Spam continues to be a time and resource consuming problem for WordPress website owners. The most popular solution is Automattic’s Akismet. Perhaps an even better solution is CleanTalk’s Anti-Spam.
CleanTalk’s Anti-Spam is a cloud-based anti-spam protection service that protects websites from spambots. It was previously reviewed here at WP Mayor, so I won’t repeat the information that review covered. To see the original review, see the article Anti-Spam by CleanTalk: Separating Bots from Humans.
CleanTalk has released some new features since WPMayor’s original review. One particularly interesting feature is the SpamFireWall. For this review I took SpamFireWall for a spin. Here are my thoughts on using it and the benefits it can offer.
What is SpamFireWall?
A firewall is a network security system that monitors incoming traffic, blocking traffic based on predetermined security rules. This essentially creates a wall between the website and incoming traffic.
CleanTalk’s SpamFireWall is a special firewall designed specifically to protect websites against spam attacks. Rather than filtering the spam once it’s on your website, the SpamFireWall blocks traffic at the HTTP level. It filters the inbound traffic, which in turn protects and reduces the load on your server. The spam bots never get to your website.
The firewall adds an extra advantage to the CleanTalk protection system. The SpamFireWall creates an extra layer of protection for your website, making CleanTalk a two-step protection system. The firewall is the first line of defense, blocking most spam bots. Anti-Spam is the second line of defense, keeping spam bots from making comments in your posts and forms.
How it Works
As a spam bot visits your website the IP address is checked against a private database blacklist of known IP addresses with spam bots. If it’s a spam bot it just receives a blank page instead of the page you’re your website and the activity is logged which you can then see in the logs.
This keeps the spam bots from being able to load and scan your pages and reduces your server’s CPU usage which will speed up your loading time because your server doesn’t have to run scripts on those pages. This means that the traffic load on your server is reserved for real traffic.
Protection Against Attacks
The firewall is especially helpful because it protects against DDoS attacks, which have the purpose of loading down your server so that it can’t handle requests from real users.
It also protects your website against RPC-XML attacks, which is an attack against a WordPress site to get the username and password of the admin. SpamFireWall uses SQL protection to protect against SQL Injection attacks.
This is an impressive level of protection. Not only does it save you the strain on your server and from the attacks against your website, but it also saves you the time and hassle of having to deal with it yourself. You could spend a lot of time reading and deleting comments.
Setting it Up
Setting it up was fast and easy. Once you’ve gotten your plugin from the WordPress plugin depository, simply install it and activate it. It will ask for an access key. Click the link to get the access key.
The only thing you need to do after installing or updating CleanTalk is to check the box SpamFireWall and save the changes. The SpamFireWall is now running.
I like that you can choose whether or not to enable it, but to be honest I see no good reason to turn it off. The level of protection it gives far outweighs any issues I can think of with using it. Even if it blocks something that you wanted it to let through you can use the reports to fine-tune it.
Using the Reports
Clicking the statistics button takes you to your dashboard on the CleanTalk website where you can view logs and analytics, change your settings, and customize black and white lists.
Whitelists and Blacklists
The Whitelist and Blacklist is where you can manually choose IP’s that are or are not allowed to visit your website.
This is useful because blacklists are always being updated. It’s possible for a spam comment to make it through if it’s from an IP that hasn’t been blacklisted yet. It’s also possible for a legitimate comment to be marked as spam. In this case you can whitelist the IP address so their comments are allowed in the future.
In the Log, select the link for SpamFireWall. The Log is a table that shows the time the spam bot visited your website, the IP, country it was from, the IP owner, the number of hits, and the number passed. It totals the number of hits and passed at the bottom of the table. You can sort this information by website and by date. The log is updated every three minutes.
This is great information to help you choose whether or not to whitelist or blacklist an IP. I recommend checking this log often to see if a legitimate comment or IP has been blocked.
SpamFireWall has been added to analytics. You can see it by selecting SpamFireWall Analytics from the drop-down box on the Analytics page. Here you can choose the websites you want to see the analytics for, the number of days (7, 30, or 365), or type in your own date-range.
You’re given a graph with the number of spam blocked per day, the number of legitimate per day, and all-time totals.
At first the Anti-Spam section of the plugin blocked spam, but the SpamFireWall did not. I knew then that the second line of defense was working and hoped the first line of defense would start workingsoon. I waited another hour and the firewall started catching spam and no more got through to the second line of defense. 100% of it was then caught by the firewall.
In just a few hours of using the plugin it had blocked several blacklisted IP’s from China, Ukraine, the United States, and France. Going through the logs I could see that the one from the US had hit my site 4 times. Since most of my traffic is from the US I wanted to make sure this wasn’t a legitimate user that was being blocked by accident. I clicked on the IP owner and saw the statistics for that IP.
From the statistics that CleanTalk has gathered I could see this was an IP known for spam, so I just left it alone.
Before installing the plugin I knew I was getting spam and I was satisfied that it was being blocked, but I hadn’t considered what that was doing to my server. Now the spam is being blocked before it even gets to my website. It didn’t take long to understand how much spam traffic was being blocked from getting to my server and that resources were being freed up for real users. This alone is enough to recommend the service.
The CleanTalk Anti-Spam service costs $8 per year. The load it saves from your server and the time it saves you from having to deal with spam by hand is well worth the price. You can see more information about their services and prices at their website. SpamFireWall is built into Anti-Spam, so there’re no addon’s required to use it.
The way spam works these days it can sometimes be difficult to catch all of it and accidently approve a comment. This can cause harm to your readers, damage your reputation, and lower your website in search engine results.
SpamFireWall you get two lines of defense – one for your server and one for your website. It protects you by not allowing the comments to get to your website in the first place. It also protects your server from unnecessary load and from attacks. It’s included with Anti-Spam, so there’s nothing extra to buy. Considering the protection it offers and ease of use, I can recommend Anti-Spam for the SpamFireWall alone.
Have you tried CleanTalk’s Anti-Spam with SpamFireWall? Tell us about your experience with it in the comments.