Blog Thumbnail

MalCare Review – A Hassle-free WordPress Site Security Plugin

MalCare Review – A Hassle-free WordPress Site Security Plugin

WordPress powers around 30% of all the websites in the world. Its distinct features, compatibility, and scalability make it a top choice for obvious reasons. Unfortunately, its popularity and widespread use also make it a top choice for hackers. Every year thousands of WordPress sites get trespassed and compromised, and it happened to me too.
Having your website hacked is a very harrowing situation. My entire suite of sites got compromised recently, and it was quite a rude awakening. For someone who didn’t take security very seriously, I decided to spend more time researching the best possible options to prevent such nightmare scenarios in the future. My needs were simple, I require a security plugin that’s not too complicated to use and cleans as well as protects my site. MalCare seemed like a good option, and the user experience feedback from different forums convinced me to opt for this one.

About MalCare

Credit for MalCare would go to the people who built BlogVault, a brand I am familiar with because of their incredibly efficient backup plugin for WordPress. It was also one of the reasons I chose MalCare since the company is known for creating easy-to-use dashboards. BlogVault provides backup service to 200,000 sites across the world, a security product like MalCare from the same house seemed almost inevitable.

The MalCare plugin not just cleans hacked websites but also prevents WordPress websites from being hacked. They spent around three years to develop the product – a sign that they wanted to ensure all bases and scenarios were covered.

Malware detection and removal, prevention measures, white labeling and client reporting features are a good way to summarise the product. With zero false alerts, MalCare is also a very efficient product. We’ll dig into more details of each of these features, but first, let’s take a look at MalCare’s easy onboarding process.

How to Start Using MalCare

You don’t have to spend more than a few minutes to set upMalCare for your websites.

Step 1:Login into your MalCare account, click on Add Site and paste your website URL in the given space.


Step 2:Install MalCare plugin into your site automatically or manually. Furnish some basic credentials for the website.


Simple, Straightforward Dashboard

The dashboard is one of those that need just one glance for everything to fall into place. Well laid out sections and their functions are complemented with shortcuts on the left side of the screen. Security, Management, Reporting, Backup, and White-Labeling are the five main sections of the MalCare plugin dashboard.

Initial Scan

After you have installed the plugin, use it for an initial website scan. A score will be populated on your dashboard. This score indicates your website’s security health – A shows the best health and D suggests very low security.Ideally, I would not attend to anything other than an A. One cannot take chances.

The score is based on many parameters, including an internal algorithm developed by BlogVault. Recommendations on how to get the score up will show on the dashboard.



MalCare Scanner

BlogVault built the MalCare Scanner using data accrued from close to 250,000 websites over a period of 30 months. The AI component of MalCare created a system which can detect complex malware from the hidden or hard-to-get places. Here are some observations from my scanning session:

The MalCare Scanner does automatic daily scansYou can schedule itat a time that is convenient for you (I scheduled mine at 7 AM, so I can attend to issues before my sites see peak traffic). You can also execute ad-hoc scans, which I do all the time.

How to use MalCare Scanner:

  • I select the site I am concerned about, and then I click the Scan Nowbutton.

Scans don’t last longer than a minute usually. MalCare found the hack on my website quite easily and sent me notifications in an email too along with the dashboard message.



How Does the MalCare Scanner Work?

The MalCare scanning mechanism identifies anomalous changes in the website files to see if there was a trespass. Site tracking is incremental, and sites are synced to the MalCare servers.In tandem with the core scanning, the plugin’s AI throws in multiple signals to search the website for hidden malware.The two-pronged strategy weeds out even the most stubborn and camouflaged malware.

MalCare is entirely different from regular malware scanning products as it investigates and looks for malware string in every line of code. The plugin monitors for abnormal and uncharacteristic signs on the website, like a radar.

Strategic, Light Plugin

Sometimes the security check itself can add to the nightmare of getting hacked. An entire website can become slow, and this has its repercussions. Luckily, BlogVault addressed this concern by ensuring thatthe scanner runs on its servers. There is no strain on your site servers, and it is business as usual.

Also, with MalCare I have not encountered any false positivesso far. These can unnecessarily eat into your productive time. The plugin’s efficiency in this department has impressed me much.

MalCare Cleaner

Once MalCare has identified malware, it’s cleanup time! This is the part most users will love. All you need isjust one click to clean up your website. When MalCare identified the hacks for me, I chose the Auto Clean routine. When it is done, MalCare sends an update (via mail and dashboard notification).

There is an option to investigate the Infected Files in the Scanner section of the panel. I clicked on it to confirm that the malware had been removed.

ALSO READ: WordPress in 2017: Gazing Through the Crystal Ball


MalCare is a hassle-free product because it keeps descriptions and its actions simple. I do not need to have any technical knowledge. There have been cases early on when I started using WordPress plugins where I needed to reach out to a security expert to solve problems.



In my experience, MalCare is an excellent preventive security product. So far, my site has not been hacked again, which had happened quite often before I started using this plugin. The clean up process is efficient and non-infected website files are left alone.

MalCare Website Hardening

MalCare is tailor-made for the website hardening best practices recommended by none other that WordPress. These features are divided into a three-part set-up.

Essentials whose features include:

  • Change Database Prefix
  • Block PHP Execution in Untrusted Folders
  • Disable Files Editor

The Advanced website hardening section includes Block Plugin/Theme Installation feature.

And with the Paranoid mode, you can reset all your passwords and replace the old security keys.


Security Features


Security Keys – Many unscrupulous hackers access security keys by digging into the live website files. Use the MalCare plugin to create robust security keys. Store these keys in a wpconfig.php file.

Protect Upload Folders – You may have heard about the MailPoet plugin hack which affected thousands of websites in 2014. It was executed using PHP files in the infected website’s ‘uploads folders’. MalCare prevents this from happening by protecting the vulnerable points – the upload folders.

Disallow Plugin Installation – Use MalCare’s exclusive feature to disallow the installation of themes and plugins. They can be used to infiltrate sites.

Disable File Editor – When you disable the file editor using MalCare, it prevents access to the site backend files.

The Security Fixes section on the MalCare dashboard is very simple to use. MalCare’s one-click execution means you do not have to negotiate any technical stuff. This cements the fact that with MalCare, you don’t need to be an expert to protect your domains fully.

MalCare Firewall

MalCare’s powerful firewall switched on automatically as soon as I started using the plugin. There is a Disable option for those who do not want it. The website firewall filters the traffic very well and includes Login Protection and IP Blocking features.

IP Blocking – MalCare scans the web for bad traffic and prevents those traffic from accessing your site.



Login Protection– The Login protection is a very useful measure against brute force attacks. When MalCare identifies repeated failed login attempts, it enables CAPTCHA protection, which cannot be read by bots.


If you want to view details of the traffic requests blocked or the unsuccessful login attempts made on your website, simply click on the buttons Blocked IPs or View Details. You can also scan through your traffic for data like the country of origin and browser details.


Website & User Management


Since I have multiple websites, I am always looking for a single interface solution, rather than bouncing from one site to another to perform simple management tasks. MalCare does just that. Its Website and User management features consolidate my multiple-site management duties on one single dashboard.Some of the functions I can perform quickly include role and password changes, theme-related updates and changes, plugin updates, plugin removals and permission updates.


A Product with Great Support


While using MalCare, I had a few questions regarding the product. The support team responded to my email in less than a day and resolved my query. This minor experience was very encouraging as it shows that MalCare is backing up their product with a good support setup.

Fair Pricing

At $8.25 a month, the MalCare price seems pretty justified for all the convenience it brings to a website owner. In fact, they have a free version too which allows users access to the scanner and the firewall. For cleanups and site management, you’ll have to buy a premium plan.

Summing It Up

MalCare is the type of security product that you will stick with. It promises continuous adaptation because of its AI-based research and BlogVault seem to understand the nuances of website security quite well. It helps that the dashboard is very easy to understand while also featuring so many useful features. The Scanner is surgical in its effectiveness and does not hinder website performance. The Cleaner is easy to use and require absolutely zero technical knowledge to use.

The verdict is out. MalCare is an excellent website security recommendation.

Additionally, I enjoyed the plugin’s White-Labelling feature as it allows me to use my brand and keep my website theme immaculate. And the Client Reporting is ideal for people who manage other people’s websites. For a security product with so many features, 2FA security will be a great addition, and apparently, MalCare is working on introducing this soon.

If you liked what you read from the observations above, then

Try MalCareright now.

learn more:

Tag: , , , , ,
Category: wordpress plugin
Author Pic

About Nimesh Patel

I am a Product Marketer and Growth hacker with expertise in the areas of Digital marketing; Search engine optimization (SEO), Email Marketing, Paid Campaigns on Facebook and Twitter, Content development strategies, Competitive Research & Analysis. Nimesh is Product Manager at