Hello @yumeconsults,
Please make sure you are using the latest version of our Anti-Spam plugin. The update guide is here: https://cleantalk.org/help/update-wordpress
Then change these options: WordPress Admin Page —> Settings —> Anti-Spam by CleanTalk —> Advanced settings —>
—> set the option “Set cookies” to “On” —>
—> set the option “Add a CleanTalk Pixel to improve IP-detection” to “Off” —>
—> set the option “Encode contact data” to “Off” —>
—> Save Changes.
—> Clear all cache on your site.
If this doesn’t help, try reactivating our plugin: Plugins —> Installed plugins —> Anti-Spam by CleanTalk —> Deactivate and Activate
We’d be happy to take a closer look at what happened on your site — feel free to share any details about your hosting environment and server logs. You can send this securely through our support ticket system:
https://cleantalk.org/my/support/open
I will also ask our developers about this issue and get back to you as soon as possible.
We are also working on further improving the plugin’s performance and minimizing its impact on site resources. Let’s take a closer look at your case to help us make our service even better!
Thread Starter
Yume
(@yumeconsults)
Thanks for the tips. Okay we temporarily blocked the IP that was pinging our site for a few hours and then we updated the plugin, cleared cached and it seems to be cooled off now and has not excessively pinged our site IP. We’re monitoring the situation.
Some clarifying questions:
The cookies is recommending OFF but you’re saying ON and we’re using a caching plugin, so is this really intended, the issues isn’t cookies…
“The “On” option means ordinary cookies in the visitor’s browser. If you use cache plugins, some user parameters will be transmitted inaccurately and this may lead to incorrect filtering.
Alternative mechanism will store data in database and will not set cookies in browser, so the cache solutions will work just fine.
The “Auto” option is designed to automatically detect the presence of caching plugins on the site, but now it does not always work, so we advise you not to use this option. The option is reserved for long-time customers who are fine with filtering.
The “Off” option uses local storage instead of cookies. Caching plugins have no negative effect. We recommend using this option.”
Also does CleanTalk run a cron job by chance just curious. How does it work if yes.
Thank you!
Thank you for your reply.
Changing the “Set Cookies” option to “On” can help reduce the load on the server.
Also does CleanTalk run a cron job by chance just curious. How does it work if yes.
Yes, our plugin has a cron, it is necessary for updating the SpamFireWall database, synchronizing with the cloud and sending logs to your Dashboard.
Our developers have also checked your issue, and we need your server logs, server and WP configuration for a more detailed investigation. But since you say that the situation has improved, let’s observe for a while. If the issue occurs again, please contact us via our private Ticket System: https://cleantalk.org/my/support/open
Please, keep us informed.
Thread Starter
Yume
(@yumeconsults)
Will do. My only concern with the cookies ON is with our caching plugin we will have another set of issues… that could come up to sort, but agree, let’s monitor for a couple days (now with the updated plugin) and the other settings you noted, and I will follow up on the private link.
The link you shared isnt to the private support it’s to public…?
Thanks again!
-
This reply was modified 1 year ago by
Yume.
-
This reply was modified 1 year ago by Yume.
You’re welcome!
The link you shared isnt to the private support it’s to public…?
The link leads to private support only.
Please, keep us informed.
Thread Starter
Yume
(@yumeconsults)
Okay it’s doing it again we unblocked (slowed down) then blocked again and pinging us nonstop… is this you??
How to send you all the cleantalk logs securely so not the entire public sees the attachment?
*sample url that’s pinging us literally every few seconds so we had to block this on wordfence: is it spoofing a old Mac Catalina??
Council Bluffs, Iowa, United States visited https://exmplesite.org/product-tag/weird-stuff-going-on/?cache_bust=1744193936
4/9/2025 3:18:56 AM (52 minutes ago)
IP: xx.xxx.xx.xxx Hostname: 170.17.208.35.bc.googleusercontent.com
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
AND THIS
Council Bluffs, Iowa, United States visited https://examplesite.org/tt-dd
4/9/2025 3:33:18 AM (49 minutes ago)
IP: xx.xxx.xx.xxx Hostname: 170.17.208.35.bc.googleusercontent.com
Cleantalk-Helper/1.0.0
Is this you all so we can isolate the problem
Thanks again.
-
This reply was modified 1 year ago by Yume.
How to send you all the cleantalk logs securely so not the entire public sees the attachment?
Please contact us via our private Ticket System: https://cleantalk.org/my/support/open
And please provide the following information: server logs, server and WP configuration.
This will help our developers better understand this issue.
Thank you.
Thread Starter
Yume
(@yumeconsults)
Hi again our server logs, wp configuration, etc are confidential we want to ensure before we think that sharing is prudent or highly necessary, we want to confirm the following so we’re not opening up our security by sharing unnecessary confidential info on our server logs but we are happy to share any logs related to CleanTalk, if applicable.
We have been investigating the high CPU pings to isolate the plugin, which is calling a loop pinging our site within our website IP. We see this code appended to the url strings in a loop, is your plugin using this appended in the url string? We have isolated his is the source of our loop here. If it’s not we can weed out CleanTalk servers and go to our other caching plugins. Thank you so much.
e.g. “Cache-busting query strings” or “Dynamic file versioning.” or this specific type of code appended to urls:
/*?cache_bust=*
Hello @yumeconsults
Thank you for the clarification and for your thorough investigation.
To answer your question, no, as far as I know, CleanTalk does not add query strings like ?cache_bust=* or use similar URL parameters for its operations.
If this pattern is causing a loop, it’s more likely related to another plugin, such as a caching or optimization tool. If you suspect that CleanTalk is contributing to the issue, please provide specific logs or examples related to the plugin. This information will help in diagnosing and resolving the problem effectively.
Also, no worries about your confidential info, we totally understand. You don’t need to share anything sensitive. If you do spot anything in your logs that’s directly related to CleanTalk, feel free to share just that part, and we’ll be happy to dig in and help out.
Thread Starter
Yume
(@yumeconsults)
So we did find out what’s causing the issue it’s a combination of CleanTalk and the Hide My WP the way they interact with one another.
The scenario was unique:
- Hide my WP (HMWP) allows users to change or obfuscate core paths, for example we can change the wp-json (path) to let’s say xyz name (then after when we cleared cache and updated permalinks);
- For some reason CleanTalk cannot find the updated URL string, it continually went to ping /wp-json and that constant ping comes from our website IP and then does this loop. It appended things (and yes some have had the cache_bust or site sync appended to our url but mostly when one of our teams was doing any actions on the site, it triggered the ping, and as you might guess the CPU spikes and server over loads were on repeat;
- As we monitored our Live Traffic one of the pings/IPs came from CleanTalk helper 1.0 from the same website IP and location, so we could see a ping pattern, and we noticed it kept looking for wp-json original file /wp-json/ but we had switched it to /xyz
- After a couple of days of monitoring Live Traffic we isolated the issue;
Now we’ve since reversed the HMWP “change paths” and put back wp-json common name and then it automatically within <24 hours stoped the ping and loopback and our CPU is lowered.
When we change a HMWP path CleanTalk needs to know where it is and that’ what we need to do is update the url string it’s using from /wp-json to /xyz … for now we’ll leave it, and give our team a break before we do this :-). This mystery has been resolved.
This caused our site to be hit nonstop within seconds and minutes +25000 times within minutes and seconds as were investigating over the course of a few days!
Thread Starter
Yume
(@yumeconsults)
One other mystery remains why is Clean Talk helper constantly pinging our site though even though we fixed the loop it’s nonstop minutes, seconds… seems weird and is this normal?
One example but this CleanTalk process hits nonstop at times for days/cycles, we see it’s pinging our website IP from within nonstop for minutes and seconds… in cycles though.
https://www.dropbox.com/scl/fi/eovireoz93s1ey31v8tnl/Screenshot-2025-04-16-at-7.19.15-PM.png?rlkey=ek4if4ttakv60zz2xalgszkv3&st=xx4x1asy&dl=0
-
This reply was modified 1 year ago by Yume.
Hello @yumeconsults,
I will ask our developers about this issue.
We will contact you within 2-3 business days.
Thank you.
Thread Starter
Yume
(@yumeconsults)
Hi, any updates from your dev about this? Thanks!
Hello,
Unfortunately, our developers are still working on this issue.
We’ll contact you as soon as possible.
Hello @yumeconsults,
Thank you for waiting.
Here’s what we were able to find out:
So we did find out what’s causing the issue it’s a combination of CleanTalk and the Hide My WP the way they interact with one another.
We plan to fix this within 3-4 months. We will contact you as soon as we finish.
One other mystery remains why is Clean Talk helper constantly pinging our site though even though we fixed the loop it’s nonstop minutes, seconds… seems weird and is this normal?
Please find this file and the specified line on your site via any file manager.
Change the value of the plugin_version variable to 123.
Did it help you?
