The first question that arises is why does any WordPress (or WP) website require additional security? Shouldn’t the WordPress team be taking care of that? The truth is that while WordPress core is safe and protected from hackers through regular security fixes, many WordPress users install third-party plugins and themes. And then they don’t update it. The 2017 industry statistics reported a total of 3321 vulnerabilities for WordPress plugins and themes.
To protect your websites from these vulnerabilities you can opt for any of WordPress security services in the market. But many of them do not provide the best results and have major drawbacks – including slower website performance, false positives, and steep pricing.
This was the stage when I decided to evaluate the MalCare security plugin, which was suggested by a business associate. Here is my evaluation.
Designed as a one-stop solution for your WordPress security needs, the MalCare security service was designed and built by the same team that made BlogVault, a very popular WordPress backup plugin that has been used by over 200,000 websites. After spending many years in the WordPress industry, BlogVault’s next plan was to come up with an efficient security plugin.
MalCare is a complete security solution that provides malware detection and cleaning along with preventing future security-related problems. To execute the tool, I did not need to have any technical expertise.
With a one-click button, MalCare performs the scanning and cleaning process in thoroughly but quickly without any manual intervention. Additionally, I did not have to share any of my credentials with the security personnel, neither did I have to bother about any false security alerts.
MalCare Installation and Configuration
Installing and configuring MalCare for my website was easy and quick (in under 5 minutes).
All that I had to do was the following:
- Click the MalCare dashboard link (sent to me on the registration E-mail by MalCare).
- Add my website URL by clicking either the “Add Site” button or the + button that appears on the top left corner of the dashboard page.
3. Enter my website credentials, then opt for either manual installation (by downloading the plugin zip file) or for automatic installation that directly installs the plugin without any more steps.
That’s it. This 3-step process completes the MalCare installation and configuration process.
The MalCare Dashboard
Easy to access, the MalCare dashboard features the following sections:
What I found particularly convenient is that MalCare automatically scans for any malware immediately on installation. On completion, the tool displays a score indicating the health of the website in the Overall Score section. This score is calculated by a security algorithm and ranges from A (highly secure) to D (vulnerable). The tool also indicates easy solutions on how I can improve the overall score.
MalCare Scanning Tool
Did you know that the MalCare Deep Scan technology has been created after analyzing more than 240,000 websites? It also uses over 100 intelligent signals to detect malware on your website.
The convenient part is that the MalCare scanner can be configured for “daily automatic scanning” or for “on-demand scanning.” To run the on-demand scanner, I just had to click the “Scan Now” button from the dashboard. Additionally, I could schedule malware scans according to my convenience.
On completing the scan, MalCare displays the total number of scanned files including the number of infected files on the dashboard.
Besides the one-click scanning process, MalCare offers a variety of technological benefits:
- The use of over 100 Artificial Intelligence or AI-based signals to detect new malware on any WordPress website.
- Advanced malware detection techniques that go beyond signature matching used by most of the other WordPress security plugins.
- Tracking of every file modification to ensure early and accurate malware detection.
- Deep Scan process is performed on MalCare’s dedicated web server and not on the client’s local web machine, thus avoiding any slowdown in its speed or performance.
- Thanks to accurate malware detection, MalCare does not send any false positives to the user and only reports the real threats to the WordPress website.
MalCare Cleaning Tool
MalCare provides an automated malware cleaner tool to be executed if the scanning procedure reports a hack. This is much quicker and more efficient than reaching out for the services of any security personnel.
On receiving a notification mail from MalCare about my hacked site, I just needed to log in to the dashboard and click the “Auto Clean” button to run a complete cleaning procedure that removed malware in a few minutes.
Additionally, MalCare also shows the list of infected files that were removed in the “Infected Files” section.
Besides the one-click convenience, this malware cleaning tool provides several benefits, including:
- Comprehensive malware removal, which ensures that the removed malware does not return through any backdoor or security loophole.
- No requirement of any technical expertise, meaning any novice user can execute this tool.
- Precision in malware removal, with the use of advanced technology to locate only those affected files leading to the malware, which is then removed without impacting other files.
About Website Hardening
Due to the growing number of security compromises, WordPress has recommended a few website hardening measures, which can be used to secure your website. With a few easy clicks, MalCare allows you to perform the following hardening measures from its dashboard:
- Block PHP Execution in Untrusted Folders: to prevent the execution of PHP files in folders where any new files are created. This can be used to prevent TimThumb and MailPoet type of attacks.
- Update prefix for databases
- Disables Files Editor: to prevent any hacker from modifying any website files.
- Block Plugin/Theme Installation, to block the installation of any new WP plugin or theme that may introduce additional vulnerabilities.
- Reset all Passwords
- Change Security Keys: which prevents hackers from gaining access to security keys stored in the database.
To configure website hardening, all I had to do was to select the respective measures from the tabs and specify the website details including FTP host, type, and credentials.
Testing the MalCare Firewall
Designed to protect your website from hack attacks, the WordPress firewall is automatically activated on installation and can be disabled from the dashboard.
MalCare also uses the following techniques to keep a check on the incoming traffic to your website:
- Auto IP Blocking
Did you know that MalCare scans over 100,000 websites to identify any bad IP addresses that can potentially damage your website? MalCare automatically blocks any requests from these IP addresses and prevents them from gaining access to your website.
- Login Protection
Hackers can deploy bots to gain access to your WordPress account through repeated login attempts. MalCare firewall restricts the number of failed login attempts and also displays the CAPTCHA panel to filter out the harmful bots and prevent brute force attacks.
Managing the website and users
From the MalCare dashboard, you can manage your installed plugins, themes, and even your WordPress core files through a user-friendly interface.
Additionally, you can add or remove users using the User Management feature, along with assigning and changing user roles.
MalCare Backup Features
Thanks to their BlogVault backup expertise, MalCare provides a convenient range of backup features that lets you recover your valuable data in the event of a website crash.
Price & Support
To complete the review, I decided to also check the tool pricing and the quality of their customer support.
MalCare is available in both a free and a paid version. While the free version provides scanning and firewall features, the paid is economically priced at $ 8.25 for a month.
I also sent a couple of tool-related queries to their customer support team. Thanks to their 24-hour turnaround policy, they responded to my queries and provided adequate responses to my security and product-related concerns.
Based on my initial evaluation and overall experience of using this tool for the last six months, I can safely recommend this tool to any WordPress website owner as a comprehensive security tool. Along with its complete ease of use, functionality, and features such as the use of artificial intelligence and the use of MalCare’s dedicated servers for scanning operation are some of the positive points for me.
The only possible drawback of this tool is the absence of the 2-factor authentication (which is in the development as per their Support staff).
Want to try MalCare? Click Here Now!