Do you know that WordPress (WP) powers around 30% of all global websites?
This makes it the preferred choice when it comes to building and securing websites.
Being such a popular website building platform also makes it the preferred target for hackers all across the globe.
Here is a question –
How many WordPress websites are getting hacked each minute across the globe?
1,000, 2,000, or 10,000?
Not even close; it is 90,978 websites!
Most of us don’t worry about the security aspect of our websites until we are hacked.
That’s exactly what happened to me.
Only after several of my WP-hosted sites were hacked did I start evaluating WordPress security plugins that would work for my website’s security.
In this process, I decided to give a shot to the MalCare security solution and here is what I found:
About the MalCare Security Plugin
MalCare plugin has been developed by the same team behind BlogVault, the popular WordPress backup plugin.
MalCare was inspired by an idea of creating a security plugin that cleans a hacked WordPress website and also protects it from future hacking attempts.
Truly multi-dimensional, isn’t it?
Well, it took the team over 2 ½ years to develop this plugin!
The best part of MalCare?
Thanks to its automatic one-click malware cleaning utility, you don’t even need to be technically skilled to scan your website using this tool.
To give you a proper assessment of the plugin’s capabilities, I decided to test out the following aspects of this security tool:
- Installing and configuring MalCare
- MalCare Dashboard
- MalCare Scanning Feature
- MalCare Malware Cleaning
- Website Hardening
- Website Management
- MalCare Support and Pricing
- Exclusive MalCare Deal
And this is what I found:
Installation and Configuration
For a novice like me, installing and configuring the MalCare plugin needs to be smooth and fast, and that is exactly what I was able to achieve (in less than 5 minutes). To do so:
1. Click the Add a site to specify the name of your website.
2. Next, opt to install your plugin through the “Auto” mode. Enter your site credentials and wait for the plugin to install.
That’s it, you are done and all set to start!
MalCare starts the automatic scanning of your specified website immediately after the installation.
Isn’t that convenient?
I thought so too.
Furthermore, the MalCare dashboard is neatly arranged with different sections such as Security, Management, Backup, and Staging, along with quick links to perform these actions.
You can immediately see the overall score indicating the health of your website, along with the number of scanned and infected files.
MalCare also ranks the overall security grading of your website from D to A, where D is the worst score and A is for the best defence against security attacks.
It also suggests steps that you can follow to improve the security grading of your website.
Next, I decided to test out the MalCare scanner, which reportedly has been built after a complete analysis of over 240,000 websites and over 2 ½ years. It also claims to detect new and unknown malware.
For this, I decided to run the MalCare scanner on a hacked website. Following were the steps that I had to complete to configure the MalCare scanner:
1. For daily automatic scans of the site, select the timing when the automatic scanning must be performed.
2. For manual scanning, select the website and click Scan Now.
MalCare performs the scanning by syncing your website to its servers and tracking any changes in the core files. All of this takes a minute to complete!
Additionally, MalCare successfully detected the hack in the infected website and notified me through e-mail and on the MalCare dashboard.
How is MalCare able to achieve this? Here is a bit of technical insight:
- Use of over 100+ intelligent signals that are actively looking for malware code in over 240,000 websites.
- MalCare uses malware detection methods beyond signature matching and other regular methods.
- Running the MalCare scanner did not impact my website speed and performance during either automatic or on-demand scans. This is achieved by avoiding overloading of the website server during the scanning and performing the major operations in its MalCare web server.
- MalCare ensures that you are alerted to only genuine threats because of the way it was built.
Following its scanning capabilities, I decided to check out the malware cleaning capabilities of the tool. MalCare can complete the cleaning process efficiently, all thanks to its one-click cleaning option. Here is all that I had to do to get my hacked website clean and running once again:
1. Once MalCare notified me about my site hacking, I logged in to the MalCare dashboard and navigated to the Scanner section.
2. Next, click the Auto Clean button.
That’s the entire malware cleaning process, isn’t that great? MalCare tool removed the detected malware within a few minutes and displayed the following message.
You can also see the list of all the hacked files that were cleaned in the “Infected Files” section of the dashboard.
Here is what I liked the best about the MalCare cleaning tool:
- No requirement of technical knowledge or security specialists to clean up my website. I could do it all by myself, all thanks to the one-click cleaning feature.
- Complete removal of the detected malware and backdoors, which creates problems in the future through repeated hacks. My website has not encountered any further issues after running this MalCare cleaner.
- Precision cleaning, meaning MalCare only cleans the affected files in the hacked part of the website without impacting other data nor the speed or performance of the rest of the site.
Along with the malware scanning and cleaning abilities, security plugins need to comply with the best security practices as recommended by WordPress. MalCare attains this, through the following features, namely:
- Blocking of PHP execution in untrusted files and folders
- Changing of the database prefix
- Disabling of the file editor
- Blocking of all WordPress plugin and theme installation
• Very advanced
- Changing all security keys
- Password reset
MalCare support each of the following website hardening measures:
• Changing of security keys
Security keys can be compromised when the hacker gains unauthorised access to the WordPress database. MalCare enables the changing of the security keys in the wpconfig.php file.
• Protection of the upload folders
The MalCare tool prevents the execution of vulnerable PHP code from the upload folders.
• Disabling of the file editor
MalCare tool protects the backend files of your website by disabling user access to these backend files.
• Blocking of all WordPress plugins and themes
In most cases, hackers use backdoors in rogue WP plugins and themes to gain repeated access to your website even after a complete cleaning process.
MalCare reduces this security risk by preventing installation of WP plugins and themes.
MalCare dashboard allowed to set up my security fixes for hardening in just a few easy clicks.
No WordPress security plugin is complete without the Web Application Firewall (or WAF) security measure to secure your website from external attacks.
This feature is automatically enabled when I configured my site with MalCare.
However, you can disable the firewall easily by clicking the Disable button.
Firewalls scan and filter incoming web traffic to the target website using the following methods:
This is only for blocking of requests from bad IP addresses that can potentially cause damage to the site that they visit. MalCare prevents request made from any of these identified bad IP addresses.
Most hackers and malware try to gain illegal access to your login landing page by entering the login credentials of your WP admin user.
This is referred to as brute force attacks.
MalCare limits the number of the failed login attempts and displays the following CAPTCHA screen, which is unreadable by bots and other machines.
I also checked out the number of blocked or failed requests in my Firewalls section.
The great part is that I can click the Traffic requests to see more details of the web traffic that was accessing my site, including:
- Country of origin
- IP address
- Response, etc
MalCare also offers a range of website management features including:
- Updating of all outdated WP plugins and themes on multiple websites
- Removal of all unused WordPress plugins and themes
- User management features including managing user roles, password changes, and adding or deleting users
MalCare Support and Pricing
Finally, I decided to test the customer support of MalCare by sending them a few queries. They were quick to respond to me within 24 hours and had decent knowledge of security features.
Regarding the product pricing, MalCare has both a free and paid version. The free version offers malware scanning with firewall feature. The paid version is decently priced at $8.25 per month.
Exclusive MalCare Deal – 20% OFF
Want to secure your blog with MalCare? I have an exclusive MalCare Deal for you.
Click this link and get flat 20% OFF on all plans.
PS: This offer will get expire soon. Avail it as soon as possible.
MalCare offers good value for investing in your website security and is a definite must from my side.
I really like the powerful but lightweight scanner and my favorite feature is the one-click cleaner.
Another highlight is the new white labeling feature.
My clients don’t have to know that what tool I’m using.
While speaking to the support, I found out that the team is working on incorporating Two Factor Authentication soon.
In conclusion, I’d definitely recommend you to use MalCare.