Titan Anti-spam & Security

説明

Titan includes anti-spam, firewall, malware scanner, site accessibility checking, security and threats audits for WordPress websites. Our security functions provide Titan with the latest firewall rules, malware signatures, and database of malicious IP addresses – all you need to ensure the security of your website.

Titan is a comprehensive WordPress security solution, completed by a set of additional features as add-ons, which was placed into a simple and intuitive interface.

Why did we update Anti-Spam and what is Titan?

Let me tell you before we start: your favorite Anti-Spam had not disappeared! Instead of that it revived and became stronger to stand guard over the secure of your site!
The latest update of Anti-Spam is called Titan Anti-spam & Security and represents the brand new version of a plugin.

Why TITAN?

We aim to create a plugin as reliable as this metal – and easy-to-use at the same time. The new name of our plugin sets the pace with newest and highest standards of quality.

What has been changed except the name?
Whilst the process of modernization we had to take some complicated decisions. One of them was:
What should we do: keep Anti-Spam like a simple plugin with the only one function or complicate it with a huge complex of tools made for the security of your site?
Constant feedback from users and versatile development experience lets us claim that the situation when there is too many tools couldn’t exist!
We considered all possibilities thoroughly to secure the best future for the plugin.
Let me introduce new secure functionality that was developed with spending a lot of time, effort and consideration:

Features

ANTI-SPAM

ANTI-SPAM CHECKS YOUR COMMENTS THROUGH OUR GLOBAL SPAM DATABASE, THEN A SELF-LEARNING NEURAL NETWORK RE-CHECKS UNFILTERED COMMENTS, TO PREVENT YOUR SITE FROM PUBLISHING MALICIOUS CONTENT.

  • No captcha.
  • We have created algorithms to ensure reliability and accuracy against spam bots. It will save your time and resources, allowing you to focus on developing and improving your website and business. Antispam provides logs of all the processed requests that allows you to check the spam filters results. Regular analysis of parameters allows you to find new spam behavior patterns.
  • A comment posted by a user appears on the site right away. The background check marks spam comments as spam and hides them on a site. This helps to improve user experience and increase engagement.
  • [PRO] Checking the already existing comments and users for spam.
  • [PRO] We provide 24/7 technical support.
  • [PRO] To identify and block spam bots AntiSpamPro uses a series of tests running in the background, totally transparent to the website User. It allows 100% protection from spam bots No extra protection needed.
  • [PRO] Anti-spam is a comprehensive and transparent anti-spam protection. We provide detailed statistics of all logged comments and logins. You can always be sure that there are no errors.
  • [PRO] Protect Register Form.
  • [PRO] Advanced protection of comment forms.
  • We regularly release updates to the anti-spam module. Our modules always meet new versions of CMS and we are constantly expanding supported CMS.

WORDPRESS FIREWALL

The web application firewall detects and blocks malicious traffic. It protects your website at the endpoint by providing deep integration with WordPress. In contrast to cloud alternatives, it does not violate encryption, cannot be bypassed and does not contribute to data leakage.

  • Protection brute force attacks by restricting login attempts.
  • [PRO] Update real-time firewall rules and malware signatures through the threat protection channel.
  • [PRO] Real-time IP Block List blocks all requests from malicious IP addresses, protecting your site and reducing load.
  • [PRO] An integrated malware scanner blocks requests containing malicious code or content.
  • [PRO] Using the Attack Log you can track visits and hacking attempts that are not shown in other analytic packages in real time; including origin, IP address, current time, and time spent on your site.
  • [PRO] Block intruders by IP address or create advanced rules based on a range of IP addresses, hostname, user agent, and referrer.

WORDPRESS SECURITY SCANNER

  • The malware scanner checks the system files, themes and plugins for malware, invalid URLs, backdoors, SEO spam, malicious redirects and code injections.
  • Basic scanning using more than 1000 signatures.
  • [PRO] Advanced scanning with more than 6000 signatures.
  • [PRO] Configure three scan speeds to make sure the performance is not affected.
  • [PRO] Set scan schedules – daily, monthly, and manually.
  • [PRO] Update malware signatures in real time through a threat protection channel.
  • Compares your system, themes and plugins with those which are in the WordPress.org repository, checking their integrity and informing you of all changes.
  • Recover modified files by overwriting them with the original version.
  • Delete unknown and unwanted files easily via the Titan interface.
  • Checks your site for vulnerabilities and notifies in case of any problems or discrepancies. It also provides a notification of potential security issues when the plugin has been closed or inactivated.
  • Checks the content security by scanning the contents of files, messages and comments for dangerous URLs and suspicious content.

SITE CHECKER [PRO]

  • Check the availability of any URL
  • Push notifications in the browser to show URLs access issues in real time.
    Your browser will receive push notifications if one of the URLS is unavailable.

TWEAKS

  • Strong Password Requirement
  • Hide author login
  • Hide WordPress versions. WordPress itself and many plugins show their version at the visible areas of your site. An attacker who received this information may be aware of the vulnerabilities found in the version of the WordPress core or plugins.

スクリーンショット

  • Dashboard
  • General Settings
  • Anti-spam Settings
  • Web Application Firewall (WAF)

インストール

  1. Install and activate the plugin on the Plugins page
  2. Enjoy life without spam in comments

For more info visit titansitescanner.com

FAQ

How to test what spam comments were blocked?

You can visit Anti-spam settings page and enable saving blocked comments as spam in the spam section.
To enabled that you need to go to: WordPress admin dashboard => Settings section => Anti-spam
Saving blocked comments into spam section is disabled by default.
Saving spam comments can help you to keep all the comments saved and review them in future if needed. You can easily mark comment as “not spam” if some of the comments were blocked by mistake.

What is the percentage of spam blocked?

Anti-spam plugin blocks 100% of automatic spam messages (sent by spam-bots via post requests).
Plugin does not block manual spam (submitted by spammers manually via browser).

Incompatible with:

  • Disqus
  • Jetpack Comments
  • AJAX Comment Form
  • bbPress

How does Anti-spam plugin work?

The blocking algorithm is based on 2 methods: ‘invisible js-captcha’ and ‘invisible input trap’ (aka honeypot technique).

How does ‘invisible js-captcha’ method (aka honeypot) work?

The ‘invisible js-captcha’ method is based on fact that bots does not have javascript on their user-agents.
Extra hidden field is added to comments form.
It is the question about the current year.
If the user visits site, than this field is answered automatically with javascript, is hidden by javascript and css and invisible for the user.
If the spammer will fill year-field incorrectly – the comment will be blocked because it is spam.

How does ‘invisible input trap’ (aka honeypot technique) method work?

The ‘invisible input trap’ method is based on fact that almost all the bots will fill inputs with name ‘email’ or ‘url’.
Extra hidden field is added to comments form.
This field is hidden for the user and user will not fill it.
But this field is visible for the spammer.
If the spammer will fill this trap-field with anything – the comment will be blocked because it is spam.

How to know the counter of blocked spam comments?

You can find the info block with total spam blocked counter in the admin comments section.
You can hide or show this info block in the “Screen Options” section.
The visibility option for this info block is saved per user.

Does plugin block spam from Contact or other forms?

Plugin blocks spam only in comments form section and does not block spam from any other forms on site.
If you installed and activated the plugin and you still receiving spam – probably this could be because of some other forms on your site (for example feedback form).

What about trackback spam?

Users rarely use trackbacks because it is manual and requires extra input. Spammers uses trackbacks because it is easy to cheat here.
Users use pingbacks very often because they work automatically. Spammers does not use pingbacks because backlinks are checked.
So trackbacks are blocked but pingbacks are enabled.

What browsers are supported?

All modern browsers and IE8+ are supported.

Unobtrusive JavaScript

Anti-spam plugin works with disabled JavaScript. JavaScript is disabled on less than 1% of devices.
Users with disabled JavaScript should manually fill catcha-like input before submitting the comment.

And one more extra note…

If site has caching plugin enabled and cache is not cleared or if theme does not use ‘comment_form’ action
and there is no plugin inputs in comments form – plugin tries to add hidden fields automatically using JavaScript.

Not enough information about the plugin?

two
You may check out the source code of the plugin.
The plugin is pretty small and easy to read.

評価

2020年6月16日
So, this used to be my goto anti spam plugin. IT IS NO LONGER THE SAME PLUGIN latest update has replaced what was a good plugin with something very different. This actually represents a huge problem that WordPress will need to address. What if you use a small plugin that does one very useful task. Something very simple even. Someone can "buy" that plugin from the original creator and replace it with whatever they like during an update. In this case a lightweight well behaved anti spam plugin is now a huge bloated security suite that shouts at you in admin. I would never have considered installing this, but it crept in the back door. This new untested plugin, will then show larger numbers of users (which previously was one of the metrics I used for judging a plugins usefulness, but will be very cautious of going forward) and ride on the back of it's predecessor. This is what has happened here.
2020年6月8日
So, they took our Lovely antispam plugin and turned it into another bloated, worthless plugin. All it does is advertise and use up server space. Uninstalled it on all my sites.
2020年5月21日
It is WRONG WRONG WRONG to change the nature of a plugin so significantly so that it is a different plugin. I already have web application firewall (Wordfence) installed on my site and I do not need or want another. All I wanted was a plugin that deals with spam. I especially do not want two WAFs running side by side which can break or slow down a site drastically. What you should have done is released another plugin and promoted it as having the anti-spam feature included along with more features so that anyone who wants those other features can swap the plugins but those who want only the anti-spam features can keep the anti-spam plugin.
2020年5月20日
This was a straightforward anti-spam plugin for years - then a new developer buys it and turns it into a bloated mess. Uninstalling everywhere we had it. Such a shame.
367件のレビューをすべて表示

貢献者と開発者

Titan Anti-spam & Security はオープンソースソフトウェアです。以下の人々がこのプラグインに貢献しています。

貢献者

“Titan Anti-spam & Security” は6ロケールに翻訳されています。 翻訳者のみなさん、翻訳へのご協力ありがとうございます。

“Titan Anti-spam & Security” をあなたの言語に翻訳しましょう。

開発に興味がありますか ?

コードを閲覧するか、SVN リポジトリをチェックするか、開発ログRSS で購読してみてください。

変更履歴

7.1.5

  • Added: Two-Factor authentication [PRO]

7.1.4 – 22.06.2020

  • Updated: translations

7.1.3 – 19.06.2020

  • Added notice in the plugin interface
  • Fixed: Minor bugs

7.1.2 – 16.06.2020

  • Added: options search in the plugin interface. You can enter the option name, the plugin will automatically redirect you to the desired page where the option is located.
  • Removed: trial for the premium plugin
  • Updated: main navigation menu.
  • Added: compatibiliy with a new premium addons.
  • Fixed: Minor bugs

7.0.3 – 20.05.2020

  • Added an option to send a weekly security digest to admin email.
  • Fixed: Minor bugs

7.0.2 – 30.04.2020

  • Add COMPONENTS tab
  • Fixed: Minor bugs

7.0.1 – 17.04.2020

  • The Htts warning notice has been hidden

7.0.0 – 17.04.2020

  • Add wordpress firewall [PRO]
  • Add malware scanner
  • Add security audit
  • Add security tweaks
  • Add site checker [PRO]

6.5.4 – 24.01.2020

  • Fixed: Minor bugs.
  • Fixed: Compatibility Anti-spam Pro.

6.5.3 – 08.01.2020

  • Removed: Admin redirect to the premium page.
  • Updated: Premium page.
  • Added: Activate trial suggestion.
  • Fixed: Minor bugs.

6.5.1 – 16.12.2019

  • Added: Multisite support.
  • Fixed: Bug with redirection loop in multisite mode.
  • Fixed: Readme. GDPR compatibility is ready. Plugin doesn’t send any data to the remote server.
  • Removed: Dashboard widget with annoy ads.

6.5 – 12.12.2019

  • Updated: Plugin interface.
  • Added: Compatibility with WordPress 5.3
  • Added: Compatibility Anti-spam Pro.

5.5

  • Code cleanup
  • Removed dismissible notice

5.4

  • Updated dismissible notice

5.3

  • Fixed the typo in the readme
  • Readme cleanup
  • Code cleanup
  • Added dismissible notice

5.2

  • Disable trackbacks

5.1

  • Disable check for comments from logged in users

5.0

  • Rewriting/refactoring a lot of the code
  • Adding Settings page
  • Storing blocked comments into the Spam section
  • Working on GDPR compliance

4.4 – 2017-08-30

  • Fixed issue with showing comments on every page. Thanks to johnh10

4.3 – 2016-11-22

  • fixed notices

4.2 – 2016-01-30

  • removed XSS vulnerability – thanks to Kenan from tbmnull.com

4.1 – 2015-10-25

  • added log spam to file feature – huge thanks to Guti
  • prevent full path disclosure
  • added empty index.php file
  • publish plugin to GitHub
  • added Text Domain for translation.wordpress.org

4.0 – 2015-10-11

  • dropped jQuery dependency (huge thanks to Guti for rewriting javascript code from scratch. Força Barça! )
  • fixed issue with empty blocked spam counter (showing zero instead of nothing)

3.5 – 2015-01-17

  • removed function_exists check because each function has unique prefix
  • removed add_option()
  • added autocomplete=”off” for inputs (thanks to Feriman)

3.4 – 2014-12-20

  • added the ability to hide or show info block in the “Screen Options” section

3.3 – 2014-12-15

  • refactor code structure
  • added blocked spam counter in the comments section
  • clean up the docs

3.2 – 2014-12-05

  • added ANTISPAM_VERSION constant (thanks to jumbo)
  • removed new spam-block algorithm because it is not needed

3.1 – 2014-12-04

  • remove log notices

3.0 – 2014-12-02

  • added new spam-block algorithm
  • bugfixing
  • enqueue script only for pages with comments form and in the footer (thanks to dougvdotcom)
  • refactor code structure

2.6 – 2014-11-30

  • reverting to ver.2.2 state (enqueue script using ‘init’ hook and into the header) because users start receiving spam messages

2.5 – 2014-11-26

  • update input names

2.4 – 2014-11-25

  • update input names

2.3 – 2014-11-23

  • enqueue script only for pages with comments form and in the footer (thanks to dougvdotcom)
  • clean up code

2.2 – 2014-08-03

  • clear value of the empty input because some themes are adding some value for all inputs
  • updated FAQ section

2.1 – 2014-02-15

  • add support for comments forms loaded via ajax

2.0 – 2014-01-04

  • bug fixing
  • updating info

1.9 – 2013-10-23

  • change the html structure

1.8 – 2013-07-19

  • removed labels from plugin markup because some themes try to get text from labels and insert it into inputs like placeholders (what cause an error)
  • added info to FAQ section that Anti-spam plugin does not work with Jetpack Comments

1.7 – 2013-05-31

  • if site has caching plugin enabled and cache is not cleared or if theme does not use ‘comment_form’ action – Anti-spam plugin does not worked; so now whole input added via javascript if it does not exist in html

1.6 – 2013-05-05

  • add some more debug info in errors text

1.5 – 2013-04-15

  • disable trackbacks because of spam (pingbacks are enabled)

1.4 – 2013-04-13

  • code refactor
  • renaming empty field to “*-email-url” to trap more spam

1.3 – 2013-04-10

  • changing the input names and add some more traps because some spammers are passing the plugin

1.2 – 2012-10-28

  • minor changes

1.1 – 2012-10-14

  • sending answer from server to client into hidden field (because client year and server year could mismatch)

1.0 – 2012-09-06

  • 最初のリリース