=== Security & Firewall by CleanTalk === Contributors: shagimuratov, serge00, Aleksandrrazor, sartemd174 Requires at least: 3.0 Stable tag: 1.9 Tested up to: 4.7.1 Tags: login, bruteforce, login protection, brute force attack, brute force protection, login security, password, password admin, password bruteforce, security, secure, firewall,security log, wordpress security, security plugin,login alerts, brute force,security firewall, personal security, admin security, actions, audit, audit log, audit trail, log, security audit trail, security monitor, security activity log, security alerts, trail, users, firewall country License: GPLv2 License URI: http://www.gnu.org/licenses/gpl-2.0.html Security FireWall by CleanTalk protects WordPress against Brute force hacks. Security reports to email. Easy-to-use security plugin. Login security. == Description == = Security features = 1. Stops brute force attacks to hack passwords. 2. Stops brute force attacks to find WordPress accounts. 3. Secures WordPress login form. 4. Secures WordPress backend. 5. Security FireWall to filter access to your site by IP, Networks or Countries. 5. Security daily report to email. 6. Security audit log. **Security, anti Brute Force firewall**. It adds a few seconds delay for any failed attempt to login to WordPress back-end. Security & Firewall by CleanTalk makes access to your website more secure. **Security report and security log** include login attempts for non-existent accounts. Bots do not know the user logins of your website and they try to use brute force method to find real user logins. CleanTalk security firewall will stop this threat. CleanTalk security firewall is created with maximum regard for the needs of users do not have extensive knowledge of security. Easy-to-use firewall allows you to ensure security and protect your site from brute force. = Security FireWall = To enhance the security of your site, you can use the Security FireWall, which will allow you to block access by HTTP/HTTPS to your website for individual IP addresses, IP networks and block access to users from specific countries. Security FireWall may significantly reduce the risk of hacking and reduces the load on your web server. Use personal BlackList to block IP addresses with a suspicious activity to enhance the security. To use Security FireWall you have to have CleanTalk account. = Security report by email = Every day the plugin sends Security report to your email. The report provides data on the number of incorrect password entries and the IP addresses from which the tried to sign in. = Security Audit Log: control the actions in the admin area to improve the security of your site = **Security Audit Log** keeps track of actions in the WP Dashboard to let you know what is happening on your blog. With the Security Audit Log is very easy to see user activity in order to understand what changes have done and who made them. Security Audit Log shows who logged in and when and how much time they spent on each page. = Brute force security = Brute force attack is an exhaustive password search to get full access to an Administrator account. Passwords are not the hard part for hackers taking into account the quantity of sent password variants per second and the big amount of IP-addresses. Brute force attack is one of the most security issues as an intruder gets full access to your website and can change your code. Consequences of these break-ins might be grievous, your website could be added to the [botnet] and it could participate in attacks to other websites, it could be used to keep hidden links or automatic redirection to a suspicious website. Consequences for your website reputation might be very grievous. = Anti Brute force security = The plugin is effective — it doesn't load the server, doesn't enquire the database and doesn't create any tables. It doesn't put anything in ".htaccess" as it could have a negative effect on your website accessibility or block the access to Administrator profile. Security & Firewall by CleanTalk takes optimal delay time between login attempts when a user corrects his credentials and tries to log in again. These seconds are more than enough for a user. If a user didn't make it in time — he can always retry and the delayed time will be nullified. Security & Firewall by CleanTalk reduces the effectiveness of brute-force attacks. A bot spends milliseconds to submit passwords, but the firewall allows to do it once in several seconds. If a bot needed a few months to find correct password, the protection prolongs the time to several years. = How to improve security on your own WordPress website. This a short list for WP security = Security in WordPress is taken very seriously, but as with any other system there are potential security issues that may arise if some basic security precautions aren't taken. * Don't publish posts and comments from the administrator account. * Create other accounts for each administrator with another role such as Author or Editor. It all depends on your needs. Assign people to the appropriate roles and you'll greatly reduce your security risk. * If someone requires administrator access momentarily for a configuration change, grant it, but then remove it upon completion of the task. * Backups are invaluable. If you have a recent backup of your site then you will be able to restore it back to normal no matter what bad thing might happen. Use these easy tips for WP security to avoid serious consequences. = Security Log = Security log keeps online a log of attempts to log in. Security log includes IP/Country/data/time, username and action result, was authorization successful or failed. **Security FireWall by CleanTalk** helps of WordPress administrators, owners and security professionals ensure the security of their websites and blogs before they become a security problem. WordPress is the most popular CMS and therefore it's a frequent target for brute force attacks and every website should have additional website security measures in place as a standard. Due to the nature of these attacks, you may find your server's memory goes through the roof, causing performance problems. This is because the number of HTTP requests (that is the number of times someone visits your site) is so high that servers run out of memory. The dictionary attack is a password attack that attempts to determine a password by trying words from a predefined list, or dictionary, of likely passwords. A “dictionary attack” is similar and tries words in a dictionary — or a list of common passwords — instead of all possible passwords. This can be very effective, as many people use such weak and common passwords. Sometimes, rather than trying many passwords against one user, another brute force attack method is to try one password against many usernames. This technique is worth noting as it is where most account lockout policies fail. This brute force attack is less common, however, because it's often difficult for the attacker to compile a sufficiently large volume of usernames for the reverse attack. Brute-force attacks become faster and more effective with each passing day as newer, faster computer hardware is released. There are a number of techniques for preventing brute force attacks . A better, albeit more complicated technique is progressive delays. With progressive delays, user accounts are locked out for a set period of time after a few failed login attempts. The lock-out time increases with each subsequent failed attempt. This prevents automated tools from performing a brute force attack and effectively makes it impractical to perform such an attack. CleanTalk security firewall uses this method to block brute force attacks. = Free trial then $20 per year = All logs are stored in the cloud for 45 days. Security by CleanTalk is a free plugin which work with the premium Cloud service cleantalk.org. This plugin as a service https://en.wikipedia.org/wiki/Software_as_a_service. = TODO = * Change time of Daily report to 10am. * Add a malware scanner. * Fix issue with 'Fatal error: Uncaught exception 'phpmailerException' with message 'Invalid address: wordpress@*.org'' == Installation == Installing the plugin is very simple and does not require much time or special knowledge. = Installation Instructions = 1. Navigate to Plugins Menu option in your WordPress administration panel and click the button "Add New". 1. Type CleanTalk in the Search box, and click Search plugins. 1. When the results are displayed, click Install Now. 1. Select Install Now. 1. Then choose to Activate the plugin. 1. After activated, go to plugin settings. Then you will need to create an API key, this is done automatically for you. Just click on "Get access key automatically" Installation completed successfully. = Manual installation = 1. Download latest version on your computer's hard drive. 1. Go to your WordPress Dashboard->Plugins->Add New->Upload CleanTalk zip file. 1. Click Install Now and Activate. 1. After activated, go to plugin settings. Then you will need to create an API key, this is done automatically for you. Just click on "Get access key automatically" Installation completed successfully. == Frequently Asked Questions == = How to test the plugin? = Please use the wrong username or password to log-in to your WP admin panel to see how the Security Plugin works. Then you may log-in with your correct account name and see the logs for the last actions in the settings or our plugin. Also, Audit Log will display the last visited URL's of the current user. = Is the plugin compatible with WordPress MultiUser (WPMU or WordPress network)? = Yes, the plugin is compatible with WordPress MultiUser. = Is it free or paid? = The plugin is free. But the plugin uses CleanTalk cloud security service. You have to register an account and then you will receive a free trial to test. When the trial (on CleanTalk account) is finished, you can renew the subscription for 1 year or deactivate the Security by CleanTalk plugin. If you haven’t got access key, the plugin will work and you will have logs only on the plugin settings page for last 20 requests. = How to control security activities on your website? = Go to your CleanTalk account->Log. Use filters to sort data for analyses. Security logs provide you to receive and keep information for 45 days. You have the following possibilities: 1. Time period for all records you want to see. 2. Website for which you want to see security records. Leave the field empty to see security records for all websites. 3. Choose an event you want to see: * Authorization Login — all successful logins to your website. * Authorization Logout — all closed sessions. * Authorization Invalid username — login attempts with not existing username. * Authorization Auth failed — wrong password login attempts. * Audit View — records of actions and events of users in your website backend. 4. Searching records by IP address. 5. Searching records by country. There are date and time of events for each record, username who performed an action and his IP (country) address. How to use Security Log https://cleantalk.org/help/Security-Log = Is it possible to set custom email for notification? = Yes, it is possible. Go to your CleanTalk account->Change email https://cleantalk.org/my/change-email = Why do you need an access key? = Access Key allows you to keep statistics up to 45 days in the cloud and different additional settings and has more possibilities to sort the data and analyses. Our plugin evolves to Cloud Technology and all its logs are transferred to Cloud. Cloud Service takes data processing and data storage and allows to reduce your webserver load. = What happens after the end of the trial period? = The plugin will fully perform its functions after the end of the trial period and will protect your website from brute force attacks and will keep Action Log in your WP Dashboard, but the number of entries in the log will be limited to the last 20 entries/24 hours. Also, you will receive a short daily security report to your email. Premium version allows to storage all logs for 45 days in the CleanTalk Dashboard for further analysis. == Screenshots == 1. **Security report**. The report includes list of Brute force attacks or failed logins and list of successful logins. The plugin sends the reports daily. 1. **Security Log**. The log includes list of Brute force attacks or failed logins and list of successful logins for up to 45 days. To do the log is not accessible for hackers the plugin keeps the log on CleanTalk servers. 1. **Brute-force attacks log**. The log includes list of attacks for past 24 hours and shows only last 20 records. To see the full report please check the Daily security report in your Inbox. == Changelog == = 1.9 January 26 2017 = * Added new feature Security FireWall. * Common optimization. * Minor bug fixes. = 1.8.2 January 16 2017 = * Cron hooks fix = 1.8.1 December 29 2016 = * Translation fix = 1.8 December 23 2016 = * Fixes for settings page. * Showing last logs sending time in settings. = 1.7.2 December 19 2016 = * Fixed issue with logging for brute-force attacks. = 1.7.1 December 13 2016 = * Fix for translation system. * Added Russian language support. * Minor fixes. = 1.7 December 12 2016 = * Added support for WPMS. * Personal log possibility for each website. * Translation system attached. * Varnish extension compatibility. = 1.6.1 November 29 2016 = * Fixed error for some PHP versions. = 1.6 November 29 2016 = * Cloud service API key. * Cloud service dashboard. * Logs are stored in Cloud. * Protection status. * Code optimization. = 1.5.2 November 16 2016 = * Fixed conflict with CleanTalk Anti-spam plugin. = 1.5.1 November 14 2016 = * Fixed and improve log. * Fixed database error. * Changed update logic. = 1.5 November 13 2016 = * Logging viewed admin's page. * Counting viewed time. = 1.4.3 November 2 2016 = * Fixed issue with Security report. On some hostings the report couldn't be send by WP Cron because of PHP Fatal error with spbc_report_country_part(). = 1.4.2 October 20 2016 = * Improved the Security log. The new version includes brute force attacks to find WordPress accounts. * Applied changes to localize the plugin via Translating WordPress.org. * Minor backend fixes. = 1.3.1 September 29 2016 = * Fixed issue with PHP 5.2 and Security reports. * Fixed issue with WordPress notice after plugin activation. = 1.3 September 20 2016 = * Added a log of last 20 events (login, logout, auth failed and etc.) in WordPress backend to the plugin settings. * Added WP cron call for every auth_failed event. This fix has been made to avoid issue with missed Daily security reports on low visited web sites. = 1.2.3 September 14 2016 = * Added a country name in the Daily report for each IP address in the list of Brute-Force attacks. * Minor changes with WP Cron integration. = 1.2.1 September 5 2016 = * Fixed issue with Daily security report. Previous version (1.2) didn't send the report. = 1.2 September 2 2016 = * Added Daily security report. The report includes list of Brute-force attacks or failed logins and list of successful logins. = 1.1.1 August 29 2016 = * Removed some statement to debug the plugin. = 1.1 August 29 2016 = * Added 10 seconds delay for a failed attempt if more then 5 failed attempts have been made for past 1 hour. = 1.0.1 August 24 2016 = * Minor fix. = 1.0 August 19 2016 = * First release with anti brute force hacks protection. == Upgrade Notice == = 1.9 January 26 2017 = * Added new feature Security FireWall. * Common optimization. * Minor bug fixes. = 1.8.2 January 16 2017 = * Cron hooks fix = 1.8.1 December 29 2016 = * Translation fix = 1.8 December 23 2016 = * Fixes for settings page. * Showing last logs sending time in settings. = 1.7.2 December 19 2016 = * Fixed issue with logging for brute-force attacks. = 1.7.1 December 13 2016 = * Fix for translation system. * Added Russian language support. * Minor fixes. = 1.7 December 12 2016 = * Added support for WPMS. * Personal log possibility for each website. * Translation system attached. * Varnish extension compatibility. = 1.6.1 November 29 2016 = * Fixed error for some PHP versions. = 1.6 November 29 2016 = * Cloud service API key. * Cloud service dashboard. * Logs are stored in Cloud. * Protection status. * Code optimization. = 1.5.2 November 16 2016 = * Fixed conflict with CleanTalk Anti-spam plugin. = 1.5.1 November 14 2016 = * Fixed and improve log. * Fixed database error. * Changed update logic. = 1.5 November 13 2016 = * Logging viewed admin's page. * Counting viewed time. = 1.4.3 November 2 2016 = * Fixed issue with Security report. On some hostings the report couldn't be send by WP Cron because of PHP Fatal error with spbc_report_country_part(). = 1.4.2 October 20 2016 = * Improved the Security log. The new version includes brute force attacks to find WordPress accounts. * Applied changes to localize the plugin via Translating WordPress.org. * Minor backend fixes. = 1.3.1 September 29 2016 = * Fixed issue with PHP 5.2 and Security reports. * Fixed issue with WordPress notice after plugin activation. = 1.3 September 20 2016 = * Added a log of last 20 events (login, logout, auth failed and etc.) in WordPress backend to the plugin settings. * Added WP cron call for every auth_failed event. This fix has been made to avoid issue with missed Daily security reports on low visited web sites. = 1.2.1 September 5 2016 = * Fixed issue with Daily security report. Previous version didn't send the report.