Spam protection, Honeypot, Anti-Spam by CleanTalk

The plugin uses several simple tests to stop spammers:

JavaScript anti-spam test. 99% of spam bots don't have full JavaScript functions support. So, the plugin has the code which can be run by normal visitor and can't be run by the spam bot.
Email, IP, domain spam activity list entries check. The plugin uses spam activity database online at cleantalk.org, consisting of more than 20 billion spam activity records of IPs, Emails, Domains and ASN. If the sender's IP or Email is in the database, the sender gets some spam scores. To reduce false/positive rate the plugin not only uses the blacklist test to ban spammers, the sender will be banned when and only when multiple spam tests have been failed.
Comment submit time. Spam bots usually submit the info immediately after the page has been loaded, this happens because spam bots don't actually fill the web form, they just send $_POST data to the blog. The normal visitor sends the data after several seconds or minutes.

What about pingback, trackback spam?
The plugin passes pingbacks without any checks by default. All trackbacks will be blocked if the sender had spam activity.
Can I use CleanTalk to remove pending spam comments?
Yes, you can. The plugin has the option to test all pending comments via database of spam active IP/Email, found spam comments will be moved to Trash folder.
How does the plugin find spam in pending comments or registered accounts?
The plugin checks all non-spam comments in the blacklist database and shows you those senders who have spam activity on other websites.
There are some differences between blacklist database and API to protect you from spam bot registrations/comments online. Blacklists show all history of spam activity, but our API (which is used in spam tests) relies on other parameters too: last day of activity, number of spam attacks during the last days etc. These mechanisms help us to reduce the number of false outcomes. So, there is nothing strange, if some emails/IPs are not found by bulk comments/accounts test.

To check comments please go here:

WordPress console -> Comments -> Find spam comments

To check users please go here:

WordPress console -> Users -> Find spam users

Is the plugin compatible with WordPress MultiUser (WPMU or WordPress network)?
Yes, the plugin is compatible with WordPress MultiUser. Each blog in multisite environment has individual anti-spam options for the protection from spam bots.
After the installation I noticed that the number of spam attacks has been increased in the stats
There are a few reasons for this:

With the indexing of your web-site by the search systems, appearance of external links and better search results position, your web-site attracts more and more spambots.
Non-transparent protection systems like CAPTCHA or question/answer, that don't have spam attacks stats, don't let you see the whole picture, or the picture is incomplete.
Counting methods for spam attacks and spam bots are different for different systems, thus the diversity appears. We seek to provide detailed stats.

Why my dummy "spam" comment passed to the WordPress?
The plugin has several options to detect spam bots and humans. If you just post spammy text like this:

"I want to sell something", "Buy something here.." and etc

the comments will be passed, because the plugin detects sender as a human. So, use special email stop_email@example.com to test the anti-spam functionality or wait a few days to see how the plugin works.
Is it free or paid?
The plugin is free and distributed under the GPLv2 license.

CleanTalk anti-spam plugin works with a cloud base anti-spam service and this plugin is a Software as a service (SaaS).
CleanTalk it’s a free plugin that works with premium Cloud Anti-Spam service.
https://en.wikipedia.org/wiki/Software_as_a_service

The fact that the plugin works with a premium type service is mentioned in the plugin annotation and in its WordPress catalog description.

We are ready to help you with any issue regarding CleanTalk. There are hundreds of environment compositions and we do our best to cover as many as possible.
Can I use CleanTalk with cache plugins?
Anti-spam by CleanTalk doesn't use static HTML code in its templates, so all anti-spam functions work correctly with any WordPress cache plugins.
Does the plugin protect from spam bots if I use forms with third-party services?
Yes, it does. Plugin protects web-forms on your websites which send data to third-party servers (like MailChimp). To enable this protection set the option 'Protect external forms' in the plugin settings.
Does CleanTalk compatible with Cloudflare?
CleanTalk is fully compatible with CloudFlare. Service doesn't filter CloudFlares IP's (AS13335) through blacklists database, so in this case plugin/service filters spam bots using other anti-spam tests.
Is CleanTalk compatible with a content delivery network (CDN)?
Yes, it is. CleanTalk works with any CDN system, i.e. CloudFlare, MaxCDN, Akamai.
Can I use CleanTalk functionality in my plugins?
Yes, you can. Follow this guide https://cleantalk.org/help/api-check-message
I see two loads of script cleantalk_nocache.js. Why do you use it twice?
This script is used for AJAX JavaScript checking. Different themes use different mechanisms of loading, so we use two methods for loading our script. If you absolutely know what you are doing, you can switch one of the methods off by defining constants in your wp-config.php file:

define('CLEANTALK_AJAX_USE_BUFFER', false); //false - don't use output buffering to include AJAX script, true - use it

or

define('CLEANTALK_AJAX_USE_FOOTER_HEADER', false); //false - don't use wp_footer() and wp_header() for including AJAX script, true - use it

Can I add exclusions for some pages of my site?
Yes, you can. There is a special setting in plugin settings.
You could use this guide to learn more: https://cleantalk.org/help/exclusion-from-anti-spam-checking#wordpress
Can I not send my personal data to CleanTalk servers?
Yes, you can exclude your data. There is a special setting in plugin settings.
You could use this guide to learn more: https://cleantalk.org/help/exclusion-from-anti-spam-checking#WordPress_field_exclusions
How to test Spam FireWall?
Use special IP 10.10.10.10 in URL to test Spam FireWall. For example,

https://cleantalk.org/blog/?sfw_test_ip=10.10.10.10

Attention! The incognito mode should be enabled in your browser when you do a test. To enable incognito mode press Ctrl+Shift+N for Chrome, Opera и Safari browsers; press Ctrl+Shift+P for Firefox, Internet Explorer and Microsoft Edge. A full guide to enable Incognito mode is here: https://www.wikihow.com/Activate-Incognito-Mode
How can I enter access key in WPMU version?
To set up global CleanTalk access key for all websites in WPMU, define constant in your wp-config.php file before defining database constants:

define('CLEANTALK_ACCESS_KEY', 'place your key here');

Now, all subsites will have this access key.
Does the plugin work with Varnish?
CleanTalk works with Varnish, it protects WordPress against spam, but by default the plugin generates a few cookies for the protection from spam bots and it also disables Varnish cache on pages where CleanTalk's cookies have been stored. To get rid of the issue with cache turn off the option 'Set cookies' in the plugin settings.

WordPress console -> Settings -> CleanTalk -> Advanced settings

Now the plugin will protect WordPress comments, registrations and most of popular contact forms, but will not protect some of rarely used contact forms.
Does the anti-spam plugin work with Accelerated Mobile Pages (AMP)?
Yes, it does. But you have to turn off the SpamFireWall and the option 'Use AJAX for JavaScript check' in Advanced settigns of the plugin to be fully compatible with Accelerated Mobile Pages.
Should I change anything in the plugin's settings or in my CleanTalk Dashboard when I switch my website from HTTP to HTTPS or vice versa?
No. You don't need to change anything in the plugin's settings or in your CleanTalk Dashboard. The plugin will work regardless of the protocol.
Spam Comment Management
By default, all spam comments are placed in the spam folder, now you can change the way the plugin deals with spam comments:

Move to the Spam folder. All spam comments will be placed to the folder "Spam" in the WordPress Comments section except comments with Stop-Words. Stop-Word comments will be always stored in the "Pending" folder.

You can prevent the proliferation of Spam folder. It can be cleaned automatically using the option "Keep spam comments for 15 days." Enable this option in the settings of the plugin: WordPress Admin Page -> Settings -> Antispam by CleanTalk -> Advanced settings -> enable "Keep spam comments for 15 days" -> Save Changes.

Move to Trash. All spam comments will be placed to the folder "Trash" in the WordPress Comments section except comments with Stop-Words. Stop-Word comments will be always stored in the "Pending" folder.
Ban comments without moving to WordPress backend. All spam comments will be deleted permanently without going to the WordPress backend except comments with Stop-Words. Stop-Word comments will be always stored in the "Pending" folder.

To manage the actions with spam comments, go to the Control Panel, select the website you want to change the actions for and go to "Settings" under the name of the website.

Please, read more here:
https://cleantalk.org/help/spam-comment-management
Is the plugin EU GDPR compatible?
Yes, it is. Please read this article,
https://cleantalk.org/publicoffer#cleantalk_gdpr_compliance