Did you know that WordPress hosts over 74,652,825 websites that make around 30% of all websites on the internet? Evidently, WordPress is a preferred platform when it comes to building a site. The downside of such popularity is that it is also a favorite target for hackers and malware.
Did you know how many how many hack attempts are made on WordPress website every minute? It’s 90,978! Unbelievable right?
Website Security is usually not a concern until it is compromised. I had the same outlook towards website security and took note of it only after my WordPress site was hacked. Following that, I started looking for security plugins that would help me clean my hacked site and prevent further compromise. During my search, I came across MalCare and decided to try it out. Here’s my review of this excellent plugin.
MalCare was developed by the same team who built BlogVault, a popular WordPress backup plugin. Since I’ve heard so much about BlogVault, I decided to look into their security solution, MalCare. Team BlogVault were inspired to create service that tackles all security issues on a WordPress website after seeing their customer face security issues. After 2.5 years of effort, they developed a multidimensional plugin that takes care of all security issues.
To get you a clearer picture, I focused on testing the following MalCare features:
- Installation and Setup
- MalCare Dashboard
- MalCare Scanner
- MalCare Cleaner
- MalCare Firewall
- Website Hardening
- Website Management
- Secure Backups
So, let’s start off with what all I found impressive about MalCare.
Installation and Setup
The process seems very straightforward even if you are doing it for the first time. The best part is that it won’t take more than 5 minutes to get the set up done!
Here is how the installation works:
Step 1: Click the Add Site option and insert the URL of your site.
Step 2: Next you will have to install the plugin on your site.
And you’re done! The process is pretty simple and easy!
Overview of the MalCare Dashboard
As soon as MalCare is installed and your site is added, the scanning of the same site begins. Convenient right? Moreover, the dashboard is also systematically arranged for you to find and use all features with ease.
The dashboard is divided into the following sections:
You also have quick links to the same actions on the left-hand side of the dashboard.
Once the scan is done, there is a Score displayed on the right at the bottom of the screen indicating the health of your site. Along with that, the number of files scanned and infected is also displayed. Neat isn’t it.
The score is ranked from D to A with A being the best score and D the worst. It will help you understand how good your security is and how it can be improved. I was glad to find that even the sites that received a D and could be protected because MalCare gave me suggestions on how to enable protections to improve the score.
The next feature I tested was the scanner. It was built after analyzing over 240,000 websites and uses its collective intelligence to detect unknown and new malware.
I tried the scanner on one of my hacked websites. Here’s how I configured the MalCare scanner.
Step 1: First, I logged into the MalCare dashboard.
Step 2: On the dashboard, there is a Scan Now button under the Security section. I selected that and the scanning began.
It took a couple of minutes for the scan to complete following which MalCare told me if my site was clean or hacked.
I investigated how MalCare scanner works. Here are a few behind-the-scenes details on the same:
This is a feature that I was impressed to find when I dived deep into how the scanner works. MalCare employs AI technology to find new and complex malware on your site.
It learns to track changes and validate those changes as normal or not. This also enables the scanner to accurately locate the presence of malware in a site. MalCare does more than signature matching which is the regular method to find malware on a WordPress site.
The MalCare scanner will not overload your server when it is scanning the site (one of the few scanners to do so). The scanning is done on their server thus not affecting the performance of your page at all! When I used the on-demand scanner, the speed of my site remained affected.
Low False Positives
As of now, I haven’t received any false positives. While talking to the support (had a few questions surrounding the scanner), I found out that MalCare takes additional efforts in ensuring that it reports only when a legit malware is found. Lack of false positives is a huge relief, to be honest.
Happy with what I found with the scanner, I decided to try out the malware cleaner. I used it on one of my hacked sites. The cleaning process is efficient and took only a few minutes to complete!
Here is how I enabled MalCare cleaner to run on my hacked sites:
Step 1: After scanning, I was informed that my site was hacked. I navigated to the scanner section on the MalCare dashboard.
Step 2: There, I selected the Auto Clean option and the cleaning process began.
And that’s about it! The process is straightforward and easy.
If you want to view the infected files, you can do the same from the Scanner section by simply clicking on Infected Files.
I liked the fact that this tool was thorough in removing malware. I didn’t experience a re-hack once MalCare cleaned my site. Also, only the files that were infected were removed without causing any damage to any of other files.
This is another feature that is recommended along with the cleaner. While removing malware from the system is the right way to go, it is essential that you take measure to ensure that your site does not get hacked again.
There are three levels of site hardening measures offered by MalCare.
- Block PHP Execution in Untrusted Folders
- Change Database Prefix
- Disable Files Editor
- Block Plugin/Theme Installation
- Reset all Passwords
- Change Security Keys
Enabling them are easy and you need not have any technical knowledge for the purpose.
Changing Security Keys
MalCare changes the security keys into a much stronger set and saves it to a secure location. That’s help prevent hackers on various level.
Protection of Upload Folders
Hacks are sometimes caused due to the vulnerability in the PHP code from the upload folders. MalCare has taken preventive steps to ensure this issue is taken care of.
Disabling File Editor
Using the feature, I can disable the backend files on I website which will help prevent hacker making changes to your site.
The MalCare dashboard is provisioned in such a way that I can set up all the website hardening fixes in just a few clicks.
If you are trying to protect your site, the WordPress firewall is an essential feature. It is automatically enabled when you install the plugin on your site.
The firewall uses the following methods to filter the traffic.
This is where the requests that come from bad IPs are blocked. MalCare marks the harmful IP addresses and instantly blocks them from trying to enter your site.
Hackers often use bots to try and gain direct access to a site’s login page. They try to guess our credentials over and over again. How MalCare fixes it? The hackers are locked out after a few failed attempts! MalCare also deploys a CAPTCHA that cannot be solved by machines and bots.
From the Firewall section, you can get the following details – The IP Address, Country Status, Time, Method, Path Bypassed Users, Response Your Website Gave, etc.
Looking at all these details, I felt a lot safer. Here I can monitor who is viewing my site.
A website management option provided by MalCare allows you to perform all sorts of functions while managing my multiple websites. Plugins and themes can be updated from here. With a click of a button, you can add or delete plugins with the help of website management.
You can also change the roles, passwords, add/remove users without having to travel to your WordPress site. With each of these features, MalCare only made my life easier.
Integrated Secure Backup
Another impressive functionality provided by MalCare is its powerful backup service. It lets you access your backups for up to 365 days. Having a backup for your site is essential because it comes handy when a website gets hacked.
When I decided to call the customer support to learn more about some of the features, they responded within 24 hours. They entertained all my queries with detailed responses. They seemed to be knowledgeable about all the features and workings of a security plugin. I was happy knowing that I won’t have trouble with the product as I could count on the support team to help me out.
My Experience with MalCare
I didn’t face any problem or any sort of failure while using the security service. As I tried to learn more about the product, I was only impressed more and more. They seem to be using the latest technologies. The Scanner uses AI technology to find malware that goes undetected in other security plugins. Once it finds the malware, the Auto Clean option thoroughly removed it in a few minutes. I really like the White-labeling feature that allows me to personalize MalCare by rebranding it to my own brand name. Detailed Client Reporting is pretty handy too.
I can opt for any level of security to keep my site safe from hackers thanks to the Website Hardening feature. I must say, they have done a comprehensive job of creating a security plugin that meets all the security needs of a WordPress site owner. From now on, I will use MalCare on all my sites and it’s worth every penny. You too can get MalCare protection for $8.25 per month.
Also read, MalCare vs WordFence vs Sucuri vs iThemes WordPress security plugins compared.