Spam protection, AntiSpam, FireWall by CleanTalk - Version 5.38.1

Version Description

2016-03-24 = * Fixed issue with PHP sessions and 'The session id is too long or contains illegal characters'. * Removed SpamFireWall protection on /feed page. * Disabled anti-spam tests for AJAX calls if the option 'Custom contact forms' is turned off. * Added reject notice for spam submissions on Gravity forms with AJAX calls.

Download this release

Release Info

Developer shagimuratov
Plugin Icon 128x128 Spam protection, AntiSpam, FireWall by CleanTalk
Version 5.38.1
Comparing to
See all releases

Code changes from version 5.37.3 to 5.38.1

Files changed (5) hide show
  1. cleantalk.php +32 -4
  2. inc/cleantalk-ajax.php +20 -0
  3. inc/cleantalk-common.php +5 -1
  4. inc/cleantalk-public.php +23 -6
  5. readme.txt +550 -38
cleantalk.php CHANGED
@@ -3,12 +3,12 @@
3
  Plugin Name: Anti-Spam by CleanTalk
4
  Plugin URI: http://cleantalk.org
5
  Description: Max power, all-in-one, captcha less, premium anti-spam plugin. No comment spam, no registration spam, no contact spam, protects any WordPress forms.
6
- Version: 5.37.3
7
  Author: СleanTalk <welcome@cleantalk.org>
8
  Author URI: http://cleantalk.org
9
  */
10
- $cleantalk_plugin_version='5.37.3';
11
- $ct_agent_version = 'wordpress-5373';
12
  $cleantalk_executed=false;
13
 
14
  if(defined('CLEANTALK_AJAX_USE_BUFFER'))
@@ -49,8 +49,36 @@ if(!defined('CLEANTALK_PLUGIN_DIR')){
49
  {
50
  $value=0;
51
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
52
 
53
- if($value==1 && !is_admin() && stripos($_SERVER['REQUEST_URI'],'/wp-admin/')===false || $value==1 && defined( 'DOING_AJAX' ) && DOING_AJAX)
54
  {
55
  $is_sfw_check=true;
56
  $ip=cleantalk_get_ip();
3
  Plugin Name: Anti-Spam by CleanTalk
4
  Plugin URI: http://cleantalk.org
5
  Description: Max power, all-in-one, captcha less, premium anti-spam plugin. No comment spam, no registration spam, no contact spam, protects any WordPress forms.
6
+ Version: 5.38.1
7
  Author: СleanTalk <welcome@cleantalk.org>
8
  Author URI: http://cleantalk.org
9
  */
10
+ $cleantalk_plugin_version='5.38.1';
11
+ $ct_agent_version = 'wordpress-5381';
12
  $cleantalk_executed=false;
13
 
14
  if(defined('CLEANTALK_AJAX_USE_BUFFER'))
49
  {
50
  $value=0;
51
  }
52
+
53
+ /*
54
+ Turn off the SpamFireWall if current url in the exceptions list.
55
+ */
56
+ if ($value == 1 && isset($cleantalk_url_exclusions) && is_array($cleantalk_url_exclusions)) {
57
+ foreach ($cleantalk_url_exclusions as $v) {
58
+ if (stripos($_SERVER['REQUEST_URI'], $v) !== false) {
59
+ $value = 0;
60
+ break;
61
+ }
62
+ }
63
+ }
64
+
65
+ /*
66
+ Turn off the SpamFireWall for WordPress core pages
67
+ */
68
+ $ct_wordpress_core_pages = array(
69
+ '/wp-admin',
70
+ '/feed'
71
+ );
72
+ if ($value == 1) {
73
+ foreach ($ct_wordpress_core_pages as $v) {
74
+ if (stripos($_SERVER['REQUEST_URI'], $v) !== false) {
75
+ $value = 0;
76
+ break;
77
+ }
78
+ }
79
+ }
80
 
81
+ if($value==1 && !is_admin() || $value==1 && defined( 'DOING_AJAX' ) && DOING_AJAX)
82
  {
83
  $is_sfw_check=true;
84
  $ip=cleantalk_get_ip();
inc/cleantalk-ajax.php CHANGED
@@ -325,6 +325,13 @@ function ct_ajax_hook()
325
  $message = '';
326
  $nickname=null;
327
 
 
 
 
 
 
 
 
328
  //
329
  // Go out because we call it on backend.
330
  //
@@ -491,6 +498,19 @@ function ct_ajax_hook()
491
  print '{"form_id":'.$_POST['_form_id'].',"errors":false,"success":{"success_msg-Success":"'.$ct_result->comment.'"}}';
492
  die();
493
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
494
  else
495
  {
496
  print $ct_result->comment;
325
  $message = '';
326
  $nickname=null;
327
 
328
+ //
329
+ // Skip test if Custom contact forms is disabled.
330
+ //
331
+ if (intval($ct_options['general_contact_forms_test'])==0 ) {
332
+ return false;
333
+ }
334
+
335
  //
336
  // Go out because we call it on backend.
337
  //
498
  print '{"form_id":'.$_POST['_form_id'].',"errors":false,"success":{"success_msg-Success":"'.$ct_result->comment.'"}}';
499
  die();
500
  }
501
+ //
502
+ // WooWaitList
503
+ // http://codecanyon.net/item/woowaitlist-woocommerce-back-in-stock-notifier/7103373
504
+ //
505
+ else if($_POST['action']=='wew_save_to_db_callback')
506
+ {
507
+ $result = array();
508
+ $result['error'] = 1;
509
+ $result['message'] = $ct_result->comment;
510
+ $result['code'] = 5; // Unused code number in WooWaitlist
511
+ print json_encode($result);
512
+ die();
513
+ }
514
  else
515
  {
516
  print $ct_result->comment;
inc/cleantalk-common.php CHANGED
@@ -111,7 +111,11 @@ function ct_plugin_loaded() {
111
  function ct_init_session() {
112
  $session_id = session_id();
113
  if(empty($session_id) && !headers_sent()) {
114
- session_start();
 
 
 
 
115
  }
116
 
117
  return null;
111
  function ct_init_session() {
112
  $session_id = session_id();
113
  if(empty($session_id) && !headers_sent()) {
114
+ $result = @session_start();
115
+ if(!$result){
116
+ session_regenerate_id(true); // replace the Session ID, bug report https://bugs.php.net/bug.php?id=68063
117
+ session_start();
118
+ }
119
  }
120
 
121
  return null;
inc/cleantalk-public.php CHANGED
@@ -1919,12 +1919,21 @@ function ct_contact_form_validate () {
1919
 
1920
  $ct = $ct_base_call_result['ct'];
1921
  $ct_result = $ct_base_call_result['ct_result'];
1922
-
1923
  if ($ct_result->allow == 0) {
1924
  //@header("CtResult: Not Allow");
1925
  cleantalk_debug("CtResult", "Not Allow");
1926
 
1927
- if (!(defined( 'DOING_AJAX' ) && DOING_AJAX)) {
 
 
 
 
 
 
 
 
 
1928
  //@header("AJAX: No");
1929
  cleantalk_debug("AJAX", "No");
1930
  global $ct_comment;
@@ -1941,14 +1950,22 @@ function ct_contact_form_validate () {
1941
  echo $ct_result->comment;
1942
  die();
1943
  }
 
 
 
 
 
 
 
 
 
 
 
 
1944
  else
1945
  {
1946
  ct_die(null, null);
1947
  }
1948
- } else {
1949
- //@header("AJAX: Yes");
1950
- cleantalk_debug("AJAX", "Yes");
1951
- echo $ct_result->comment;
1952
  }
1953
  exit;
1954
  }
1919
 
1920
  $ct = $ct_base_call_result['ct'];
1921
  $ct_result = $ct_base_call_result['ct_result'];
1922
+
1923
  if ($ct_result->allow == 0) {
1924
  //@header("CtResult: Not Allow");
1925
  cleantalk_debug("CtResult", "Not Allow");
1926
 
1927
+ $ajax_call = false;
1928
+ if ((defined( 'DOING_AJAX' ) && DOING_AJAX)
1929
+ ) {
1930
+ $ajax_call = true;
1931
+ }
1932
+ if ($ajax_call) {
1933
+ //@header("AJAX: Yes");
1934
+ cleantalk_debug("AJAX", "Yes");
1935
+ echo $ct_result->comment;
1936
+ } else {
1937
  //@header("AJAX: No");
1938
  cleantalk_debug("AJAX", "No");
1939
  global $ct_comment;
1950
  echo $ct_result->comment;
1951
  die();
1952
  }
1953
+ //
1954
+ // Gravity forms submission
1955
+ //
1956
+ else if(isset($_POST['gform_submit']))
1957
+ {
1958
+ $response = sprintf("<!DOCTYPE html><html><head><meta charset='UTF-8' /></head><body class='GF_AJAX_POSTBACK'><div id='gform_confirmation_wrapper_1' class='gform_confirmation_wrapper '><div id='gform_confirmation_message_1' class='gform_confirmation_message_1
1959
+ gform_confirmation_message'>%s</div></div></body></html>",
1960
+ $ct_result->comment
1961
+ );
1962
+ echo $response;
1963
+ die();
1964
+ }
1965
  else
1966
  {
1967
  ct_die(null, null);
1968
  }
 
 
 
 
1969
  }
1970
  exit;
1971
  }
readme.txt CHANGED
@@ -1,9 +1,9 @@
1
  === Anti-Spam by CleanTalk - No Captcha, no comments & registrations spam ===
2
  Contributors: znaeff, shagimuratov, vlad-cleantalk
3
- Tags: anti-spam, antispam, bbpress, buddypress, captcha, cf7 spam, comments, contact form spam, signup, spam, spammers, spammy, woocommerce, wordpress spam, booking, order, subscription, gravity spam, jetpack, bots, contact form 7, contact form, registrations, ninja, Fast Secure Contact, Gravity forms, formidable, mailchimp, s2member, protection, protect, email, akismet, plugin, recaptcha, math, security, login, blacklist, prevent spam comments, wordpress, User Frontend, bulk delete, bulk remove, cloudflare, widget, review, auth forms, firewall, ddos, cleantalk, mailpoet, profile builder, comment spam, registration spam, spam comments, signup spam, filter, user registration spam,pingback,trackback,newsletter,puzzle,question,varnish
4
  Requires at least: 3.0
5
- Tested up to: 4.4.2
6
- Stable tag: 5.37.3
7
  License: GPLv2
8
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
 
@@ -12,14 +12,14 @@ Max power spam protection, all-in-one, premium anti-spam. No comments spam & reg
12
  == Description ==
13
  No CAPTCHA, no questions, no counting animals, no puzzles, no math and no spam bots.
14
 
15
- = Anti-spam features =
16
- 1. Stops spam comments.
17
- 1. Stops spam registrations.
18
- 1. Stops spam contact emails.
19
- 1. Stops spam orders.
20
- 1. Stops spam bookings.
21
- 1. Stops spam subscriptions.
22
- 1. Stops spam in widgets.
23
  1. Check existing comments for spam.
24
 
25
  = Public reviews =
@@ -39,7 +39,7 @@ Plugin is tested and ready to protect against spam emails via Formidable forms,
39
  Anti-spam by CleanTalk filters spam registrations and spam reviews for WooCommerce. Plugin is fully compatible with WooCommerce 2.1 and higher.
40
 
41
  = Newsletters filter =
42
- Anti-spam by CleanTalk filters spam subscriptions for MailPoet and many other newsletters plugins.
43
 
44
  = Spam filter for themes contact forms =
45
  Plugin blocks spam emails via any themes (built-in) contact forms. With AJAX forms plugin silently (without any error notices on WordPress frontend) filters spam emails.
@@ -62,8 +62,10 @@ With the help of anti-spam by CleanTalk you can check existing accounts to find
62
  = Low false/positive rate =
63
  This plugin uses multiple anti-spam tests to filter spam bots with as lower false/positive rate as possible. Multiple anti-spam tests avoid false/positive blocks for real website visitors even if one of the tests fail.
64
 
65
- = CleanTalk works faster than most of the other anti-spam plugins =
66
- It is common knowledge that the faster your site loads, the better your customer experience is, the higher your Pagerank will be, and the better your site will convert. Speed is becoming increasingly important in Search Engine Optimization, conversion and user experience. Today, site speed is one of the most important ranking factors on Google. A site that loads slowly will lose visitors and potential revenue.
 
 
67
 
68
  There are different ways of improving your site's loading performance. One important parameter for site performance is to install well-developed plugins from a reputable source.
69
 
@@ -83,26 +85,26 @@ The CleanTalk team has been developing cloud-based spam protection for 5 years a
83
  = Spam attacks log =
84
  Service CleanTalk (this plugin is a client application for CleanTalk anti-spam service) records all filtered comments, registration and other spam attacks in the "Log of spam attacks" and stores the data in the log for up to 45 days. Using the log, you can ensure reliable protection of your website from spam and no false/positive filtering.
85
 
86
- = Spam FireWall =
87
- CleanTalk has an advanced option "Spam FireWall". This option allows blocking the most active spam bots before they get access to your website. It prevents
88
  spam bots from loading website pages so your web server doesn't have to perform all scripts on these pages. Also it prevents scanning of pages of the
89
- website by spam bots. Therefore Spam FireWall significantly reduces the load on your web server.
90
- Spam FireWall also makes CleanTalk the two-step protection from spam bots.
91
- Spam FireWall is the first step and it blocks the most active spam bots.
92
  CleanTalk Anti-Spam is the second step and checks all other requests on the website in the moment of submitting comments/registers etc.
93
 
94
- = How Spam FireWall works? =
95
  * The visitor enters to your web site.
96
  * HTTP request data is checked against the nearly 5.8 million identified IP spam bots.
97
  * If it is an active spam bot, the bot gets a blank page, if it is a visitor then they receive the site page. This is completely transparent to the visitors.
98
 
99
- All the CleanTalk Spam FireWall activity is being logged in the process of filtering.
100
 
101
- = Spam FireWall DDoS Protection (Experimentally option) =
102
- Spam FireWall can mitigate HTTP/HTTPS DDoS attacks. When an intruder makes GET requests to attack your website, Spam FireWall blocks all requests from bad IP addresses. Your website gives the intruder a special page with description of DDoS rejection instead of the website pages. Therefore Spam FireWall can help to reduce CPU usage on your server.
103
 
104
  = XML-RPC brute force protection =
105
- Spam FireWall can mitigate XML-RPC brute force attacks. It blocks XML-RPC attacks from bad IP addresses. This helps to prevent bruteforce attacks by a Remote Procedure Call.
106
 
107
  = No spam comments, no spam registrations, no spam contact emails, no spam trackbacks. CAPTCHA-less anti-spam for WordPress =
108
  Spam is one of the most irritating elements. Rates for spam increases every year and conventional anti-spam can no longer handle all the spam bots. CleanTalk prevents and automatically blocks spam. You'll be surprised how effective CleanTalk is in protecting against spam.
@@ -159,7 +161,7 @@ Spam attacks log. Service CleanTalk records all filtered comments, registration
159
 
160
  With the help of anti-spam by CleanTalk you can check existing comments and users, to find and quickly delete spam comments at once. This allows administrators of websites to automatically check and identify spam bots, comments and users, which were not detected by conventional anti-spam tools. Checking existing comments and users is made against a database of the nearly 2 million certain spam bots. Detailed statistic allows CleanTalk customers to control the whole process.
161
 
162
- CleanTalk has an advanced option “Spam FireWall”. This option allows you to block the most active spam bots before they get access to your website. It prevents website pages loading when attempted by by spam bots, so your web server doesn’t perform unnecessary scripts on these pages. Also it prevents scanning of website pages by spam bots. Subsequently Spam FireWall significantly reduces the load on your web server. Spam FireWall can mitigate HTTP/HTTPS DDoS attacks. When an intruder makes GET requests to attack your website, Spam FireWall will block requests from bad IP addresses. Your website gives the intruder a special page with a description of DDoS rejection instead of the website pages. Spam FireWall can help to reduce of CPU usage on your server for this reason.
163
 
164
  “CleanTalk team has been developing a cloud spam protection system for five years and has created a truly reliable anti-spam service designed for you to guarantee your safety”.
165
 
@@ -316,8 +318,8 @@ Yes, you can. Add in your wp-config.php file, before defining database constants
316
 
317
  Now all fields in your submissions with keys named 'key1', 'key2' or 'key3' will be excluded from spam checking.
318
 
319
- = How to test Spam FireWall? =
320
- Use special IP 10.10.10.10 in URL to test Spam FireWall. For example,
321
 
322
  https://cleantalk.org/blog/?sfw_test_ip=10.10.10.10
323
 
@@ -331,12 +333,12 @@ Now, all subsites will have this access key.
331
  = Why CleanTalk is faster and more reliable than stand-alone solutions? =
332
  All anti-spam checks are held in the cloud and aren't loading the web server. The cloud solutions have a huge advantage since the parameters are compared with information from more 100,000 websites.
333
 
334
- = I see in logs a lot of blocked messages with reason "Forbidden. Please enable JavaScript. Spam sender name." =
335
  A lot of spam bots can't perform JavaScript code, so it is one of the important checks and most of the spam bots will be blocked with reason "Forbidden. Please enable JavaScript. Spam sender name." All browsers can perform JS code, so real visitors won't be blocked.
336
 
337
- If you think that message was blocked wrong, let us know about it.
338
 
339
- If you or someone from your visitors have error "Forbidden. Enable JavaScript." please check JavaScript support in your browser and do JavaScript test at this page <a href="https://cleantalk.org/checkout-javascript-support">Check out JavaScript support</a>.
340
 
341
  = Does the plugin work with Varnish? =
342
  CleanTalk works with Varnish, it protects WordPress against spam, but by default the plugin generates a few cookies that uses to protect against spam bots it disables Varnish cache on pages with CleanTalk's cookies. To resolve issue with cache turn off option 'Set cookies' in plugin settings.
@@ -345,6 +347,9 @@ CleanTalk works with Varnish, it protects WordPress against spam, but by default
345
 
346
  In that way plugin will protect WordPress comments, registrations and most of popular contact forms, but will not protect some of rarely used contact forms.
347
 
 
 
 
348
  == Other notes ==
349
 
350
  = Troubleshooting Guide =
@@ -424,6 +429,16 @@ We develop plugin to do it as optimized as possible, CleanTalk doesn't downgrade
424
  = Some thoughts about CAPTCHA =
425
  186 The annoying picture with curved and sloping symbols, which are offered to the visitor to fill in. It is supposed that spam bots won’t discern these symbols, but a visitor will. CAPTCHA provokes great irritation, but if one wants to speak out, he has to fill in these symbols time after time, making mistakes and starting once again. At the sight of CAPTCHA and after input errors, many visitors leave the resource. Thus, CAPTCHA helps to protect the resource from visitors. Spam bots can automatically recognize Captcha. Spam bots can not pass through the anti-spam CleanTalk, complex invisible checks can immediately detect spam bots.
426
 
 
 
 
 
 
 
 
 
 
 
427
  = Requirements =
428
  WordPress 3.0 at least. PHP 5 with CURL or file_get_contents() function and enabled 'allow_url_fopen' setting. <a href="http://cleantalk.org/register?platform=wordpress">Sign up</a> to get an Access key.
429
 
@@ -435,6 +450,12 @@ WordPress 3.0 at least. PHP 5 with CURL or file_get_contents() function and enab
435
  1. CleanTalk works faster than most of other anti-spam plugins.
436
 
437
  == Changelog ==
 
 
 
 
 
 
438
  = 5.37.3 2016-03-10 =
439
  * Fixed bug with broken MailPoet previews.
440
  * Fixed bug with broken Geo My WP pop-up windows.
@@ -442,10 +463,11 @@ WordPress 3.0 at least. PHP 5 with CURL or file_get_contents() function and enab
442
  * Removed double JavaScript code in front-end.
443
  * Removed unused variables in anti spam logic.
444
  * Added option 'Set cookies' (turned on by default). If the option turned off, the plugin will not generate cookies, but in this case plugin will not protect some rarely used contact forms. Any way, turn this option off be compatible with Varnish in spam protection for WordPress core comments, registrations and most popular contact forms.
445
- * Added spam protection for Gravity forms via option 'Contact forms' with hook gform_entry_is_spam().
446
 
447
  = 5.36.1 2016-02-05 =
448
  * Fixed bug, when users receive error after logging in
 
449
 
450
  = 5.36 2016-02-04 =
451
  * Improved JavaScript anti spam protection
@@ -474,7 +496,7 @@ WordPress 3.0 at least. PHP 5 with CURL or file_get_contents() function and enab
474
 
475
  = 5.33 2015-12-01 =
476
  * Backend interface fixes
477
- * Improved Spam FireWall efficiency
478
  * Improved performance of anti spam checking
479
 
480
  = 5.32 2015-11-26 =
@@ -487,7 +509,7 @@ WordPress 3.0 at least. PHP 5 with CURL or file_get_contents() function and enab
487
  = 5.31 2015-11-11 =
488
  * Improved backend performance
489
  * Fixed counter of approved/blocked spam attacks
490
- * Fixed Spam FireWall logging
491
 
492
  = 5.30 2015-11-05 =
493
  * Improved anti-spam checking
@@ -511,14 +533,14 @@ WordPress 3.0 at least. PHP 5 with CURL or file_get_contents() function and enab
511
  * Fixed problems with AJAX functionality in MailPoet, WooCommerce and other AJAX plugins
512
 
513
  = 5.27 2015-10-13 =
514
- * Improvements in Spam FireWall feature
515
  * Code optimization
516
  * Backend interface fixes
517
 
518
  = 5.26 2015-10-05 =
519
  * Added WordPress Language Pack support
520
  * Removed spam checking for some autorisation plugins
521
- * New experimental feature: Spam FireWall
522
 
523
  = 5.25.2 2015-09-28 =
524
  * Fixed backend bug
@@ -677,8 +699,316 @@ WordPress 3.0 at least. PHP 5 with CURL or file_get_contents() function and enab
677
  * New API key URL.
678
  * Trimmed API key in admin panel.
679
  * Added current options to array sended to CleanTalk servers.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
680
 
681
  == Upgrade Notice ==
 
 
 
 
 
 
682
  = 5.37.3 2016-03-10 =
683
  * Minor bug fixes. Added an option to support Varnish cache.
684
 
@@ -712,7 +1042,7 @@ WordPress 3.0 at least. PHP 5 with CURL or file_get_contents() function and enab
712
 
713
  = 5.33 2015-12-01 =
714
  * Backend interface fixes
715
- * Improved Spam FireWall efficiency
716
  * Improved performance of anti spam checking
717
 
718
  = 5.32 2015-11-26 =
@@ -748,14 +1078,14 @@ WordPress 3.0 at least. PHP 5 with CURL or file_get_contents() function and enab
748
  * Fixed problems with AJAX functionality in MailPoet, WooCommerce and other AJAX plugins
749
 
750
  = 5.27 2015-10-13 =
751
- * Improvements in Spam FireWall feature
752
  * Code optimization
753
  * Backend interface fixes
754
 
755
  = 5.26 2015-10-05 =
756
  * Added WordPress Language Pack support
757
  * Removed spam checking for some autorisation plugins
758
- * New experimental feature: Spam FireWall
759
 
760
  = 5.25.2 2015-09-28 =
761
  * Fixed backend bug
@@ -901,3 +1231,185 @@ Support of Contact Form 7 versions before 3.0.0, fixed global JS-vars and online
901
 
902
  = 4.14 2015-01-19 =
903
  Removed deprecated option from comment approvement code.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
  === Anti-Spam by CleanTalk - No Captcha, no comments & registrations spam ===
2
  Contributors: znaeff, shagimuratov, vlad-cleantalk
3
+ Tags: anti-spam, antispam, bbpress, buddypress, captcha, capcha, captha, catcha, cf7 spam, comments, contact form spam, signup, spam, spammers, spammy, woocommerce, wordpress spam, booking, order, subscription, gravity spam, jetpack, bots, contact form 7, contact form, registrations, ninja, Fast Secure Contact, Gravity forms, formidable, mailchimp, s2member, protection, protect, email, akismet, plugin, contact, recaptcha, google captcha, google recaptcha, math, security, login, blacklist, prevent spam comments, wordpress, User Frontend, bulk delete, bulk remove, cloudflare, widget, review, auth forms, firewall, ddos, cleantalk, mailpoet, profile builder, comment spam, registration spam, spam comments, comment moderation, spam bots, block spam, signup spam, spam blocker, spam filter, user registration spam,pingback,trackback, spam trackbacks, anti-spam plugin, varnish, amp, spam free
4
  Requires at least: 3.0
5
+ Tested up to: 4.5
6
+ Stable tag: 5.38.1
7
  License: GPLv2
8
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
 
12
  == Description ==
13
  No CAPTCHA, no questions, no counting animals, no puzzles, no math and no spam bots.
14
 
15
+ = Anti-Spam Protection =
16
+ 1. Comments.
17
+ 1. Registrations.
18
+ 1. Contact emails.
19
+ 1. Orders.
20
+ 1. Bookings.
21
+ 1. Subscriptions.
22
+ 1. Widgets.
23
  1. Check existing comments for spam.
24
 
25
  = Public reviews =
39
  Anti-spam by CleanTalk filters spam registrations and spam reviews for WooCommerce. Plugin is fully compatible with WooCommerce 2.1 and higher.
40
 
41
  = Newsletters filter =
42
+ Anti-spam by CleanTalk filters spam subscriptions for MailPoet, MailChimp, PopupAlly and many other newsletters plugins.
43
 
44
  = Spam filter for themes contact forms =
45
  Plugin blocks spam emails via any themes (built-in) contact forms. With AJAX forms plugin silently (without any error notices on WordPress frontend) filters spam emails.
62
  = Low false/positive rate =
63
  This plugin uses multiple anti-spam tests to filter spam bots with as lower false/positive rate as possible. Multiple anti-spam tests avoid false/positive blocks for real website visitors even if one of the tests fail.
64
 
65
+ = How CleanTalk improves SEO for your website? =
66
+ So, you already know that the speed of the site has a direct impact on SEO.
67
+
68
+ *CleanTalk works faster than most of the other anti-spam plugins.* It is common knowledge that the faster your site loads, the better your customer experience is, the better your SEO will be, and the better your site will convert. Speed is becoming increasingly important in SEO, conversion and user experience. Today, site speed is one of the most important ranking factors on Google. A site that loads slowly will lose visitors and potential revenue.
69
 
70
  There are different ways of improving your site's loading performance. One important parameter for site performance is to install well-developed plugins from a reputable source.
71
 
85
  = Spam attacks log =
86
  Service CleanTalk (this plugin is a client application for CleanTalk anti-spam service) records all filtered comments, registration and other spam attacks in the "Log of spam attacks" and stores the data in the log for up to 45 days. Using the log, you can ensure reliable protection of your website from spam and no false/positive filtering.
87
 
88
+ = SpamFireWall =
89
+ CleanTalk has an advanced option "SpamFireWall". This option allows blocking the most active spam bots before they get access to your website. It prevents
90
  spam bots from loading website pages so your web server doesn't have to perform all scripts on these pages. Also it prevents scanning of pages of the
91
+ website by spam bots. Therefore SpamFireWall significantly reduces the load on your web server.
92
+ SpamFireWall also makes CleanTalk the two-step protection from spam bots.
93
+ SpamFireWall is the first step and it blocks the most active spam bots.
94
  CleanTalk Anti-Spam is the second step and checks all other requests on the website in the moment of submitting comments/registers etc.
95
 
96
+ = How SpamFireWall works? =
97
  * The visitor enters to your web site.
98
  * HTTP request data is checked against the nearly 5.8 million identified IP spam bots.
99
  * If it is an active spam bot, the bot gets a blank page, if it is a visitor then they receive the site page. This is completely transparent to the visitors.
100
 
101
+ All the CleanTalk SpamFireWall activity is being logged in the process of filtering.
102
 
103
+ = SpamFireWall DDoS Protection (Experimentally option) =
104
+ SpamFireWall can mitigate HTTP/HTTPS DDoS attacks. When an intruder makes GET requests to attack your website, SpamFireWall blocks all requests from bad IP addresses. Your website gives the intruder a special page with description of DDoS rejection instead of the website pages. Therefore SpamFireWall can help to reduce CPU usage on your server.
105
 
106
  = XML-RPC brute force protection =
107
+ SpamFireWall can mitigate XML-RPC brute force attacks. It blocks XML-RPC attacks from bad IP addresses. This helps to prevent bruteforce attacks by a Remote Procedure Call.
108
 
109
  = No spam comments, no spam registrations, no spam contact emails, no spam trackbacks. CAPTCHA-less anti-spam for WordPress =
110
  Spam is one of the most irritating elements. Rates for spam increases every year and conventional anti-spam can no longer handle all the spam bots. CleanTalk prevents and automatically blocks spam. You'll be surprised how effective CleanTalk is in protecting against spam.
161
 
162
  With the help of anti-spam by CleanTalk you can check existing comments and users, to find and quickly delete spam comments at once. This allows administrators of websites to automatically check and identify spam bots, comments and users, which were not detected by conventional anti-spam tools. Checking existing comments and users is made against a database of the nearly 2 million certain spam bots. Detailed statistic allows CleanTalk customers to control the whole process.
163
 
164
+ CleanTalk has an advanced option “SpamFireWall”. This option allows you to block the most active spam bots before they get access to your website. It prevents website pages loading when attempted by by spam bots, so your web server doesn’t perform unnecessary scripts on these pages. Also it prevents scanning of website pages by spam bots. Subsequently SpamFireWall significantly reduces the load on your web server. SpamFireWall can mitigate HTTP/HTTPS DDoS attacks. When an intruder makes GET requests to attack your website, SpamFireWall will block requests from bad IP addresses. Your website gives the intruder a special page with a description of DDoS rejection instead of the website pages. SpamFireWall can help to reduce of CPU usage on your server for this reason.
165
 
166
  “CleanTalk team has been developing a cloud spam protection system for five years and has created a truly reliable anti-spam service designed for you to guarantee your safety”.
167
 
318
 
319
  Now all fields in your submissions with keys named 'key1', 'key2' or 'key3' will be excluded from spam checking.
320
 
321
+ = How to test SpamFireWall? =
322
+ Use special IP 10.10.10.10 in URL to test SpamFireWall. For example,
323
 
324
  https://cleantalk.org/blog/?sfw_test_ip=10.10.10.10
325
 
333
  = Why CleanTalk is faster and more reliable than stand-alone solutions? =
334
  All anti-spam checks are held in the cloud and aren't loading the web server. The cloud solutions have a huge advantage since the parameters are compared with information from more 100,000 websites.
335
 
336
+ = I see in logs a lot of blocked messages with reason "Forbidden. Please enable JavaScript. Spam sender name." =
337
  A lot of spam bots can't perform JavaScript code, so it is one of the important checks and most of the spam bots will be blocked with reason "Forbidden. Please enable JavaScript. Spam sender name." All browsers can perform JS code, so real visitors won't be blocked.
338
 
339
+ If you or someone from your visitors have error "Forbidden. Enable JavaScript." please check JavaScript support in your browser and do JavaScript test at this page https://cleantalk.org/checkout-javascript-support.
340
 
341
+ If you think that message was blocked wrong, let us know about it. Please submit a support request here https://cleantalk.org/my/support.
342
 
343
  = Does the plugin work with Varnish? =
344
  CleanTalk works with Varnish, it protects WordPress against spam, but by default the plugin generates a few cookies that uses to protect against spam bots it disables Varnish cache on pages with CleanTalk's cookies. To resolve issue with cache turn off option 'Set cookies' in plugin settings.
347
 
348
  In that way plugin will protect WordPress comments, registrations and most of popular contact forms, but will not protect some of rarely used contact forms.
349
 
350
+ = Does the anti-spam plugin work with Accelerated Mobile Pages (AMP)? =
351
+ Yes, it does. But you have to turn off the option 'Use AJAX for JavaScript check' in Advanced settigns to be fully compatible with Accelerated Mobile Pages.
352
+
353
  == Other notes ==
354
 
355
  = Troubleshooting Guide =
429
  = Some thoughts about CAPTCHA =
430
  186 The annoying picture with curved and sloping symbols, which are offered to the visitor to fill in. It is supposed that spam bots won’t discern these symbols, but a visitor will. CAPTCHA provokes great irritation, but if one wants to speak out, he has to fill in these symbols time after time, making mistakes and starting once again. At the sight of CAPTCHA and after input errors, many visitors leave the resource. Thus, CAPTCHA helps to protect the resource from visitors. Spam bots can automatically recognize Captcha. Spam bots can not pass through the anti-spam CleanTalk, complex invisible checks can immediately detect spam bots.
431
 
432
+ = Translations =
433
+ * Danish (da_DK)
434
+ * French (fr_FR) - thanks to Gilles Santacreu <a href="http://net-ik.net">http://net-ik.net</a>
435
+ * German (de_DE)
436
+ * Italian (it_IT)
437
+ * Polish (pl_PL)
438
+ * Portuguese (pt_PT)
439
+ * Spanish (es_ES) - thanks to Andrew Kurtis and <a href="http://www.webhostinghub.com/index-c.html">WebHostingHub</a>
440
+ * Russian (ru_RU)
441
+
442
  = Requirements =
443
  WordPress 3.0 at least. PHP 5 with CURL or file_get_contents() function and enabled 'allow_url_fopen' setting. <a href="http://cleantalk.org/register?platform=wordpress">Sign up</a> to get an Access key.
444
 
450
  1. CleanTalk works faster than most of other anti-spam plugins.
451
 
452
  == Changelog ==
453
+ = 5.38.1 2016-03-24 =
454
+ * Fixed issue with PHP sessions and 'The session id is too long or contains illegal characters'.
455
+ * Removed SpamFireWall protection on /feed page.
456
+ * Disabled anti-spam tests for AJAX calls if the option 'Custom contact forms' is turned off.
457
+ * Added reject notice for spam submissions on Gravity forms with AJAX calls.
458
+
459
  = 5.37.3 2016-03-10 =
460
  * Fixed bug with broken MailPoet previews.
461
  * Fixed bug with broken Geo My WP pop-up windows.
463
  * Removed double JavaScript code in front-end.
464
  * Removed unused variables in anti spam logic.
465
  * Added option 'Set cookies' (turned on by default). If the option turned off, the plugin will not generate cookies, but in this case plugin will not protect some rarely used contact forms. Any way, turn this option off be compatible with Varnish in spam protection for WordPress core comments, registrations and most popular contact forms.
466
+ * Added anti-spam protection for Gravity forms via option 'Contact forms' with hook gform_entry_is_spam().
467
 
468
  = 5.36.1 2016-02-05 =
469
  * Fixed bug, when users receive error after logging in
470
+ * Improve anti-spam filters for contact forms.
471
 
472
  = 5.36 2016-02-04 =
473
  * Improved JavaScript anti spam protection
496
 
497
  = 5.33 2015-12-01 =
498
  * Backend interface fixes
499
+ * Improved SpamFireWall efficiency
500
  * Improved performance of anti spam checking
501
 
502
  = 5.32 2015-11-26 =
509
  = 5.31 2015-11-11 =
510
  * Improved backend performance
511
  * Fixed counter of approved/blocked spam attacks
512
+ * Fixed SpamFireWall logging
513
 
514
  = 5.30 2015-11-05 =
515
  * Improved anti-spam checking
533
  * Fixed problems with AJAX functionality in MailPoet, WooCommerce and other AJAX plugins
534
 
535
  = 5.27 2015-10-13 =
536
+ * Improvements in SpamFireWall feature
537
  * Code optimization
538
  * Backend interface fixes
539
 
540
  = 5.26 2015-10-05 =
541
  * Added WordPress Language Pack support
542
  * Removed spam checking for some autorisation plugins
543
+ * New experimental feature: SpamFireWall
544
 
545
  = 5.25.2 2015-09-28 =
546
  * Fixed backend bug
699
  * New API key URL.
700
  * Trimmed API key in admin panel.
701
  * Added current options to array sended to CleanTalk servers.
702
+ = 4.13 2014-12-29 =
703
+ * Fixed bug with autimatically aprovement not spam comments. Now this option disabled and do not override local WordPress policy.
704
+
705
+ = 4.12 2014-12-29 =
706
+ * Fixed bug with 'Wrong Access key...' notice in WordPress dashboard.
707
+ * Fixed filtration bug in WordPress dashboard login form.
708
+
709
+ = 4.11 2014-12-22 =
710
+ * Improved anti-spam protection for custom contact/registration/subscribe forms.
711
+ * Improved anti-spam protection for comments.
712
+ * Accelerated plugin speed for comments, regirstrations and contacts.
713
+ * Added translation to French.
714
+
715
+ = 4.10 2014-12-10 =
716
+ * Improved anti-spam protection for custom contact/registration/subscribe forms.
717
+ * Option 'Custom contact forms' enabled by default for new setups.
718
+ * Removed settings "Publish relevant comments", "Use encrypted (SSL) connection".
719
+ * Added translation to Danish (thank you for Mikkel at KreativJul.dk).
720
+
721
+ = 4.9 2014-11-24 =
722
+ * Fixed spam test for Contact Form 7.
723
+
724
+ = 4.8 2014-11-19 =
725
+ * Improved anti-spam protection for BuddyPress registrations and custom contact forms.
726
+
727
+ = 4.7 2014-11-16 =
728
+ * Fixed JavaScript spam test for FastSecure contact form.
729
+
730
+ = 4.6 2014-11-11 =
731
+ * Improved anti-spam protection on BuddyPress registrations.
732
+ * Improved anti-spam protection on contact forms.
733
+ * Removed plugin sign from pending, spam comments. To get details about a comment please use Dashboard at cleantalk.org.
734
+ * Improved Access key validation function.
735
+ * Added protection for bbPress comments via stop list. Stop list function is a list to reject comments by prefiled words. To fill the list please use Dashboard at cleantalk.org.
736
+
737
+ = 4.5 2014-11-04 =
738
+ * Fixed CF7 JavaScript bug.
739
+ * Fixed rejects in bbPress guests comments.
740
+
741
+ = 4.4 2014-10-29 =
742
+ * Improved anti-spam JS test for CF7.
743
+ * Fixed 'noscript' text in FaceBook Like preview in Valenti theme.
744
+
745
+ = 4.2 2014-10-20 =
746
+ * Fixed double checks issue for BuddyPress registrations.
747
+ * Increased timeout limits to find the work server.
748
+
749
+ = 4.1 2014-10-13 =
750
+ * Optimized code for manual moderation feedback sending.
751
+ * Optimized anti-spam algorithms for comments, contacts and signups.
752
+
753
+ = 4.0 2014-10-06 =
754
+ * Improved anti-spam protection for custom contact forms.
755
+ * Improved anti-spam protection for registration forms.
756
+
757
+ = 3.9 2014-10-01 =
758
+ * Did exception to do not break to create new user in WordPress backend.
759
+
760
+ = 3.8 2014-09-19 =
761
+ * Fixed json_encode() + malformed characters.
762
+ * Fixed JavaScript issue with wpautop().
763
+
764
+ = 3.6 2014-09-15 =
765
+ * Fixed preg_match() issue for Formidable forms and Custom contact forms.
766
+ * Improved anti-spam protection for Custom contact forms.
767
+
768
+ = 3.4 2014-09-04 =
769
+ * We've added anti-spam for themes contact forms and any untested contact forms plugins. To use this test enable option "Custom contact forms" in plugin settings.
770
+ * We've added auto rotation for spam comments. Now the plugin removes comments in SPAM folder older then 15 days. This option is enabled by default.
771
+
772
+ = 3.2 2014-08-27 =
773
+ * Fixed submit_time() logic for failed submits (comments/registrations). Now form fill time resets after every failed submit.
774
+
775
+ = 3.1 2014-08-19 =
776
+ * Added anti-spam test over senders Cookies.
777
+ * Improved form fill anti-spam test.
778
+ * Improved speed selection of the nearest server to website.
779
+ * Improved anti-spam speed for comments.
780
+ * Relevance anti-spam test disabled by default. To enable test should be used option 'relevance_test'.
781
+
782
+ = 2.58 2014-08-06 =
783
+ * Added anti-spam protection for signups posted via WooCommerce order form.
784
+ * Improved anti-spam protection for Contact Form 7.
785
+ * Improved anti-spam protection for registrations. Now the plugin looking for JavaScript anti spam test results not only in POST array, but in COOKIES array too. This improvement allows protect signup forms for any untested signups plugins and themes.
786
+ * Updated PHP API. Now the plugin can resolve sender IP for websites behind proxy servers. If the proxy servers uses private IP address.
787
+
788
+ = 2.57 2014-07-29 =
789
+ * Improved anti-spam protection for comments. The plugin now proccessing website url in the comments form.
790
+ * Fixed sign remove logic for approved comments. Previous version doesn't cut sign for comments approved via AJAX call in WordPress backend.
791
+ * Fixed switching to SSL for comments. Previous version doesn't use secured connection for comments.
792
+
793
+ = 2.56 2014-07-21 =
794
+ * Fixed account status check logic. Previous version makes unnecessary test API calls when the plugin asks account status check.
795
+
796
+ = 2.55 2014-07-11 =
797
+ * Fixed bug with account status function. In backend the plugin showed notice 'Please don’t forget to disable CAPTCHA if you have it!' on every page.
798
+
799
+ = 2.54 2014-07-11 =
800
+ * Fixed signup anti-spam protection logic for BuddyPress registrations.
801
+ * Fixed anti-spam protection for JetPack contact form.
802
+ * Changed account status check logic.
803
+
804
+ = 2.53 2014-06-27 =
805
+ * Fixed anit-spam protection bug for signups.
806
+ * Changed anti-spam functions (comments and signups) priority.
807
+
808
+ = 2.52 2014-06-25 =
809
+ * Fixed 'Fatal error: Call to a member function get_error_code()' issue with signups via BuddyPress.
810
+
811
+ = 2.51 2014-06-23 =
812
+ * Added spam protection for registrations via plugin New User Approve by Josh Harrison. If the CleanTalk matched signup as spam this signup will be denied to placing in pending queue.
813
+ * Added option "Use secure (SSL) connection to CleanTalk cloud". If the option enabled plugin will communicate with CleanTalk severs via 128bit encrypted data channel. So, if you have SSL protected webforms on website you can use this option to be sure that visitors personal data safely transmits to CleanTalk servers.
814
+ * Fixed minor bug with loading backend functions.
815
+
816
+ = 2.49 2014-06-10 =
817
+ * Added spam protection for S2Member Auth.net forms.
818
+ * Added spam protection for multisite signup form.
819
+ * Optimized account status check function.
820
+
821
+ = 2.46 2014-05-19 =
822
+ * Added: HTML notice about the need to enable JavaScript.
823
+ * Fixed: Fixed pingbacks anti-spam test.
824
+
825
+ = 2.44 2014-05-12 =
826
+ * Added: Anti-spam protection for S2Member framework.
827
+ * Improved: JavaScript anti-spam test.
828
+ * Improved: Plugin load time for backend and frontend.
829
+ * Fixed: PHP warning mb_convert_encoding()
830
+
831
+ = 2.42 2014-04-29 =
832
+ * Fixed: JavaScript anti-spam test for comments.
833
+
834
+ = 2.40 2014-04-25 =
835
+ * New: Fast Secure Contact form support.
836
+ * New: WordPress Landing Pages support
837
+
838
+ = 2.38 2014-03-27 =
839
+ * Fixed: Registraion form submit time spam test.
840
+
841
+ = 2.36 2014-03-12 =
842
+ * Reversed to patches from old revisions.
843
+
844
+ = 2.35 2014-03-12 =
845
+ * New: Notifications about disabled account
846
+ * New: Improved JavaScript spam test.
847
+ * Fixed: Code optimization
848
+ * Fixed: JavaScript test for signups.
849
+
850
+ = 2.33 2014-02-12 =
851
+ * Fixed: CURLOPT_FOLLOWLOCATION bug at admin notice
852
+
853
+ = 2.32 2014-02-04 =
854
+ * New: Added notice about automatically approved comment. The notice shows only for first approved comment and only for new commentators (without approved comments) of the blog.
855
+ * New: At WordPress console added banner for notices.
856
+ * Changed: Screenshots updated.
857
+
858
+ = 2.31 2014-01-24 =
859
+ * New: Added spam protection for JetPack comments
860
+ * Fixed: cURL connection issue "Expect: 100-continue"
861
+
862
+ = 2.30 2014-01-13 =
863
+ * Changed: Improved servers connection logic.
864
+ * Fixed: Antispam test for Fomidable forms.
865
+
866
+ = 2.28 2013-12-19 =
867
+ * New: Added protection against spam bots for WooCommerce review form.
868
+ * Fixed: JavaScript anti-spam logic for WooCommerce review form.
869
+
870
+ = 2.27 2013-12-06 =
871
+ * New: Added protection against spam bots for JetPack Contact form.
872
+ * Fixed: JavaScript anti-spam logic for registrations and Contact form 7.
873
+
874
+ = 2.25 2013-11-27 =
875
+ * New: Added protection against spam bots for BuddyPress registrations.
876
+ * New: Added protection against spam bots for Contact form 7.
877
+ * New: Added Spanish (es_ES) translation.
878
+
879
+ = 2.23 2013-11-20 =
880
+ * New: Added automatic training blacklists on spam bot account deletion.
881
+ * New: Added URL to project homepage at plugin options.
882
+ * Changed: Improved anti-spam logic.
883
+
884
+ = 2.21 2013-11-13 =
885
+ * Changed: WordPress blacklists settings get priority over plugin's anti-spam settings
886
+ * Changed: Disabled management approval comments for regular commentators of the blog. Automatically approved for publication only the comments of the new blog authors.
887
+ * Changed: Removed form submit time test. Imporved JavaScript spam test.
888
+ * Changed: PHP code optimizations
889
+
890
+ = 2.19 2013-11-08 =
891
+ * New: Antispam protection from spam bots at the registration form
892
+ * Changed: Russian localization for admin panel
893
+ * Changed: PHP code optimizations
894
+
895
+ = 2.5.18 2013-11-01 =
896
+ * Fixed: Bug with selection of the last comments for post
897
+ * New: Antispam protection for Formiadble feedback forms
898
+ * New: Automatic deletion of outdated spam comments
899
+ * New: On/Off option for comments spam filtration
900
+ * Tested with WordPress 3.7.1
901
+
902
+ = 2.4.15 2013-09-26 =
903
+ * Fixed: Bug with mass comments deletion
904
+ * Changed: Russian localization for admin panel
905
+ * Tested with mulitsite setup (WordPress network or WPMU)
906
+
907
+ = 2.4.14 2013-08-29 =
908
+ * Changed: Removed feedback requests to the servers for banned (spam) comments.
909
+
910
+ = 2.4.13 2013-08-19 =
911
+ * Changed: Switched HTTP requests from file_get_contents() to CURL. Added file_get_contens() as backup connection to the servers.
912
+ * Changed: Removed feedback requests for comments moved to trash.
913
+ * Fixed: "Fail connect to servers..." error on hostings with disabled 'allow_url_fopen' PHP option.
914
+
915
+ = 2.4.12 2013-08-12 =
916
+ * Removed RPC::XML library from plugin.
917
+ * Switched plugin to HTTP+JSON connection with servers.
918
+ * Fixed bug with comments anti-spam tests with non UTF8 codepage.
919
+
920
+ = 2.4.11 2013-08-02 =
921
+ * Removed spam tests for self-made pingbacks
922
+ * Tested up to WP 3.6
923
+
924
+ = 2.4.10 2013-07-24 =
925
+ * Fixed warning in PHP 5.4
926
+ * Fixed bug with disabling comments test for Administrators, Authors and Editors
927
+ * "Stop words" settings moved to <a href="http://cleantalk.org/my">Control panel</a> of the service
928
+ * "Response language" settings moved <a href="http://cleantalk.org/my">Control panel</a> of the service
929
+
930
+ = 2.4.9 =
931
+ * Fixed extra debugging in base class
932
+
933
+ = 2.4.8 =
934
+ * Enabled convertion to UTF8 for comment and example text
935
+ * Optimized PHP code
936
+
937
+ = 2.3.8 =
938
+ * Enabled selection the fastest server in the pool
939
+ * Fixed work server in plugin's config
940
+
941
+ = 2.2.3 =
942
+ * Secured md5 string for JavaScript test
943
+ * Added requests's timestamp to calculate request work time
944
+ * Update base CleanTalk's PHP class
945
+
946
+ = 2.1.2 =
947
+ * Improved perfomance for processing large comments (over 32kb size)
948
+ * Improved perfomance for bulk operations with comments in Comments panel
949
+ * Added feedback request with URL to approved comment
950
+
951
+ = 2.0.2 =
952
+ * Fixed bug with JavaScript test and WordPress cache plugins
953
+
954
+ = 2.0.1 =
955
+ * Added option "Publicate relevant comments" to plugin's options.
956
+ * Added descriptions to plugin options
957
+
958
+ = 1.5.4 =
959
+ * Fixed HTTP_REFERER transmission to the servers
960
+ * Improved JavaScript spam test
961
+ * Optimized PHP code
962
+
963
+ = 1.4.4 =
964
+ * Pingback, trackback comments has moved to manual moderataion
965
+ * Added transmission to the serves comment type and URL
966
+ * Post title, body and comments separated into individual data elements
967
+ * Added priority for matched words in the comment with post title
968
+ * Enabled stop words filtration as default option
969
+
970
+ = 1.3.4 =
971
+ * Removed PHP debugging.
972
+
973
+ = 1.3.3 =
974
+ * Added notice at admin panel about empty Access key in plugin settings
975
+ * Removed HTTP link to the site project from post page
976
+ * Removed unused options from settings page
977
+ * Tested up to WordPress 3.5
978
+
979
+ = 1.2.3 =
980
+ * Fixed bug with session_start.
981
+
982
+ = 1.2.2 =
983
+ * Plugin rename to CleanTalk. Spam prevent plugin
984
+ * Integration Base Class version 0.7
985
+ * Added fast submit check
986
+ * Added check website in form
987
+ * Added feedbacks for change comment status (Not spam, unapprove)
988
+ * Added function move comment in spam folder if CleanTalk say is spam
989
+ * Disable checking for user groups Administrator, Author, Editor
990
+ * Marked red color bad words
991
+
992
+ = 1.1.2 =
993
+ * Addition: Title of the post attached to the example text in auto publication tool.
994
+ * Tested with WordPress 3.4.1.
995
+
996
+ = 1.1.1 =
997
+ * HTTP_REFERER bug fixed
998
+
999
+ = 1.1.1 =
1000
+ * Added user locale support, tested up to WP 3.4
1001
+
1002
+ = 1.1.0 =
1003
+ * First version
1004
 
1005
  == Upgrade Notice ==
1006
+ = 5.38.1 2016-03-24 =
1007
+ * Fixed issue with PHP sessions and 'The session id is too long or contains illegal characters'.
1008
+ * Removed SpamFireWall protection on /feed page.
1009
+ * Disabled anti-spam tests for AJAX calls if the option 'Custom contact forms' is turned off.
1010
+ * Added reject notice for spam submissions on Gravity forms with AJAX calls.
1011
+
1012
  = 5.37.3 2016-03-10 =
1013
  * Minor bug fixes. Added an option to support Varnish cache.
1014
 
1042
 
1043
  = 5.33 2015-12-01 =
1044
  * Backend interface fixes
1045
+ * Improved SpamFireWall efficiency
1046
  * Improved performance of anti spam checking
1047
 
1048
  = 5.32 2015-11-26 =
1078
  * Fixed problems with AJAX functionality in MailPoet, WooCommerce and other AJAX plugins
1079
 
1080
  = 5.27 2015-10-13 =
1081
+ * Improvements in SpamFireWall feature
1082
  * Code optimization
1083
  * Backend interface fixes
1084
 
1085
  = 5.26 2015-10-05 =
1086
  * Added WordPress Language Pack support
1087
  * Removed spam checking for some autorisation plugins
1088
+ * New experimental feature: SpamFireWall
1089
 
1090
  = 5.25.2 2015-09-28 =
1091
  * Fixed backend bug
1231
 
1232
  = 4.14 2015-01-19 =
1233
  Removed deprecated option from comment approvement code.
1234
+
1235
+ = 4.13 2014-12-29 =
1236
+ Not spam comments auto approvement bug fix.
1237
+
1238
+ = 4.12 2014-12-29 =
1239
+ Plugin backend minfor bug fixes.
1240
+
1241
+ = 4.11 2014-12-22 =
1242
+ Major changes in spam protection algorithms.
1243
+
1244
+ = 4.10 2014-12-10 =
1245
+ Minor improvements for custom contact/registration/subscribe forms.
1246
+
1247
+ = 4.9 2014-11-24 =
1248
+ Minor bug fix for Contact form 7.
1249
+
1250
+ = 4.8 2014-11-19 =
1251
+ Improved anti-spam protection for BuddyPress registrations and custom contact forms.
1252
+
1253
+ = 4.7 2014-11-16 =
1254
+ Fixed JavaScript antispam test for FastSecure contact form.
1255
+
1256
+ = 4.6 2014-11-11 =
1257
+ Minor changes in anti-spam logic for BuddyPress registrations, contact forms and bbPress guest posting.
1258
+
1259
+ = 4.5 2014-11-04 =
1260
+ Bug fixes for Contact form 7 and bbPress guests posting.
1261
+
1262
+ = 4.4 2014-10-29 =
1263
+ Improved JS checking for CF7.
1264
+
1265
+ = 4.2 2014-10-20 =
1266
+ Increased plugin perfomance for BuddyPress registrations.
1267
+
1268
+ = 4.1 2014-10-13 =
1269
+ Minor anti-spam improvements for contacts, registration and contact forms.
1270
+
1271
+ = 4.0 2014-10-06 =
1272
+ Major anti-spam improvements for registration and contact forms.
1273
+
1274
+ = 3.9 2014-10-01 =
1275
+ Did exception to do not break to create new user in WordPress backend.
1276
+
1277
+ = 3.8 2014-09-19 =
1278
+ Bug fix release. Minor fixes in API class and JavaScript anti-spam test.
1279
+
1280
+ = 3.6 2014-09-15 =
1281
+ Minor fixes in anti-spam protection for Formidable and custom contact forms.
1282
+
1283
+ = 3.4 2014-09-04 =
1284
+ Spam comments rotation. Custom (themes) contact forms support.
1285
+
1286
+ = 3.2 2014-08-27 =
1287
+ Minor changes in spam filtration logic.
1288
+
1289
+ = 3.1 2014-08-19 =
1290
+ Major changes for comments antispam logic. Improved plugin speed.
1291
+
1292
+ = 2.59 2014-08-14 =
1293
+ Antispam protection for bbPress guests posts. Improvement for JetPack comments and PHP API update.
1294
+
1295
+ = 2.58 2014-08-06 =
1296
+ * Added anti-spam protection for signups posted via WooCommerce order form.
1297
+ * Improved anti-spam protection for Contact Form 7.
1298
+ * Improved anti-spam protection for registrations. Now the plugin looking for JavaScript antispam test results not only in POST array, but in COOKIES array too. This improvement allows protect signup forms for any untested signups plugins and themes.
1299
+ * Updated PHP API. No the plugin can resolve sender IP for websites behind proxy servers. If the proxy servers uses private IP address.
1300
+
1301
+ = 2.57 2014-07-29 =
1302
+ * Improved anti-spam protection for comments. The plugin now proccessing website url in the comments form.
1303
+ * Fixed sign remove logic for approved comments. Previous version doesn't cut sign for comments approved via AJAX call in WordPress backend.
1304
+ * Fixed switching to SSL for comments. Previous version doesn't use secured connection for comments.
1305
+
1306
+ = 2.56 2014-07-21 =
1307
+ * Fixed account status check logic. Previous version makes unnecessary test API calls when the plugin asks account status check.
1308
+
1309
+ = 2.55 2014-07-11 =
1310
+ * Fixed bug with account status function. In backend the plugin showed notice 'Please don’t forget to disable CAPTCHA if you have it!' on every page.
1311
+
1312
+ = 2.54 2014-07-11 =
1313
+ * Fixed signup anti-spam protection logic for BuddyPress registrations.
1314
+ * Fixed anti-spam protection for JetPack contact form.
1315
+ * Changed account status check logic.
1316
+
1317
+ = 2.53 2014-06-27 =
1318
+ * Fixed anit-spam protection bug for signups.
1319
+ * Changed anti-spam functions (comments and signups) priority.
1320
+
1321
+ = 2.52 2014-06-25 =
1322
+ * Fixed 'Fatal error: Call to a member function get_error_code()' issue with signups via BuddyPress.
1323
+
1324
+ = 2.51 2014-06-23 =
1325
+ * Added spam protection for registrations via plugin New User Approve by Josh Harrison. If the CleanTalk matched signup as spam this signup will be denied to placing in pending queue.
1326
+ * Added option "Use secure (SSL) connection to CleanTalk cloud". If the option enabled plugin will communicate with CleanTalk severs via 128bit encrypted data channel. So, if you have SSL protected webforms on website you can use this option to be sure that visitors personal data safely transmits to CleanTalk servers.
1327
+ * Fixed minor bug with loading backend functions.
1328
+
1329
+ = 2.49 2014-06-10 =
1330
+ * Added spam protection for S2Member Auth.net forms.
1331
+ * Added spam protection for multisite signup form.
1332
+ * Optimized account status check function.
1333
+
1334
+ = 2.46 2014-05-19 =
1335
+ * Added: HTML notice about the need to enable JavaScript.
1336
+ * Fixed: Fixed pingbacks anti-spam test.
1337
+
1338
+ = 2.44 2014-05-12 =
1339
+ * Added: Anti-spam protection for S2Member framework.
1340
+ * Improved: Plugin load time for backend and frontend.
1341
+ * Improved: JavaScript anti-spam test.
1342
+ * Fixed: PHP warning mb_convert_encoding()
1343
+
1344
+ = 2.42 2014-04-29 =
1345
+ * Fixed: JavaScript anti-spam test for comments.
1346
+
1347
+ = 2.38 2014-03-27 =
1348
+ * Fixed: Registraion form submit time spam test.
1349
+
1350
+ = 2.36 2014-03-12 =
1351
+ * Reversed to patches from old revisions.
1352
+
1353
+ = 2.35 2014-03-12 =
1354
+ * New: Notifications about disabled account
1355
+ * New: Improved JavaScript spam test.
1356
+ * Fixed: Code optimization
1357
+ * Fixed: JavaScript test for signups.
1358
+
1359
+ = 2.33 2014-02-12 =
1360
+ * Fixed: CURLOPT_FOLLOWLOCATION bug at admin notice
1361
+
1362
+ = 2.32 2014-02-04 =
1363
+ * New: Added notice about automatically approved comment. The notice shows only for first approved comment and only for new commentators (without approved comments) of the blog.
1364
+ * New: At WordPress console added banner for notices.
1365
+ * Changed: Screenshots updated.
1366
+
1367
+ = 2.31 2014-01-24 =
1368
+ * New: Added spam protection for JetPack comments
1369
+ * Fixed: CURL connection issue "Expect: 100-continue"
1370
+
1371
+ = 2.30 2014-01-13 =
1372
+ * Changed: Improved servers connection logic.
1373
+ * Fixed: Antispam test for Fomidable forms.
1374
+
1375
+ = 2.27 2013-12-06 =
1376
+ * New: Added protection against spam bots for JetPack Contact form.
1377
+ * Fixed: JavaScript anti-spam logic for registrations and Contact form 7.
1378
+
1379
+ = 2.25 2013-11-27 =
1380
+ * New: Added protection against spam bots for BuddyPress registrations.
1381
+ * New: Added protection against spam bots for Contact form 7.
1382
+ * New: Added Spanish (es_ES) translation.
1383
+
1384
+ = 2.23 2013-11-20 =
1385
+ * New: Added automatic training blacklists on spam bot account deletion.
1386
+ * New: Added URL to project homepage at plugin options.
1387
+ * Changed: Improved anti-spam logic.
1388
+
1389
+ = 2.21 2013-11-13 =
1390
+ * Changed: WordPress blacklists settings get priority over plugin's anti-spam settings
1391
+ * Changed: Disabled management approval comments for regular commentators of the blog. Automatically approved for publication only the comments of the new blog authors.
1392
+ * Changed: PHP code optimizations
1393
+
1394
+ = 2.19 2013-11-08 =
1395
+ * New: Antispam protection from spam bots at the registration form
1396
+ * Changed: Russian localization for admin panel
1397
+ * Changed: PHP code optimizations
1398
+
1399
+ = 2.5.18 2013-11-01 =
1400
+ * Fixed: Bug with selection of the last comments for post
1401
+ * New: Antispam protection for Formiadble feedback forms
1402
+ * New: Automatic deletion of outdated spam comments
1403
+ * New: On/Off option for comments spam filtration
1404
+ * Tested with WordPress 3.7.1
1405
+
1406
+ = 2.4.15 2013-09-26 =
1407
+ * Fixed: Bug with mass comments deletion
1408
+ * Changed: Russian localization for admin panel
1409
+ * Tested with mulitsite setup (WordPress network or WPMU)
1410
+
1411
+ = 2.4.14 2013-08-29 =
1412
+ * Changed: Removed feedback requests to the servers for banned (spam) comments.
1413
+
1414
+ = 2.4.13 2013-08-19 =
1415
+ * Fixed: "Fail connect to servers..." error on hostings with disabled 'allow_url_fopen' PHP option.