and change login URL.
  • General settings – firewall. Here you can manage Firewall modules and Traffic Control settings.
  • General settings – scanner. Here you can manage automatic scanner start, types of checks, directories exclusions for scanner and enable important files monitoring.
  • General settings – admin bar. Here you can set behavior of admin bar module.
  • Admin bar. How the admin bar module looks.
  • General settings – trusted text. Here you can manage your affiliate links and trusted text shown for visitors.
  • Trusted text. How the trusted text looks.
  • Malware scanner tab. Here you can scan all WordPress files for malicious and suspicious code and see the result.
  • Malware scanner results – critical. There is a list of files that contains dangerous code or malware signatures.
  • Malware scanner results – suspicious. There is a list of files that contains suspicious code.
  • Malware scanner results – approved. There is a list of files that were approved by user, Cloud analysis or CleanTalk team.
  • Malware scanner results – analysis log. There is a list of files that were sent for Cloud Malware Scanner analysis and their status.
  • Malware scanner results – unknown. There is a list of files that contain no malware, but they are not a part of WordPress core or plugins/themes.
  • Malware scanner results – cured. There is a list of files that have been automatically cured.
  • Malware scanner results – frontend malware. There is a list of frontend pages that contains malicious HTML/JavaScript code.
  • Malware scanner results – unsafe permissions. There is a list of files that could be reached by a hacker because of unsafe permission set.
  • Malware scanner results – file monitoring. There is a list of important files and their snapshots. You can use this to know if they were changed.
  • Malware scanner results – snapshot. How the important file snapshot looks.
  • Malware scanner results – PFD report. How the PDF report of scan results looks.
  • Backups interface. How the backups interface looks.
  • Summary tab. The general info about the plugin state.
  • Templates interface. Using this interface you can apply the settings from another site of your CleanTalk account or a template saved before.
  • Example of blocking page – Firewall. If the visitor IP is in hazardous net list or blacklisted in your personal list, he will see this screen.
  • Example of blocking page – XSS. If the visitor attempts to implement XXS, he will see this screen.
  • Example of blocking page – SQL. If the visitor attempts to implement SQL injection, he will see this screen.
  • Example of blocking page – Brute-Force. If the visitor tried to use wrong credentials for many times, he will see this screen.
  • Example of blocking page – Traffic Control. If the visitor has requested site pages too often, he will see this screen.
  • File System Watcher tab. File System Watcher interface.


Why are they attacking me?

Hackers want to get access to your website and use it to get backlinks from your site to improve their site’s PageRank or redirect your visitors to malicious sites or use your website to send spam and viruses or other attacks.These attacks can damage your reputation with readers and commentators if you fail to tackle it. It is not uncommon for some WordPress websites to receive hundreds or even thousands of attacks every week. However, by using the Security CleanTalk plugin, all attacks will be stopped on your WordPress website.

How to install the plugin?

Installing the plugin is very simple and does not require much time or special knowledge.

Manual installation

  1. Download latest version on your computer’s hard drive,

  1. Go to your WordPress Dashboard->Plugins->Add New->Upload CleanTalk zip file.

  2. Click Install Now and Activate.

  3. After activated, go to plugin settings. Then you will need to create an API key, this is done automatically for you. Just click on “Get access key automatically”

Installation completed successfully.

Installation from directory

  1. Navigate to Plugins Menu option in your WordPress administration panel and click the button “Add New”.

  2. Type CleanTalk in the Search box, and click Search plugins.

  3. When the results are displayed, click Install Now.

  4. Select Install Now.

  5. Then choose to Activate the plugin.

  6. After activated, go to plugin settings. Then you will need to create an API key, this is done automatically for you. Just click on “Get access key automatically”

Installation completed successfully.

How to test the security service?

Please use the wrong username or password to log-in to your WP admin panel to see how the Security Plugin works. Then you may log-in with your correct account name and see the logs for the last actions in the settings or our plugin. Also, Audit Log will display the last visited URL’s of the current user.

Is the plugin compatible with WordPress MultiUser (WPMU or WordPress network)?

Yes, the plugin is compatible with WordPress MultiUser.

How to control security activities on your website?

Go to your CleanTalk account->Log. Use filters to sort data for analyses.

Security logs provide you to receive and keep information for 45 days. You have the following possibilities:
1. Time period for all records you want to see.

  1. Website for which you want to see security records. Leave the field empty to see security records for all websites.

  2. Choose an event you want to see:

    • Authorization Login — all successful logins to your website.
    • Authorization Logout — all closed sessions.
    • Authorization Invalid username — login attempts with not existing username.
    • Authorization Auth failed — wrong password login attempts.
    • Audit View — records of actions and events of users in your website backend.
  3. Searching records by IP address.

  4. Searching records by country.

There are date and time of events for each record, username who performed an action and his IP (country) address. How to use Security Log

Is it possible to set custom email for notification?

Yes, it is possible. Go to your CleanTalk account->Change email

Why do you need an access key?

Access Key allows you to keep statistics up to 45 days in the cloud and different additional settings and has more possibilities to sort the data and analyses. Our plugin evolves to Cloud Technology and all its logs are transferred to Cloud. Cloud Service takes data processing and data storage and allows to reduce your webserver load.

How to use Security Log

  • First go to your Security Dashboard. Choose “Site Security” in the “Services” menu.
    • Then go to your Security Log.

You have the following possibilities:

  • Time period for all records you want to see.
  • Website for which you want to see security records. Leave the field empty to see security records for all websites.

Choose an event you want to see:

  • Authorization Login — all successful logins to your website.
  • Authorization Logout — all closed sessions.
  • Authorization Invalid username — login attempts with not existing username.
  • Authorization Auth failed — wrong password login attempts.

Audit View — records of actions and events of users in your website backend.

  • Searching records by IP address.
  • Searching records by username.
  • Searching records by country.

List of records. Each record has the following columns:

  • Date — when the event happened.
  • User Log — who performed actions.
  • Event — what did he do.
  • Status — was he Passed or Banned.
  • IP — his IP address.
  • Country — what country that IP belongs to.
  • Details — some details if they are available.

Please, read more

If you wish to block some countries from visiting your website, please, use this instruction:

How to use Security Firewall

First go to your Security Dashboard. Choose “Site Security” in the “Services” menu. Then press the line “Black&White Lists” under the name of your website.

You can add records of different types to your black list or white list:

  • IP-Addresses (For example,
  • Subnets (For example,
  • Countries. Click the line “Add a country” to blacklist or whitelist all IP-addresses of the chosen countries.

The records can be added one by one or all at once using separators: comma, semicolon, space, tab or new line. After filling the field press the button “Whitelist” or “Blacklist”. All added records will be displayed in your list below. Please note, all changes will be applied in 5-10 minutes.

Please, read full instruction here

How to test Security Firewall?

  1. Open another browser or enter the incognito mode.
  2. Type address YOUR_WEBSITE/?security_test_ip=ANY_IP_FROM_BLACK_LIST
    2.1 Address is local address and it’s in blacklist constantly. So address YOUR_WEBSITE/?security_test_ip= will works everytime.
  3. Make sure that you saw page with the blocking message.
  4. FireWall works properly, if it is not, see item 4 of the list.

How does malware scanner work?

Malware scanner will check and compare with the original WP files and show you what files were changed, deleted or added. Malware scanner could be used to find an added code in WP files. On your Malware Security Log page, you will see the list of all scans that were performed for your website. The CleanTalk Cloud saves the list of the found files for you to know where to look them for.

How to start malware scanner?

At the moment malware scanner may be started one time per day and manually.
To start malware scanner go to the WordPress Admin Page —> Settings —> Security by CleanTalk —> “Malware Scanner” tab —> Perform Scan.
Give the Malware Scanner some time to check all necessary files on your website.

Is it free or paid?

The plugin is free. But the plugin uses CleanTalk cloud security service. You have to register an account and then you will receive a free trial to test. When the trial (on CleanTalk account) is finished, you can renew the subscription for 1 year or deactivate the Security by CleanTalk plugin.
If you haven’t got access key, the plugin will work and you will have logs only on the plugin settings page for last 20 requests.

What happens after the end of the trial period?

The plugin will fully perform its functions after the end of the trial period and will protect your website from brute force attacks and will keep Action Log in your WP Dashboard, but the number of entries in the log will be limited to the last 20 entries/24 hours. Also, you will receive a short daily security report to your email.

Premium version allows to storage all logs for 45 days in the CleanTalk Dashboard for further analysis.

Brute Force security for WordPress

Brute force attack is an exhaustive password search to get full access to an Administrator account. Passwords are not the hard part for hackers taking into account the quantity of sent password variants per second and the big amount of IP-addresses.

Brute force attack is one of the most security issues as an intruder gets full access to your website and can change your code. Consequences of these break-ins might be grievous, your website could be added to the [botnet] and it could participate in attacks to other websites, it could be used to keep hidden links or automatic redirection to a suspicious website. Consequences for your website reputation might be very grievous.

Why is the CleanTalk Security Plugin Added to the Must Use Section?

This is required for the Security FireWall to function properly. Plugins that are placed in this section are being launched first, so it is very important that the Security FireWall is launched before any plugins and hooks. Thus, hacker requests will be stopped before they can get access to any site code.


17 de julio de 2024 1 respuesta
Great Plugin, lots of cool features to keep your site clean from spam and malware
5 de julio de 2024 1 respuesta
Been using it for a couple of years now..
1 de julio de 2024 1 respuesta
CleanTalk support team is top-notch. They are always available to help troubleshoot any issues and provide expert advice. I use CleanTalk security and always love it very easy to use and lightweight Highly recommended.
21 de junio de 2024 1 respuesta
While there are various security measures, Security by CleanTalk is an indispensable plugin for safely operating WordPress sites, as it provides comprehensive security features. Here’s what CleanTalk can do: Security firewall for filtering access to the site by IP, network, or countryWeb Application Security FirewallSecurity malware scanner and antivirus functionDaily automatic malware scansBlocking brute force attacks attempting to hack passwordsBlocking brute force attacks on WordPress accountsRestricting login attemptsSecurity protection for WordPress login formsSecurity protection for the WordPress backendDaily security reports via emailSecurity audit logReal-time traffic monitoringChecking outbound linksTwo-factor authenticationMaintaining a malware-free site to improve SEO. (If infected with malware, a warning message will be displayed in Google Chrome, and access to the site will be blocked.)
21 de junio de 2024 1 respuesta
I’ve been using this plug-in for years. It does what it’s supposed to, plus the support team is the BEST.
20 de junio de 2024 1 respuesta
CleanTalk is an amazing WordPress plugin, it not only protect your website against 100s of annoying and risky scams, but also has a Firewall, Anti-Malware, Bruce-Force Protection, and other scan and analysis. With the best price ever. I highly recommend to secure and sleep relax.
Leer todas las 325 reseñas

Colaboradores y desarrolladores

«Security & Malware scan by CleanTalk» es un software de código abierto. Las siguientes personas han colaborado con este plugin.


«Security & Malware scan by CleanTalk» ha sido traducido a 4 idiomas locales. Gracias a los traductores por sus contribuciones.

Traduce «Security & Malware scan by CleanTalk» a tu idioma.

¿Interesado en el desarrollo?

Revisa el código , echa un vistazo al repositorio SVN o suscríbete al registro de desarrollo por RSS.

Registro de cambios

= 2.137 July 09 2024
* Fix. Psalm suppress UndefinedMethod
* Fix. Eslint
* Upd. Disabling analyse Long Line
* Upd. Checking memory_limit
* Upd. Scan. Updated flow for upload hashes.
* Fix. Deprecated conversion of false to array in getPluginReportStatic
* Upd. Changes in the operation of modal windows
* Fix. CamelCase attributes for CriticalUpdate
* Fix. Code. Common lib updated.
* Fix. Settings. Visited pages output in security logs fixed.
* New. Scan. Update front estimates time.
* Upd. Local results clearance. Delete backups, cure logs, cured files data.
* Ref. Cure. New CureStage class used to run curing.
* New. AdjustModule. Setup handler to adjust w3tc
* New. Settings. Critical updates tab implemented.
* Upd. VulnerabilityAlarmView.php. Text updates.
* Upd. VulnerabilityAlarm Service. Every vulnerable theme has unique link now.
* Upd. VulnerabilityAlarmView. Padding added for lists of items on the tab.
* Upd. VulnerabilityAlarm Service. Show PSC modules. Other fixes.
* Fix. VulnerabilityAlarmView.php. Text.
* Fix. VulnerabilityAlarmService. Fix logic.
* Upd. VulnerabilityAlarmService. Update SGV on tab.
* Upd. VulnerabilityAlarmService. Fixed versions check on checkModule iteration.
* Fix. Sacnner. Backups. Backup ID fixed.
* New. RemoteCalls. New RC “launch_background_scan” to launch scan in background.
* Fix. VulnerabilityAlarm.php. Themes collecting fixed.
* Ref. VulnerabilityAlarm. Names.
* Fix. VulnerabilityAlarmService. PHP 8.1 compat fix.
* Upd. VulnerabilityAlarmView. Versions added.
* Fix. Call function on null

= 2.136.1 July 02 2024
* Fix. Settings. Visited pages output in security logs fixed.

= 2.136 June 24 2024
* Fix. Settings. Get key auto button depends on agreement.
* Fix. Cookie. Added nofollow attribute.
* Fix. Settings. Updated statement for 2fa.
* Fix. Security. The upload checker used signatures analysis only for now.
* Upd. WAF. Added waf for admin area.
* Fix. Settings. Updated 2fa handler.
* Upd. FW. Send logs. Signature ID added to logs for WAF blocks cases.
* Fix. FW. Update is_admin handler.
* Upd. Firewall. Logging. Do not rewrite records with different signatures but same type.
* Upd. Scanner. Signatures getting. Plugin is ready to version 3.
* Upd. Scan. Refactoring scan send stage.
* Fix. Settings. Updated timezone format for get_api_key.
* New. Scanner. New category Approved By Cloud implemented.
* Fix. FSWatcher. Logs naming fixed.
* Upd. HeuristicAnalyser. CodeStyle. Long lines check enabled.
* Fix. Fixed the changes when installing composer
* Fix. Added index files
* Fix. FSW. Added rate limit.

= 2.135 June 10 2024
* New. Modal window. Confirm action implemented.
* New. List table. Custom confirm window implemented.
* Upd. Recording and displaying an event from wp_spbc_auth_logs
* Fix. Settings. Don’t show Frontend scanner results category if this option is disabled
* Fix. Scanner. Scan log details – triggered module name added.
* Fix. Firewall. Updated logging process.
* Upd. SQLSchema. Signature body size extended. Schema updated and updater script ready for v2.135.
* Fix. Scanner. Reset weak_spot and severity on modified files.
* Upd. Settings. “About” block refactored. Cure services links added.
* Fix. Firewall. Fixed logged admin counting.
* Fix. Login page. Brute force protection description fixed.
* Fix. Scanner. Outbound links actions fixed.
* Fix. Scanner. Show more button fixed.
* Fix. Settings. 2fa setting long description fixed.

= 2.134.3 June 06 2024
* Upd. FSWatcher. FIle system watcher functionality improved.

= 2.134.2 June 01 2024
* Fix. Admin panel. Banners. Renewal links fixed.

2.134.1 May 28 2024

  • Fix. Security log. Auth actions logging fixed.

2.134 May 27 2024

  • Fix. Scanner. Cure request banner fixed.
  • Upd. Settings. Updated option description.
  • Fix. Code Style lib. Regex to found spec symbols updated to exclude any human-language symbols.
  • Fix. Scanner. Skipped files. Description fixed.
  • Upd. Firewall Update. Update log extended.
  • Upd. Settings. Summary of vulnerability check results
  • Fix. Cron. Fixed updateTask function to save the last_call param.
  • New. SecFW. Pass statuses for the test page has been described.
  • Upd. Scan. Removed spam-active column from outbound links tab.
  • Upd. Settings. Sending to the cloud analysis option modified – added auto mode.
  • Upd. Scanner. Audit banner on unknown list implemented.
  • Upd. Scanner. Heuristic scanner module updated.
  • Fix. Security Firewall. Log admin actions fixed.

2.133 May 13 2024

  • Fix. Scan. Hid appear of error.
  • Fix. Add form for pagination block
  • Fix. Settings. Escape single back-quote on errors output.
  • New. Settings. New endpoint WP ‘user’ blocking option
  • Fix. Settings. Server::inUri
  • Fix. Auth. Updated encoder for generate qr code.
  • Fix. Cookies. Cookie spbc_is_logged_in logic fixed.
  • Ref. Scanner. Common lib. Heuristic. Code Style. Docs and refactoring.
  • Upd. Settings. Scanner. Outbound links description updated.
  • Fix. Vulnerability alarm. Safe badge layout fixed.
  • Upd. Lib. Heuristic scanner library updated.

2.132 Apr 15 2024

  • Upd. Heuristic. Adding noise param.
  • Fix. Admin dashboard widget data update fixed.
  • Fix. Empty actions.
  • Upd. Widget. Gain page action type. Gain actions with users.
  • Fix. Edit comments
  • Mod. Scanner. Heuristic. Comments noise refactored.
  • Fix. Widget. Action of user adding implemented to search.
  • Upd. Security log actions. More page actions parsed.
  • Fix. Scanner. Disapproving bulk action fixed.
  • Upd. VulnerabilityAlarm. Layout of the new logo
  • Upd. MScanFilesDTO. Added new fields
  • Fix. Name fild plugin_heuristic_checked
  • Fix. Settings. WPMS fixes.
  • Upd. Vulnerability Alarm. Changing the vulnerability text
  • Fix. Admin. Cookies logged_in fixed.
  • Max file sizes + skipped accordion tab.

2.131 Apr 1 2024

  • New. Settings. New design of settings page.
  • New. Vulnerability Alarm Service. Themes check implemented.
  • Udp. Vulnerability Alarm Service. Added a link to
  • Upd. UploadChecker. Check vulnerabilities. Use get_file_data() to find plugin info file to get the necessary data.
  • Mod. Scanner. Heuristic analysis. Long lines check temporary disabled.
  • Upd. Scanner tabs. Unknown files description updated.
  • Upd. Scanner tabs. Removed the limit for outbound links found.
  • Fix. Scanner. Heuristic scan by Variables module fixed.
  • Fix. Scanner tabs. Unnecessary comma usage fixed.
  • Fix. Scanner tabs. JS logic fixed on sending for analysis.
  • Fix. Security log. User authorization logging fixed.
  • Fix. Debug. Adding key validity during debug_remote
  • Fix. Code. FileInfoExtended.
  • Upd. Readme. Tested up to 6.5.

2.130.1 Mar 25 2024

  • Fix. FSWatcher. Security improvements.
  • Fix. Scanner. Signatures list updating fixed.

2.130 Mar 12 2024

  • Mod. UploadChecker. Now user can proceed the module installation even if got warning from the UploadChecker.
  • Mod. Outbound links accordion. Layout refactored.
  • Mod. Vulnerability Alarm. Run request to after any plugin installation.
  • Fix. Scanner. Heuristic scan by mathematics module fixed.
  • Fix. Code. Common lib cleantalk/spbct-heuristic-analyser updated.
  • Fix. Scanner. Auto scan scheduling fixed.
  • Fix. Frontend scanner. Sending logs. Bad encoding cases handled. Log record keys number fixed.

2.129 Feb 26 2024

  • Upd. Scanner accordions. Text and HTML updated.
  • Upd. Vulnerability alarm. Added check to install and update process.
  • Upd. FSWatcher. Refactoring settings, add file view, fix dates format.
  • Upd. Heuristic. Removed checking inline js.
  • Fix. Vulnerability alarm. Unexpected type of plugin data handled.
  • Fix. HTTP. Request. Fixed socket error handling.
  • Upd. Debug call. Added las scan result. Connection check skipped if no get param “do_test_connection” added.
  • Fix. Cron. Scanner background. Transaction parsed. Cron “scanner_launch” update implemented instead of adding new.
  • Upd. SecFW. Added ipv6 count to summary.
  • Fix. Settings. 2FA option fixed.
  • Fix. CDNheaders. Check type of stored serialized value before unserialize.
  • Fix. Get CMS hashes. Preventing errors of other actions for hook “plugins_api”.
  • Upd. Heuristic. Skipping svg in long line check.
  • Fix. Vulnerability alarm. Checking installed plugins fixed.
  • Fix. Schema. Redundant columns analysis_status and analysis_comment removed.
  • Fix. FS Watcher. FS Watcher description fixed.
  • Fix. Scanner. Default service data State fixed.
  • Fix. Vulnerability alarm. Skip saving apps info without versions.
  • Fix. Scanner. Frontend malware accordion fixed.
  • Fix. CDNHeadersChecker. Run 1m cron instead of immediate run on settings save.

2.128.1 Feb 21 2024

  • Fix. Test connection. Do not check response code on testing connection.
  • Fix. Common. Redundant expression removed.

2.128 Feb 12 2024

  • New. Calling cloud user_data_update during dismissing review notice.
  • New. System plugins. Vulnerability alarms implemented.
  • Fix. Settings. Show stored IPs count in the summary block.
  • Upd. SecFW. Switch to direct update if updating is freezing.
  • Upd. Scan. Auto send suspicious files.

2.127 Jan 29 2024

  • New. File System Journal feature implemented.
  • New. CodeStyle. Use new hasPHPOpenTags() to skip files with no actual PHP code.
  • Fix. Settings. Changed the period in the message
  • Fix. Auth. Change text.
  • Fix. Settings. Refactoring settings page
  • Fix. Scanner file send. Fix processing statuses if user has files that were send for analysis on old scanner versions.
  • Fix. 2FA. Show role Subscriber, correction of user data verification
  • Fix. Settings. Getting API key errors display.
  • Fix. FS Watcher. Selecting snapshots fixed.
  • Fix. Settings. ListTable unused attribute data-before removed.
  • Fix. Scanner. Suspicious items display fixed.

2.126.1 Jan 24 2024

  • Fix. UploadChecker good result now skipped from logging.
  • Fix. Common. Database tables prefix usage implemented.

2.126 Jan 16 2024

  • New. Firewall update. All queue stages is logged now.
  • New. Scanner results. Now all the heuristic fired files being suspicious instead of critical.
  • New. Scanner. Sends suspicious files to cloud report.
  • New. Feature. CDN headers self check implemented.
  • New. UploadChecker. Checking archive in media uploader.
  • Mod. Code. UploadChecker.php extracted from WAF module.
  • Mod. Settings. Remove button “Delete” from Approved files accordion.
  • Mod. SQL. IP networks separated to v4/v6 tables to reduce database size.
  • Fix. Settings. Changed the period in the message.
  • Fix. Accordions. Red dot status fixed.
  • Fix. Code. mergeWithSavingNumericKeysRecursive() fixed.
  • Fix. Code. File sending. Fix DTO and results merging.
  • Fix. Code. SQL request for pages selector.
  • Fix. Lib. Localization global style.
  • Fix. Lib. Change headers logic for adaptive tales.

2.125 Dec 18 2023

  • New. Activator class implemented.
  • New. Deactivator class implemented.
  • Upd. Heuristic. Add math module.
  • Upd. Code. Common lib (heuristic) updated.
  • Fix. Scanner. Undefined data key fixed.
  • Fix. Scan. Added check for signatures count.
  • Fix. Settings. Getting Access Key message fixed.
  • Fix. SecFW. FW results priority fixed.
  • Fix. PHP 8.2 deprecated notice fixed (creation of dynamic property ::cookie_domain)
  • Fix. PHP 8.2 deprecated notice fixed (creation of dynamic property ::data__set_cookies)

2.124 Dec 05 2023

  • Fix. Table cells popup of hidden long text – CSS fixed.
  • Upd. Traffic control. TC logic updated.
  • Fix. FireWall. Statuses of the triggered networks displayed.
  • Upd. Scanner. Manual cure button implemented.

2.123 Nov 20 2023

  • Fix. Scanner. Files deletion. Comparison of site responses before and after actions added.
  • Fix. Heuristic. Command shell detection. Regex fixed.
  • Fix. Heuristic. Mathematics module fixed.
  • Fix. RenameLoginPage. Skip login renaming process for password-protected pages.
  • Fix. Integrations. Add Password-protected compatibility.
  • Fix. WafBlocker. Compatible with php8.
  • New. Scanner. Analysis bulk actions: deleting implemented.
  • Fix. Scan. Excluded invalid index.
  • Fix. Scan. Added retry for unstable connection.
  • Fix. SecFW. FireWall priority fixed.
  • Fix. Settings. Enqueue scanner-plugin.js script fixed.
  • Fix. Scan. Increasing amount dynamically.
  • Fix. Auth. Removed conflict with password protected pages.
  • Fix. Scan. Handling empty signature_found.
  • Upd. Settings. Additional headers IP getting option updated.
  • Mod. WAF blocker. New reason code “-10”. New description for blocking page.

2.122 Nov 08 2023

  • New. Scan. Hashes blacklists.
  • New. FireWall. New module added: WAF Blocker.
  • Update. Scan. Keep surroundings code of FMS weak in db.
  • Fix. SecFW. Updated the launch rule on wpms.
  • Fix. RenameLoginPage. Skip login renaming process for password-protected pages.
  • Fix. RenameLoginPage. Skip login renaming process for password-protected pages.
  • Fix. Heuristic. Command shell detection. Regex fixed.

2.121 Oct 25 2023

  • Update. Common. Getting ip from resource by option.
  • Update. Scanner. Hidden the listing backups and quarantine directories.
  • Update. Scanner. Added check line length and mark of unreadable.
  • Update. Scanner. Shell commands detection updated.
  • Fix. Notice. Show review banner only administrator.
  • Fix. Helpers. Data. Ignore unlink warnings.
  • Fix. Scanner. Delete row from analysis log.
  • Fix. Settings. Additional exclusions ruleset fixes.

2.120 Oct 09 2023

  • New. Scanner. Automatic send of critical files.
  • New. Scanner. Detecting shell commands into backticks implemented.
  • New. Scanner. Allow to send unknown files for analysis.
  • New. General. New readme and screenshots.
  • Update. Browser sign. Updated sign make logic, and count of remembered devices.
  • Update. Scanner. DANGER files moved to SUSPICIOUS accordion.
  • Update. Scanner. Improve view of suspicious code.
  • Fix. Scanner. Request an audit button fixed.
  • Fix. Scanner. Analysis log fixed.

2.119 Sep 25 2023

  • Fix. Scan. Improve directory filter.
  • New. Admin. Dashboard widget implemented.
  • Fix. Settings. Description about additional headers has been updated.
  • Mod. Heuristic package update. System function shell_exec() now gains “critical” severity.
  • Fix. FireWall. BruteForce protection fixed.
  • Fix. Scanner. Ot extensions support added.
  • Fix. Scanner results. Approved category updated.
  • Fix. System function shell_exec() now gains “critical” severity.
  • Fix. AMP integration
  • Fix. Security log. Security logs description fixed.
  • Fix. Scanner. Disapproving files fixed.
  • Fix. Scanner. Remove disapproving button for approved by CT.

2.118 Sep 11 2023

  • Upd: Scan. Added .ott files for scanning.
  • Fixed spbc_scanner__get_cure_log_data()
  • New. Settings. Drop state data to defaults and remove all the cron tasks on empty key entered.
  • Fix. Extended search for malware with SQL quotes (“).
  • Fix. From heuristic package. Entropy fix.
  • Fix to found superglobals in the code without semicolones
  • Empty key actions
  • Fixed Security Audit Banner, added this to Suspicious
  • Update. Firewall. Table save last 20 rows after send logs, instead of delete all.
  • Fix. Scanner. Unknown section fixed.

2.117 Aug 28 2023

  • New: Settings. Add ability to change admin email.
  • New: Heuristics. Detect super variables in the system commands.
  • New: Show different types of weakspots in severity order.
  • Upd: Scan. Find and show all malwares in Frontend Malware accordion.
  • Upd: Security. Improve security logs view.
  • Upd: Scan. Unset approved by ct status if no hash in list.
  • Upd: Scan. Added .otc files for scanning.

2.116 Aug 14 2023

  • New: WL. Added constants for custom description and FAQ link.
  • Fix: FW. Delete all lines after send fw logs.
  • Fix: WL. Support link in errors.
  • Fix: WL. Email 2FA fixed.
  • Fix: WL. Fixed block pages.
  • Fix: WL. There is no Templates if WL is active.

2.115 July 31 2023

  • New: Firewall. Protect login from brute force even if expired key.
  • New: Scanner. Added extensions to find malware.
  • Fix: Whitelabel. Added rules for check brand info.
  • Fix: Front Scanner. Fixed modal view suspicious code for drive by download malware.
  • Fix: General. Check response code on file delete.
  • Fix: Scanner. Bulk actions fixed and improved.
  • Fix: Scanner. Entropy analyse – Index invalid or out of range.
  • Ref: General. WP 6.3 compatibility. Fixed version checking before scanner run.
  • Ref: Rename login URl. For new instances default new login page rename.
  • Ref: Scanner. Accordeon fields custom length.

2.114 July 17 2023

  • New: Scanner. Added pop up with info how to fix file listening and unsafe permissions.
  • New: SecFW. Manage Firewall as option and refactored clear scanner logs button for admin access.
  • New: User can disable email notification on change login url.
  • Ref: General. HTTP lib refactoring.
  • Ref: Settings. Added spbc__get_exists_directories().
  • Fix: Scan. Fixed count outbound links.

2.113 July 03 2023

  • Ref: Update. Scanner. Remove green dot and fix typo.
  • Ref: Update. Scanner. Added bulk actions for frontend malware and fix tabs view.
  • New: Implemented a file recovery mechanism.
  • Ref: Refactoring spbc_settings__field__draw().
  • Fix: Scanner. Shuffle salts suggestion after curing fixed.
  • Ref: Update. Scan. Removed duplicate of status in quarantine tab.
  • New: Scanner. Entropy analysis added.

2.112 June 19 2023

  • New: Scanner. Heuristic and signatures scanner libraries implemented.
  • Fix: Code. Auto Tests fixed.
  • Fix: Code. Auto Tests fixed.
  • Fix: Code. Travis config fixed.
  • Ref: Refactoring spbc_field_scanner__prepare_data__files().
  • Fix: Common. Checking ajax requests improved.
  • Fix: Common. Checking ajax requests fixed.
  • New: Code. Release notice automation added.
  • New: Cure Log – Cure action implemented
  • New: Important Files Monitoring.
  • Fix: Dashboard. Replaced wp_timezone_string to spbc_wp_timezone_string.

2.111 June 5 2023

  • New: PDF report. Cure log support.
  • Fix: Fixed trial banner.
  • Fix: Scanner PDF report. PHP 8+ compatibility.
  • New: Cure log implementation. Cure log PDF updates.
  • Mod: Added new Security license status.
  • Fix: Code. Code style fixed.
  • Fix: Settings. Firewall tab moved to the first spot.
  • Fix: Traffic control. Do not log TC records if user is skipped by a role.
  • Fix: Cookies. Unset spbc_is_logged_in cookie on logout hook.
  • Fix: Security logs. Do not send already sent logs on events.
  • Fix: File deletion. Cancel if file is required in PHP ini.
  • Mod: Frontend approved pages.
  • Fix: File replacement with original fix.
  • Mod: Analysis. Handled files can be deleted from analysis log.

2.110 May 22 2023

  • Fix: Scanner. Making verdict fixed.
  • Mod: Improved security log
  • Fix: MscanFilesDTO. Make weak_spots signs unique.
  • Fix: Scanner. Approved files will be check again if they were modified.
  • Fix: Settings. List unknown files is active for the new installations.
  • Fix: Trial expired. Remove forbidden error message in dashboard if trial expired.
  • Fix: File analysis. Approved files shown as approved in abnalysis log.
  • New: Firewall. Ipv6 handler implemented.
  • Ref: Settings. spbc_seconds_to_human_time refactored and docs added.
  • New: Remote calls. update_pscan_statuses

2.109.1 May 15 2023

  • Fix. Scanner. Heuristic logic fixed.

2.109 May 11 2023

  • Fix. Scanner. Improved heuristic.
  • Fix. Code. Created checkingSpecialDecryptedToken().
  • Fix. Code. Created FunctionsDecryptorService.
  • Fix. Scanner. Modified SQL for SUSPICIOUS results.
  • Fix. Firewall. Skip records with foud status 99.
  • Update. Whitelabel. Replace brand data to spbc->data.
  • Update. Scan. Add frontend malware send method to scanner queue.
  • Fix. White label. Some custom brand entries fixed.
  • Fix. WL mode. Affiliate section settings disable if the WL mode is active.

2.108.1 Apr 27 2023

Fix-release. Fixed error during tries to resend approved files.

  • Fix. Pscan. Now sends files correctly in case if file approved_by_ct.

2.108 Apr 24 2023

Cloud Malware Scanner (CMwS) implemented. Now suspicious files that sent for analysis will be checked via Cloud logic.

  • New. Cloud Malware Scanner (CMwS) implemented.
  • Fix. Firewall logs. IPv6 records now adds correct to the local database on feedback.

2.107 Apr 10 2023

Ready to apply settings template from CleanTalk dashboard, uploading files WAF check improved and heuristic scanner fix for Windows systems.

  • New. Settings. Plugin is ready to set a preset plugin settings template from the CleanTalk dashboard.
  • Mod. WAF. Uploading files. Check files with signature analysis in addition to heuristic analysis.
  • Fix. Scanner. Heuristic analysis. Files counting now works correctly on Windows systems.

2.106.1 Mar 30 2023

Fix release. Traffic control and Brute-Force protection now work and correct handle with IPV6 addresses.

  • Fix. TC & BFP database handling fixed.

2.106 Mar 27 2023

Tested with WordPress up to: 6.2, traffic control timing options updated and some minor fixes applied.

  • Mod. Tested WordPress up to: 6.2.
  • Mod. Traffic control. Changed time selector options.
  • Fix. Do not glue spbc dialog rows on bad code/file content preview.
  • Fix. WAF. Upload checker details area fixed.
  • Fix. Reduce firewall priority calculation cycle.
  • Fix. HTTP lib. WP 6.2+ supporting implemented.
  • Fix. Do not skip files analysis if aggregated size is overlimited.
  • Fix. Do not show suspicious files if they have been sent for analysis.
  • Fix. Heuristic. Unsetting verdict removed.

2.105 Mar 14 2023

Traffic control IP table fixed, JS files now scans via scanner, service post meta hiding, fix of timezone appearances and some other minor improvements.

  • Mod. Post meta. Hide post meta fields to prevent their display.
  • Mod. Scanner. Add js files to scan.
  • Fix. Lot of changes in timezones layout.
  • Fix. BFP. Remove outdated BFP code.
  • Fix. Traffic control. Cleaning TC table fixed.
  • Fix. Scanner. FilesystemIterator return .. and . begins with php8.2
  • Fix. Suspicious files now appears correct.

2.104 Feb 28 2023

Improved code style, fixed some bugs, added new functionality.

  • Fix: Heuristic. Variables execution fixed.
  • Fix: Scanner. Slicing tokens fixed.
  • New: Added SPBCT_ALLOW_CURL_SINGLE for frontend analysis.
  • Mod: Sending logs. Files curing result now sends to the cloud correctly.
  • Fix: Do not clear cured files array.
  • Mod: Banner on trial end. Banner is not dismissible on the SPBC settings pages.
  • Fix: Scanner. Added handler for errors caused third-party plugins.
  • Fix: 2FA. Corrected work to find the user account.
  • Fix: Scan. Commented decodeData method in heuristic class, because it’s unstable.
  • Fix: Firewall. Extend Helper\IP logic for x_real_ip, for handle ipv6 if there is ipv4 with stubs.

2.103 Feb 13 2023

Improved code style, fixed some bugs, added new functionality

  • Fix: Heuristic. De-obfuscated strings concatenation fixed.
  • Fix: TC. Traffic control checking logic simplified.
  • Fix: Check php_uname or PHP_OS is available. Prevent fatal error and do not allow start scanner if so.
  • Ref: All is_windows checks moved to SpbctWp/State.
  • Fix: Apply changes to parent method except WP specific.
  • Upd: Firewall. Rename firewall block status.
  • Upd: Firewall. Added column “requests per n minutes”.
  • New: Scanner. Able to get a pdf version of scan log.
  • Mod: Added clearing of custom message from unallowed tags.
  • Fix: Fixed event_runtime.
  • Fix: Scanner. Scanner tab content layout fixed.
  • Fix: Scanner. Refresh scan info after scanning.

2.102 Jan 30 2023

Improved code style, fixed some bugs, added new functionality

  • Mod: Improved scan log.
  • Mod: Improved the mechanism for adding signatures to the database.
  • Fix: Scanner. Fixed final scan log array offset warning.
  • Fix: Collecting themes via themes_api instead of plugins_api.
  • Fix: Try to get firewall files hashes agagin before throw an error.
  • Fix: Scanner. Exclude approved files from send.
  • Fix: FW update. Now does not ignore networks with different statuses
  • Fix: Generate backups tab and link anyway.

2.101 Jan 16 2023

Improved code style, fixed some bugs, added new functionality

  • New: Logging of scanning stages
  • New: Settings. Brute force protection settings added.
  • New: Malware Scanner. Warn user on settings and admin bar if critical files or frontend malware found.
  • New: Malware Scanner. Warn user on settings and admin bar if critical files or frontend malware found.
  • Mod: Mscanner. Custom period autostart.
  • Mod: Red dot for malware scanner files list and admin bar
  • Mod: Log layout refactored.
  • Upd: Scanner. Added functionality of description for frontend results.
  • Upd: Settings. FW logs tab updated.
  • Ref: Log layout refactoring
  • Ref: Settings hints refactoring
  • Ref: “users online” name refactored to admins online
  • Fix: Scanner. Compelled refactoring from “Error Control Operators” to try-catch.
  • Fix: Admins online bar counter now count admin users only.
  • Fix: Autocure end condition fix.
  • Fix: Reverted previous fix, autocure result data moved to another condition.
  • Fix: Settings. Admin bar – extra attention marks removed.
  • Fix: Settings. Firewall tab – description updated.
  • Fix: Settings. Typo fixed.
  • Fix. Errors. Correction for resending to analysis error.
  • Fix. Query. WPMS stat.
  • Fix. Frontend query change.
  • Fix. SecFW. New statuses 99 implemented.
  • Fix. Code. Code style fixed.
  • Fix. Files listing. Display accessible files fixed.
  • Fix. Heuristic. Scanning process modified.

2.100 Dec 12 2022

Improved code style, fixed some bugs, added new functionality

  • New: Trusted text and affiliate settings.
  • New: Remote calls. Private records handler.
  • New: TC. New option added – exclude authorized user.
  • Mod: Frontend scanner. Getting content for scanning is asynchronous now.
  • Mod: Frontend scanner. Scan amount increased to 20.
  • Mod: Analysis log. Date format changed.
  • Mod: SFW. Checking hashes of uploaded files
  • Mod: Added anchors to navigate through the settings sections.
  • Fix: Variables. Cookies secure flag fixed.
  • Fix: Fixed Unsafe Permissions description
  • Fix: Login page. Warnings custom login url on php 8.
  • Fix: Zapier works with 2FA
  • Mod: Added a description to the analysis results

2.99 Nov 28 2022

Improved code style, fixed some bugs, added new functionality

  • Fix: WAF logs. Single quote escape during SQL write on WAF logs write.
  • Fix: WAF logs. Single quote escape enchance.
  • Ref: spbc_get_modules_by_type() – fixed getting Name
  • Ref: get_modules_hashes()
  • Mod: Admin page. Url is changed when switch tab, and added hotkey Ctrl+F5 for reload current tab.
  • Fix: HTTP lib. Response::runCallbacks method fixed.
  • Mod: Update. Frontend. Urls in text message render to links.

2.98 Nov 14 2022

Improved code style, fixed some bugs, added new functionality

  • Mod: the confirmation code length is 8 digits
  • Ref: Updated description for option SEND PHP LOG
  • Ref: Removed unused issueHandlers from psalm.xml
  • Ref: spbc_PHP_logs__detect_EOL_type()
  • Ref: Updated Website total files description
  • Ref: Removed HOST checking in spbc_scanner_page_view()
  • Fix: Frontend. Tooltip hide when mouseover
  • Fix: ScannerQueue. Class usage fixed.
  • Mod: Added description for file scan results

2.97 Oct 28 2022

Improved code style, fixed some bugs, added new functionality

  • Mod: Frontend scanner – exclude unmodified pages
  • Test: Compatibility tested up to WP 6.1
  • New: MScanFilesDTO class implemented.
  • Fix: Now correctly transfer number of core files and total count of files.
  • Fix: Scanner. Now run autocure even if has results of previous heuristic scan.
  • Fix: Surface scanner. Prevent type error if directory permission is restricted due surface scanning.
  • Fix: spbc_resend_failed_files_for_analysis. Text fixes.

2.96 Oct 17 2022

Improved code style, fixed some bugs, added new functionality

  • Fix: Improved code style, fixed some bugs
  • Fix. Use wp_send_json() instead die(json_encode(…))
  • Mod: Added bulk action for Deleting into Analysis log
  • Mod: Unsafe Permissions – Checking permission to access important files and folders
  • Fix: spbc_resend_failed_files_for_analysis()
  • Fix: RC. Update settings remote call fixed
  • Fix: Fixed SQL for critical files
  • Fix: Fixed key_changed after getting template

2.95 Oct 03 2022

Improved functionality of the tab with files sent for analysis, removed the ability to send unknown files for analysis, fixed some bugs.

  • Fix. spbc_scanner_page_view()
  • Fix. Frontend scan. WordPress postmeta table now selects correctly.
  • Fix. Scanner log bulk actions.
  • Fix. Critical files log.
  • Fix. spbc_scanner_file_check_analysis_status.
  • Fix. spbc_scanner_file_send_for_analysis__bulk.
  • Mod. Scanner actions. View “bad” code buttons renamed.
  • Mod: Removed the ability to send unknown files for analysis
  • Mod: Improved functionality of the tab with files sent for analysis

2.94 Sep 15 2022

Fixed some bugs, improved performance, improved scanner operation.

  • New. Frontend scanner. Approving malware implemented.
  • Fix: Changed captures on banners
  • Fix: List table. Actions separator displaying fixed.
  • Fix. spbc_firewall__check(). If module poppyz is active, force new WP
  • Ref: PSR-12 Standarts
  • Fix: Fixed the incompatibility of the banner system between antispam
  • Fix: Fixed the data that the function spbc_get_source_info_of returns
  • Fix: Fixed spbc_get_source_info_of return data
  • Fix: Fixed frontend_analysis method
  • Fix: Fixed Frontend->getPagesUri
  • Fix: Fixed Frontend::countUncheckedPages
  • Fix. Settings template. Reset setting fixed.

2.93 Sep 05 2022

Complete deactivation fixed, Frontend scanner improved, WPMS issues fixed and some minor issues fixed.

  • New: Backups. Delete when complete deactivation.
  • New. Frontend scanner. Re-scan the page during view bad code.
  • Fix: Scanner. Heuristic. Add a detected_at for heuristically spotted attachments.
  • Fix: Firewall. WPMS. Update on child blogs. Remote calls using its own blog URL.
  • Fix: Firewall. WPMS. Update on child blogs. ‘fw_stats’ option loads for each blog separately.
  • Fix: Scan logs. Hide last scan log on a new scan process.
  • Fix: Removed fw__append_standard_message and server_response_combine
  • Fix: Scanner. Sending results fixed.
  • Fix. Settings template. Reset setting fixed.

2.92 Aug 15 2022

SecFW updating fixed, scanner cure fixed and some minor issues fixed.

  • Mod: HTTP lib. Prepare URLs array in the setURL() method.
  • Mod: Security Firewall. Update. Download 20 files by one queue execution.
  • Upd: Common. Additional security headers added.
  • Fix. Scanner. Cure backups fixed.
  • Mod: Exclude files approved by the user from verification
  • Fix. Settings template. Reset setting fixed.

2.91.1 Jul 27 2022

Missed commits implemented. Minor issues fixed.

  • New: FW Update. Make dependence for retries related to files count.
  • Fix. API request. Do not retry request if error contain CleanTalk prepared server error.
  • Fix: Heuristic. Use files paths without root due scan.
  • Fix: Queue. Unset error in stage if stage has been retried successfully.
  • Fix: Error output. Fix wrong variable name.
  • Fix: SpbctWP\Scanner\ScannerQueue::controllerBackground(). Use correct transaction name.
  • Fix: Scanner. The file ‘Detected at’ property is set for every file.
  • Fix: Common\Sanitize cast integer filter to integer …