WordPress has made creating a website easier than ever. Not many would look beyond this platform, and I fall into this category.
But because WordPress is so popular, it tends to attract the attention of hackers more than any other CMS. A recent malware attack on my website made me realize that I needed to find a good security plugin.
A compromised website can lead to desperate times. Getting blacklisted on Google is the last thing I needed, so my WordPress security plugin had to really deliver.
I spent a lot of time on research and reading customer reviews of several popular security solutions. MalCare was a product that was mentioned many times in a number of places, and I decided to use it to fix my compromised websites.
One of the reasons MalCare attracted me was that all who reviewed it were impressed by its simple-to-use nature. This along and its advanced backend technology convinced me to try out the security solution.
MalCare is created by the same team who built BlogVault, a company that most of us website owners will recognize for their very popular backup plugin product.
The company has provided backup services for more than 200,000 websites, and I had confidence that a security product from them would be nothing short of excellent.
MalCare plugin is designed to clean up compromised sites, and it also includes many preventive measures.
Team BlogVault had spent over two years to develop MalCare, a sign that they took all the time necessary to ensure a multi-featured security solution that’ll protect a WordPress site from all sorts of threats. I tested some of MalCare’s core features and those are:
- Installation and Setup
- MalCare Dashboard
- MalCare Scanner
- MalCare Cleaner
- MalCare Firewall
- Website Hardening
- Website Management
- Secure Backups
Setting Up MalCare
Setting up MalCare for my websites took just a few minutes.
Step 1: First off, you need to log into the dashboard and then select Add Site button. Next, insert your website URL.
Step 2: Now you will need to install the plugin by filling in the required website credentials.
The MalCare dashboard is where I can view and use all its features. It is designed very well as all the essential sections are visible on one single screen along with their subsections.
To make things even faster, there are popular shortcuts on the left of the dashboard. The main sections of the MalCare plugin are Security, Backup, Management, Reporting, and White-Labeling.
I executed the initial scan as soon as I installed the MalCare plugin. A website rating is populated on the dashboard after this initial scan. This rating indicates the website security health and is based on multiple parameters and best practices, which includes an exclusive algorithm that MalCare employs.
The A to D scale represents best to worst security health. I like this feature – it sums up the level of threats your site has in a manner that everyone can understand. As a best practice, I always attend to the issue if my scans report a B or lower.
I have a better understanding of MalCare after learning how it was built. MalCare uses real security data collected from almost 250,000 websites for close to 3 years to build this product.
MalCare’s inbuilt AI is able to identify even the most complex of malware by noticing the smallest of changes in the files.
MalCare’s scanner allows automatic daily scans which can be scheduled at any time of the day. I use this feature, but the on-demand scans also allow me to check for malware whenever I want.
Step 1: I logged into the MalCare dashboard and selected my hacked site.
Step 2: Then I navigated to the Security section and clicked on the Scan Now button that comes under Scanner.
It barely took a minute to scan the entire WordPress site. It correctly identified that my site has been hacked and promptly notified me via email. A pop up also appeared on the dashboard saying my site has been hacked.
MalCare’s Scanning Process
MalCare’s scanning technology is very comprehensive. The AI-powered scanner searches for any anomaly in the website, so even the faintest of changes are detected. MalCare’s site tracking is incremental, and all the information is synced to the MalCare servers.
Along with this scanning mechanism, the MalCare AI also sends scores of signals across the website looking for any hidden malware strings. Working on multiple fronts it takes note of even the most complex and hard-to-find malware.
Lightweight and Effective Security
Website owners/managers will know the pain of using a security solution that slows everything else down. Luckily MalCare spared me of that problem with its efficient processes.
MalCare addressed the possibility of a website slowdown by running the scan on its servers, so the site servers do not have to take in any extra load.
No False Positives
One more thing, I’ve had no false positives so far. Unsanctioned alerts can throw a website owner into a panicky fit. Makers of MalCare seem to understand this problem and has worked on keeping false positives low.
After identifying malware, it’s time to clean the site. MalCare does that with sweet efficiency.
Step 1: Select the hacked website and then navigate to the Security section.
Step 2: There you should be able to see an Auto Clean button. Select it.
The auto clean routine is very simple. You do not need to have any technical knowledge. When the malware has been removed, you get a mail update and a notification on the dashboard itself. You can get more information about the files that were infected by clicking on Infected Files.
Because MalCare is a product with such a user-friendly interface, I have never had to reach out to security experts to figure out a function or feature, as has been the case with a few other security plugins I tested.
This saves me a lot of time. The one-click cleaner certainly needs no explanation.
MalCare has good preventive measures. In fact, it has the features that good security plugins should possess.
Particular malware tends to rear its ugly head even after being removed but with MalCare my websites have not seen any re-hack.
I also like the precision with which MalCare operates where non-infected website files not disturbed during the cleanup process.
MalCare has features that will help your sites follow website hardening best practices recommended by WordPress.
This features can be divided into three parts.
Essentials, it enables you to change database prefix, block PHP execution in untrusted folders, and disable files editor.
Advanced website hardening includes blocking plugin/theme Installation.
And, finally, the Paranoid mode allows you to change your passwords and security keys.
Here’s what the site hardening feature actually does:
Changing Security Keys – A favorite route for hackers is to access security keys by infiltrating live site files. MalCare can help you create powerful security keys which can be stored in a wpconfig.php file.
Protect Upload Folders – Upload folders can be a very vulnerable spot and needs protection. Malware that compromises PHP files in the ‘uploads folders’ has been known to cause havoc in the past. MalCare addresses this possible scenario by protecting the upload folders.
Disallow Plugin Installation – It helps restrict installation of themes and plugins, which can be used by hackers to infiltrate the site after it has been cleaned.
Disable File Editor – Hackers can also gain access to the site’s backend files and this particular feature prevents that from happening.
I like the security measures that MalCare offers because of the sheer simplicity in executing a function. A few clicks are all it takes and there is no need to have any technical knowledge to execute these measures. I can protect my websites without having to reach out an expert.
MalCare has a firewall that is enabled as soon as you start the plugin. You do have an option to disable it if you wish. The firewall is a pretty good security filter and offers two functions – Login Protection and IP Blocking.
The IP Blocking feature blocks bad traffic while Login Protection shields from brute force attacks. Once MalCare has identified repeated failed attempts to on the login page, a CAPTCHA is enabled which is not readable by bots.
You can see information about the IPs that were blocked or allowed by clicking on the Blocked IP button. There you can also see which country they are from and what browsers are being used.
Those with multiple websites will understand the inconvenience of having to manage each site individually. Why can’t website security management be consolidated on one screen? That is what MalCare does – it has a single interface for all your sites. Using MalCare, I can change user roles, password even deletes some users.
I can also make updates or remove themes, plugin or WordPress core of my websites.
An Integrated Backup Service
MalCare also provides a backup service powered by BlogVault. You can rest assured that you will have access to your website backups. In a worst-case scenario, your site may get hacked and you lose certain files. But you will still have the safety net of a backup and all you’ll need to do is restore the backup to get your site up and running in no time.
I had a query or two and reached out to them. They promptly answered within 24 hours. They not just seemed knowledgeable but also seemed eager to share their knowledge about WordPress security with a customer.
Affordable Website Security
MalCare is available for $8.25 a month, a rather justifiable fee for such a hassle-free and easy to use service. MalCare has a free and a paid version. Users get to use the scanner and firewall features in the free version.
MalCare Ticks All the Boxes
I plan to stick to MalCare because it addressed my existing problems. The product has a dynamic nature owing to the AI-based research and mechanism.
After having talked to the Support, I have no doubt that the team knows all the ins and outs of website security. The dashboard is so detailed and straightforward – anyone can use it.
The Scanner is so powerful and fast so is the Cleaner. I like how neither of the features prevents my website from running smoothly.
I would recommend MalCare to anyone looking for reliable and smart website security.
The MalCare plugin’s White-Labeling feature is excellent for those who like to keep hidden the tools they are using to secure their clients’ website.
The detailed Client Reports helps assure clients whose website you are running. 2FA security is something that the MalCare team seems to be working on so that would make a WordPress site even more impregnable for malicious hackers.
Liked what you read?
Try out MalCare from here.
Also Read: Best Free SSL Certificate Sources