Security & Firewall – MalCare Security

Description

Instant WordPress Malware Removal at 25% of the Industry Cost. Detects Complex Malware Others Plugins Frequently Miss

Check out more MalCare customer testimonials from here.

With it’s smart “Cloud Scan”, MalCare’s malware scanner will never impact your website performance nor overload your server. Ever.

Clean your malware in less than 60 seconds. Our safe malware removal technology ensures that your website never breaks.

MalCare comes with an inbuilt smart and powerful Firewall for real-time protection from Hackers and bots.

It is the simplest WordPress Security plugin that doesn’t need any technical knowledge. You can get set and ready in just 50 secs.

The brands you trust, trust MalCare to keep them safe. MalCare is trusted by Intel, Dolby True HD, CodeinWP, Site Care, WP Curve, Valet, among others.

It is a perfect security solution for developer and agencies as it comes with all the tools you need to manage multiple websites from Website Management, White Label Solution, and Custom & Scheduled Reporting.

Learn more about MalCare from here.

MalCare in Numbers

  • 200,000+ Sites Scanned and counting
  • 250,000+ Successful Malware Removals
  • 330GB Largest site Scanned
  • 10,000+ Web hosts Compatibility
  • Five Star Support

Benefits of Using MalCare as Your Go-to Security Solution

1. Scanner That NEVER Slows Down Your Website

  • No Server Overload. Ever.
  • Scan website for vulnerabilities
  • Consistent Scanning Practices
  • Early Malware Detection

2. Fix a Hacked Website in less than 60 Seconds

  • Fully Automated Malware Removal
  • Unlimited Cleanups at No Additional Cost
  • Cleans Complex Unknown Malware
  • Support Always on Your Side

3. Real-time Protection from our Smart Firewall

  • CAPTCHA-based Login Protection
  • IP Blocking on a Global Level

4. Inbuilt WordPress Website Hardening

  • Disable File Editor
  • Protect Uploads Folder
  • Change Security Keys
  • Disallow Plugins

5. Single, Site Management Dashboard

  • Perform WordPress Core, Theme, Plugin Updates
  • Invite Team Members for Efficient Collaboration
  • Exclusive White-label Solution to Grow Revenues
  • Beautiful and Comprehensive Client Reporting

6. MalCare is a “Service,” Not just a Security Plugin

  • Always Improving & Adding Features Unlike Plugins
  • Our Support Has Your Back, Always
  • Independent Dashboard Offers 24X7 Access to Backups

Why Choose MalCare Security Services?

  • Set up & Running in Just 60 Secs – Get started in no time. Log in. Auto-Install. And that’s it!
  • Unlimited Scan and Cleanup – With MalCare Security Service, clean-up is automatic and at the click of a button, with no downtime.
  • Detects Malware Missed by Other Plugins – Our proprietary algorithm identifies even the most complex malware and security hacks, without any false-positives.
  • No Technical Knowledge Needed – Automated workflows that ensure everything you need is only a click away.
  • Personal Support for Everyone – Agile & Responsive Customer Support that caters to Everyone.

Difference Between Free & Paid MalCare Security Service?

MalCare Security Service has a free version and a premium version. We’ll scan your site with our Scanner and protect your website with our Firewall in the free MalCare version.

The paid version includes Cleaning a Hacked Site, Website Hardening, Website Management, White-Labeling, Client Reporting, and taking Regular Backups. Kindly take a look at our security feature pages for more details.

To learn more, please take a look at MalCare free vs premium page.

Screenshots

  • MalCare combines an inbuilt WordPress firewall with Captcha based login protection to defend your site against bots, hackers, and malicious traffic.
  • MalCare’s Early Detection Technology uses 100+ intelligent signals to detect even the most complex malware that other WordPress security plugins cannot detect.
  • No more waiting for days or hours to clean your website. Clean your website of malicious code with surgical precision in One-Click.
  • Manage multiple WordPress sites from one dashboard.
  • Based on an internal algorithm, the Score and Report indicates that health of the security of your website along with what steps you should be taking to score better.
  • Check the Performance Speed of your website from the BlogVault dashboard.
  • With Uptime Monitoring you get notified the moment your website is shut down.
  • With BlogVault's White-Label Solution you can showcase our service under your own brilliant brand.

FAQ

Can I Setup my MalCare account myself?

Yes. Take the help of this step-by-step guide.

I am unable to reach the security plugin. What can I do?

You can send an email to the support team on support@malcare.com and notify our team regarding this.

Do you have a free version? How does it work?

MalCare Security Service has a free version and a premium version. We’ll scan and protect your website with a Firewall in the free MalCare version. You can download the security plugin from the WordPress repository.

The paid version includes Cleaning a Hacked Site, Website Hardening, Website Management, White-Labeling, Client Reporting, and taking Regular Backups. Kindly take a look at our security feature pages for more details.

To learn more, please take a look at MalCare free vs premium page.

How do I upgrade from free to a premium account?

To upgrade from free trial version to a premium account, please take the help of this guide.

How do I upgrade to a bigger Plan?

To upgrade to a bigger Plan, take the help of this guide.

Do I need to pay for support and help?

Never! We will be with you for any queries at any time. Click here to get in touch with us!

How many times does MalCare auto-scan a website?

MalCare automatic security scans a website once every 24 hours.

How does MalCare detect complex malware?

MalCare Security Service scans all your website WordPress files beyond just signatures and evaluates it automatically using powerful technology with the collective knowledge of 240,000+ sites. It uses 100 + intelligent signals automatically for deep security scanning and combing through all the files. That is how it detects even the most complex and well-hidden malware on your site.

Does MalCare affect my site performance?

No, not at all. MalCare Security Service performs all the heavy lifting of scanning your entire site WordPress files on its own. It does not use your site resources. MalCare Security Service runs its security operations on MalCare servers, thereby ensuring zero loads from its side on your website.

How does the unlimited cleanup policy work?

A situation may occur where your site is being repeatedly infected. In such events, there is no limit to the number of times you can clean up a hacked website.

But if the situation persists, then cleaning up the site, again and again, will not solve the problem. In such cases, you can contact us, and we will help improve your security posture. We’d ask you to take proactive measures based on the recommendation of the Support team. We reserve the right to refuse service until appropriate actions are taken from your end. In cases like this, we also reserve the right to deny refund or cancellation of the MalCare Security account.

What do I need to clean my website?

In order to begin the cleanup process, we need access to your server and its associated files. (Don’t worry, this will not compromise your site’s security).

We get this access in the form of FTP, SFTP, or SSH access to your server. FTP stands for File Transfer Protocol, sFTP for Secure File Transfer Protocol, and SSH for Secure Shell. These are connection protocol mechanisms that allow us to log into servers to edit/add/remove files. These connection protocols allow us to log into your websites, specifically the server, and perform the remediation process. If you for some reason are unfamiliar with these protocols, don’t worry, our team of security analysts are prepared to assist you in the process. To do so, you’ll need to be willing to share access information to your hosting account.

We covered how to clean a website here. Here’s a guide on how to find FTP credentials and another guide on how to locate a folder where WordPress is installed.

How long does it take to clean a site?

It really depends on the size of the website. In average, cleaning up with MalCare Security usually takes 5-10 mins.

How does the Login Protection work?

MalCare’s Login Protection feature prevents bots from entering your website stealing your data, spamming and other malicious activities that threaten the security of your site.

How does the Site Hardening work?

WordPress has recommended few extra security measures which will harden the security of your website. We have incorporated those recommendations in our Site Hardening feature. Kindly have a look at our guide on how to implement Site Hardening.

How does the Firewall work?

MalCare Security Service was created after analyzing over 240,000 sites from scratch. The Firewall constantly monitors traffic from all places and automatically blocks IP’s that seem malicious in nature. As such, it is automatically enabled and needs minimal overseeing.

MalCare Firewall Security ensures that attacks on your site by even bots are mitigated, without affecting your WordPress site. It monitors bots across a global level without ever overloading your server.

Can I update WordPress core, plugins and themes directly?

Yes. Updating WordPress add-ons tightens the security of your website. Take a look at this Manage Site help doc to learn how to update WordPress add-ons.

Can I manage my site users and their password directly?

Yes. With MalCare managing WordPress, users have become easier. Take the help of this Manage Site help doc. Remember to delete the passive user account and encourage users to use a strong password for better security.

Can I add Clients and Team Members on my account?

Yes, you can.
Our client feature is for your reference alone. You can assign a client to their site. If you want to give a user, the dashboard access, please add them as your team members under the team section. Please see How do I add clients and team members? For the sake of security, give dashboard access to only people you can trust.

Will MalCare Security work if my site is down?

We understand the pains of a website going down. If a site goes down after you have added the website and installed the security plugin from the dashboard, MalCare will clean up your site.
But if you add a website that was down beforehand, i.e. before adding the security plugin, then MalCare Security Service won’t work.

What information does MalCare Security Service store?

We only store data related to your site structure such as plugins/themes with their respective versions. This helps us identify vulnerabilities that may be present on the site. We track the IPs of visitors to your site, to identify malicious actors who might attack your site.

What makes MalCare Security Service better than other security plugins?

MalCare Security Service was developed after analyzing 240,000+ websites.
* It uses 100+ internal signals to Scan and identifies the most complex malware.
* It pinpoints the malware’s exact location on your site. It does remote security scanning, to ensure there are Zero loads on your server.
* MalCare comes with an industry first One-Click Malware removal service that eliminates any malware in a jiffy.
* We alert you only when there is a legitimate malicious discovery rather than ‘possible hacks’.

We feel these features set us apart from most other WordPress security plugins. For further information take a look at how MalCare Security Service stands when compared with Top Security Plugins.

I already have a backup solution. Something happens to my site, I can simply restore. Why do I need a security plugin?

Backups play a very important role in WordPress security, but it has some limitations. We have noticed that in many cases, it is weeks before a site owner realizes that his/her website has been hacked.

During this period multiple backups will be taken, and there will be a high chance that the files that contain the hack or the Malware are also backed up.

In such a case restoring from backup is not sufficient as it will not clean your website. Here is where a Malware solution like MalCare Security Service comes in. It does regular automated security scans of your website and notifies you if there is any sort of Malicious content on your website.

Isn’t WordPress secure enough?

WordPress core is safe, but the CMS does not work in isolation. Security plugins and themes are part of its ecosystem. Several studies on hacked sites show that plugins and themes are responsible for a majority of such compromise. MalCare Security Service is an easy and effective way of securing websites and keeping them safe from hack attempts. Look at this full feature list.

Why will an SSL certificate not suffice?

An SSL certificate is used only to encrypt a connection between the browser and server to safely transmit sensitive information. However, MalCare Security Service goes beyond and actually protects the database where this information is stored, scans your website files using 100+ intelligent signals automatically, and applications protect from data breaches and spreading of viruses/malware. These functionalities are not provided by an SSL certificate.

How is MalCare Security Service the best for agencies or developers?

We’re the best because of three features:
* We have developer-friendly plans that are easy on the wallet. If you’re a developer or an agency that hosts about 10 websites, the chances are that enterprise-level security packages would be too expensive for you. If you’ve got anything more than seven sites, take a look at our unlimited plans.
* Our auto-clean feature makes sure that you can scan, and clean your sites by yourself, so you don’t waste precious time.
* MalCare’s regular security scans alert you whenever it identifies hacks, so your sites are always secure.

How does MalCare Security handle WordPress Multisite installs?

We completely understand the concern and complexities surrounding WordPress Multisite installs. We treat each WordPress install as a license. It means that if you have a network of websites on a single WordPress installation, we treat that as a single license.

Will MalCare Security Service slow down my website?

MalCare runs on its own servers. We take great care to ensure that we do not add load to your site. We do all the hard work of security scanning, cleaning and protecting, on our servers and this is our USP.

Where are my FTP details processed?

FTP details input into MalCare is processed on our servers. We need your FTP credentials to access your website’s files and folders. We feel that FTP transfer is the safest way to transfer data to and from a site. However, they are treated like payment details (i.e. they’re not stored on our servers). Once we’ve processed them, they’re deleted from our servers.

Reviews

January 9, 2020
The firewall and offsite scanning are pretty good in the FREE version. Honestly it spotted an injection my other tools (before today) had not. But when they find an issue, they won't even tell you what file it is, without upgrading to their minimum continuity, currently at $99 per year for ONE site. So I had to install WordFence to find the offending pastebin injection. Which IMHO is crazy! I try to avoid wordfence if I can, because I find it quite a resource hog. If you only run one site, then perhaps the subscription is worth it? But I run over 100 wordpress sites, so any cost soon adds up and is quite painful. But there are endless unpaid and GPL options for WAF firewalls, file scanners and so on. Some of them are really great! When all you really get is a WAF and a scanner which "alerts" (but not even to which file) I have to question why anyone would bother with this? IMHO it's just a tease to the paid subscription. Honestly I'd have thought they'd get enough business from their premium cleanup service and people who then see the value in being more protected with a subscription. Not forcing people to pay to find out what file they might have found - which could be a false positive. Ouch! I've since found my own 2 best free options and I'll be un-installing malcare on every site I own. Plus they send a LOT of emails trying to cajole you, until you unsubscribe. Nothing much in life any good is free and the urban word for that is "malcare" as in bad customer care disguised as on-boarding and tips. CAVEAT EMPTOR: The product is probably fine, but this is mainly marketing buy bait. So the point of this is just be aware, that all you'll get is a VAGUE ALERT and lots of hammering to go premium. Shame.
January 8, 2020
No use for real cleaning or improving security of your sites. You can't even see what's wrong with the site.
January 3, 2020
Don't even bother yourself, it will say that your site is infected and will not show you anything no files nothing just so you can pay for the upgrade. And i'm sure as soon as you upgrade it will say your site now is safe and still will not show you where the infected files are. Don't waste your time
January 2, 2020
This isn't a simple plug-in. All review who told you "my account got suspended" are some "free" account, you must pay between 3 pricing to get the real deal, it's not really expensive since it protect you from malware and others hack. It's simply the best protective plug-in and service you can get on wordpress! =) I get some hack due to WordPress Fails and this service scan my website and found 29 bad malwares, my website got some redirected issues and the customer service fix it for me, now my website is totally operationnal and 100% working! Customer support interact with my request within 6 hours and solved it. Thank to Nigel ! 😀 I can only recommend! 5/5 stars !!
December 13, 2019
I use MalCare on several sites for automated backups and security. Recently, I was notified by MalCare about malware found on multiple sites. Upon running the cleanup process, the detected malware was successfully removed. Not only that, but the founder and his team immediately got to work to detect the vulnerability that caused the malware to land on my sites in the first place. Turned out it was due to a plugin that had a security vulnerability. They then promptly notified the developer of that plugin and worked with their team to get it patched, and an update was released by the developer within hours to close the loophole. All-in-all, great job by the plugin for detecting the malware and by the team to help address the root cause for malware landing on the sites, but when it comes to removing the malware from the site, while the process did work successfully, there was one serious shortcoming in the way it worked: it required manual initiation of the cleanup process by me for every site individually. The reason for that appears to be the way MalCare is built - it works on read-only access mode by default, and can't make any modifications to the site without your manual initiation of the process, in which you provide FTP/SFTP/FTPS credentials to start the cleanup. As someone who understands cybersecurity best practices, I'm sure this is by design in order to prevent MalCare from modifying anything on the site without explicit initiation by the site owner, but for a malware cleanup service, it's extremely important that cleanup happens immediately upon detection, and automatically, since the owner might not be immediately available to initiate the process manually, or they might have too many sites to be able to initiate it for all of them at the same time, in case the same malware is detected on multiple sites. And in the meantime, even though malware was detected and MalCare had the capability to remove it, hackers could have a field day exploiting the malware till the site owner manually initiates the removal process for all sites. Due to this, I'm deducting one star from what would have otherwise been a five star review. And I feel bad doing it because the team is so responsive and proactive in helping their customers, not to mention very talented at what they do. I hope fully automated malware removal is available soon, so that I could update this review with the full five stars.
Read all 63 reviews

Contributors & Developers

“Security & Firewall – MalCare Security” is open source software. The following people have contributed to this plugin.

Contributors

Changelog

3.6

  • WPCli to server request path updated
  • Authentication header added in wpcli request param

3.5

  • Firewall in prepend mode
  • Robust Firewall and Login protection

3.4

  • Plugin branding fixes

3.2

  • Updating account authentication struture

3.1

  • Adding params validation
  • Adding support for custom user tables

2.1

  • Restructuring classes

1.91

  • Request profling and logging

1.89

*Firewall improvements

1.88

  • Callback improvements
  • Adding delete transient callback

1.87

  • Checking Whitelisted IP’s first

1.86

  • Updating tested upto 5.1

1.84

  • Disable form on submit

1.83

  • Setting blocked page to be non-cacheable

1.82

  • Updating tested upto 5.0

1.81

  • Adding Geoblocking functionality

1.77

  • Adding function_exists for getmyuid and get_current_user functions

1.76

  • Removing create_funtion for PHP 7.2 compatibility

1.73

  • Ability to show captcha for all login blocked

1.72

  • Adding Misc Callback

1.71

  • Adding logout functionality in the plugin

1.69

  • Adding support for chunked base64 encoding

1.68

  • Updating upload rows

1.66

  • Updating TOS and privacy policies

1.64

  • Bug fixes for lp and fw

1.62

  • SSL support in plugin for API calls
  • Adding support for plugin branding

1.51

  • First Release