1. Home
  2. Help
  3. Install
  4. How to install the CleanTalk WordPress Security...
Download plugin file security-malware-firewall.2.172.zip.Previous version security-malware-firewall.zip.

How to Install WordPress Security & Malware Scan by CleanTalk

Here is a video guide with installation process or you can use the text version down below.

1. In the WordPress Admin Dashboard go to the Plugins section and press the Add New button.

Add new plugin

 

2. Find the Security & Malware Scan by CleanTalk plugin by typing the "cleantalk" → Press the Install Now button near the plugin's name.

Installation of the CleanTalk Security Plugin

 

3. Once the plugin is installed, press the Activate button on the same page.

OR

In the Plugins section find the installed plugin Security by CleanTalk and press the Activate button under the plugin's name.

Activation of the CleanTalk Security plugin

 

4. Go to Settings → Security by CleanTalk.

OR

In the Plugins section find the installed plugin Security by CleanTalk and press the Settings button under the plugin's name.

The CleanTalk WordPress Security plugin settings

 

Go to the General Settings tab → Copy the access key from your CleanTalk Security Dashboard and paste it into the Access key field → Set up the plugin if necessary, and press the Save Changes button.

Enteting the access key

 

Add this string "/?spbct_test=MD5-OF-YOUR-ACCESS-KEY&spbct_test_ip=10.10.10.10" to your website address. You have to modify it for your access key.

Example:

  1. Your access key is 1234.
  2. Calculate the MD5 hash of your key here: https://www.tools4noobs.com/online_php_functions/md5/
  3. It would be 81dc9bdb52d04dc20036dbd8313ed055 for the "1234" key.
  4. Now modify the link to the security block screen. It will look like this:
  5. MyWebsite.com/?spbct_test=81dc9bdb52d04dc20036dbd8313ed055&spbct_test_ip=10.10.10.10

The same thing could be done in your CleanTalk Dashboard:

  1. Go to your Security Dashboard: /my?cp_mode=security
  2. Click the link "Settings" under the name of your website.
  3. Then click the link "Testing Security FireWall".

CleanTalk Security Dashboard Website Settings Test Block Screen Firewall

 

 

1. Navigate to the plugin settings under the Brute Force Protection section, temporarily set the blocking time to 2 minutes, and save your changes.

Brute Force Protection settings

 

2. Open your website's login form in an Incognito/Private browser window, and enter incorrect login credentials several times in a row.

Login attempt

 

3. You should see a block screen appear. This confirms that the Brute-Force Protection module is active and working correctly.

Brute Force Protection screen

 

4. Return to the plugin settings and set the blocking time back to 1 hour (or your preferred duration).

 

 

1. Download the test files (curable.php and uncurable.php) and place them in a directory on your server (for example, a folder named /files/ in your site's root). You can do this via your hosting control panel or using an FTP/SFTP/SSH connection.

Note: These files contain test signatures that our plugin is programmed to detect. They are completely safe and do not contain any harmful code.

2. Start the malware scanner. Please wait for the scan to finish, and do not close the browser tab while it is in progress.

Start scanning

 

3. Check the Cure Log section: By default, the Cure malware option is enabled, so the plugin will automatically remove malicious code if it has a specific directive for that signature.

  • curable.php: Should show a CURED status, meaning the threat was successfully removed.
  • uncurable.php: Should show a FAILED status, as there is no automatic directive for this specific test signature.

Cure Log accordion

 

4. Because uncurable.php still contains the test code, it will appear in the Critical section of your results. For files in this category, you must manually decide the next step:

  • Manually remove the suspicious code.
  • Delete the file entirely.
  • Approve the file (only if you are 100% certain it is safe).

Seeing files in the Critical section is a standard alert that your site may be infected.

Critical accordion

 

5. Once you have verified that the scanner is detecting and processing the files correctly, the test is complete. You may now delete the test files from your server.

Below is a video guide that shows the same process for scanning and dealing with malware on your WordPress site. The guide uses different test malware, but the idea is the same as described in this text.

 


 
Please follow this guide to add a website to the CleanTalk Security Dashboard: /help/add-website

 

Congratulations. The CleanTalk Security Plugin is installed!

Please go to your Dashboard to see the security status, add new websites, or manage existing ones!
Please check your e-mail to get the account password.

 

Learn more about Firewall for WordPress  or Create an account

Was this information helpful?

It would also be interesting

Copied to clipboard