WP Rocket - WordPress Caching Plugin

MalCare Review: The Most Preferred Security Plugin for WordPress Websites

MalCare Review

The first question that arises is why does any WordPress (or WP) website require additional security? Shouldn’t the WordPress team be taking care of that? The truth is that while WordPress core is safe and protected from hackers through regular security fixes, many WordPress users install third-party plugins and themes. And then they don’t update it. The 2017 industry statistics reported a total of 3321 vulnerabilities for WordPress plugins and themes.

To protect your websites from these vulnerabilities you can opt for any of WordPress security services in the market. But many of them do not provide the best results and have major drawbacks – including slower website performance, false positives, and steep pricing.

This was the stage when I decided to evaluate the MalCare security plugin, which was suggested by a business associate. Here is my evaluation.

About MalCare

Designed as a one-stop solution for your WordPress security needs, the MalCare security service was designed and built by the same team that made BlogVault, a very popular WordPress backup plugin that has been used by over 200,000 websites. After spending many years in the WordPress industry, BlogVault’s next plan was to come up with an efficient security plugin.

Why MalCare?

MalCare is a complete security solution that provides malware detection and cleaning along with preventing future security-related problems. To execute the tool, I did not need to have any technical expertise.

With a one-click button, MalCare performs the scanning and cleaning process in thoroughly but quickly without any manual intervention. Additionally, I did not have to share any of my credentials with the security personnel, neither did I have to bother about any false security alerts.

MalCare Installation and Configuration

Installing and configuring MalCare for my website was easy and quick (in under 5 minutes).

All that I had to do was the following:

  1. Click the MalCare dashboard link (sent to me on the registration E-mail by MalCare).
  2. Add my website URL by clicking either the “Add Site” button or the + button that appears on the top left corner of the dashboard page.

MalCare Review

3. Enter my website credentials, then opt for either manual installation (by downloading the plugin zip file) or for automatic installation that directly installs the plugin without any more steps.

MalCare Review

That’s it. This 3-step process completes the MalCare installation and configuration process.

The MalCare Dashboard

Easy to access, the MalCare dashboard features the following sections:

  • Management
  • Backup
  • Security
  • Reporting
  • White-Labelling

MalCare Review

What I found particularly convenient is that MalCare automatically scans for any malware immediately on installation. On completion, the tool displays a score indicating the health of the website in the Overall Score section. This score is calculated by a security algorithm and ranges from A (highly secure) to D (vulnerable). The tool also indicates easy solutions on how I can improve the overall score.

MalCare Scanning Tool

Did you know that the MalCare Deep Scan technology has been created after analyzing more than 240,000 websites? It also uses over 100 intelligent signals to detect malware on your website.

The convenient part is that the MalCare scanner can be configured for “daily automatic scanning” or for “on-demand scanning.” To run the on-demand scanner, I just had to click the “Scan Now” button from the dashboard. Additionally, I could schedule malware scans according to my convenience.

MalCare Review

On completing the scan, MalCare displays the total number of scanned files including the number of infected files on the dashboard.

Besides the one-click scanning process, MalCare offers a variety of technological benefits:

  • The use of over 100 Artificial Intelligence or AI-based signals to detect new malware on any WordPress website.
  • Advanced malware detection techniques that go beyond signature matching used by most of the other WordPress security plugins.
  • Tracking of every file modification to ensure early and accurate malware detection.
  • Deep Scan process is performed on MalCare’s dedicated web server and not on the client’s local web machine, thus avoiding any slowdown in its speed or performance.
  • Thanks to accurate malware detection, MalCare does not send any false positives to the user and only reports the real threats to the WordPress website.

MalCare Cleaning Tool

MalCare provides an automated malware cleaner tool to be executed if the scanning procedure reports a hack. This is much quicker and more efficient than reaching out for the services of any security personnel.

On receiving a notification mail from MalCare about my hacked site, I just needed to log in to the dashboard and click the “Auto Clean” button to run a complete cleaning procedure that removed malware in a few minutes.

MalCare Review

Additionally, MalCare also shows the list of infected files that were removed in the “Infected Files” section.

Besides the one-click convenience, this malware cleaning tool provides several benefits, including:

  • Comprehensive malware removal, which ensures that the removed malware does not return through any backdoor or security loophole.
  • No requirement of any technical expertise, meaning any novice user can execute this tool.
  • Precision in malware removal, with the use of advanced technology to locate only those affected files leading to the malware, which is then removed without impacting other files.

About Website Hardening

Due to the growing number of security compromises, WordPress has recommended a few website hardening measures, which can be used to secure your website. With a few easy clicks, MalCare allows you to perform the following hardening measures from its dashboard:

  • Essentials
    • Block PHP Execution in Untrusted Folders: to prevent the execution of PHP files in folders where any new files are created. This can be used to prevent TimThumb and MailPoet type of attacks.
    • Update prefix for databases
    • Disables Files Editor: to prevent any hacker from modifying any website files.
  • Advanced
    • Block Plugin/Theme Installation, to block the installation of any new WP plugin or theme that may introduce additional vulnerabilities.
  • Paranoid
    • Reset all Passwords
    • Change Security Keys: which prevents hackers from gaining access to security keys stored in the database.

MalCare Review

To configure website hardening, all I had to do was to select the respective measures from the tabs and specify the website details including FTP host, type, and credentials.

Testing the MalCare Firewall

Designed to protect your website from hack attacks, the WordPress firewall is automatically activated on installation and can be disabled from the dashboard.

MalCare also uses the following techniques to keep a check on the incoming traffic to your website:

  • Auto IP Blocking

Did you know that MalCare scans over 100,000 websites to identify any bad IP addresses that can potentially damage your website? MalCare automatically blocks any requests from these IP addresses and prevents them from gaining access to your website.

  • Login Protection

Hackers can deploy bots to gain access to your WordPress account through repeated login attempts. MalCare firewall restricts the number of failed login attempts and also displays the CAPTCHA panel to filter out the harmful bots and prevent brute force attacks.

MalCare Review

Managing the website and users

From the MalCare dashboard, you can manage your installed plugins, themes, and even your WordPress core files through a user-friendly interface.

MalCare Review

Additionally, you can add or remove users using the User Management feature, along with assigning and changing user roles.

MalCare Review

MalCare Backup Features

Thanks to their BlogVault backup expertise, MalCare provides a convenient range of backup features that lets you recover your valuable data in the event of a website crash.

MalCare Review

Price & Support

To complete the review, I decided to also check the tool pricing and the quality of their customer support.

MalCare is available in both a free and a paid version. While the free version provides scanning and firewall features, the paid is economically priced at $ 8.25 for a month.

I also sent a couple of tool-related queries to their customer support team. Thanks to their 24-hour turnaround policy, they responded to my queries and provided adequate responses to my security and product-related concerns.


Based on my initial evaluation and overall experience of using this tool for the last six months, I can safely recommend this tool to any WordPress website owner as a comprehensive security tool. Along with its complete ease of use, functionality, and features such as the use of artificial intelligence and the use of MalCare’s dedicated servers for scanning operation are some of the positive points for me.

The only possible drawback of this tool is the absence of the 2-factor authentication (which is in the development as per their Support staff).

Want to try MalCare? Click Here Now!

Read Top 10 Best Security Apps to Protect Your Computer from Prying Eyes