WordPress makes creating a website very easy which is why it powers close to 30% of all the sites in the world. This also means that it gets the most attention from hackers. WordPress sites are compromised in the thousands every year, and it can happen to anyone. Big or small, hackers today target all WordPress sites.

My websites was hacked recently (don’t worry, not this one), and that was the wake-up call that I needed. I did some research to find the top security plugins for my hacked site. While analysing and comparing multiple options and going through trusted reviews, MalCare was a name that popped up repeatedly, so I decided to give it a try.

What is MalCare?

MalCare is created by the team who built BlogVault, a name most are familiar with as WordPress backup plugin specialists. BlogVault provides a backup service to more than 200,000 sites, so a security product from them felt like a natural addition to an already impressive suite. MalCare is designed to clean up hacked websites as well as prevent sites from getting hacked. It took over two years to develop the plugin – an indicator that the BlogVault team left no stone unturned.

This multidimensional security product is focused on malware detection, removal, prevention and anti-hacking measures. MalCare gives zero false alerts, and it is really easy to use. The one-click malware cleaner is an efficient feature especially for people without any technical knowledge.

Setting MalCare Up

It does not take more than a few minutes to set up the MalCare plugin.

Step 1: Signup and login to the dashboard. You’ll be immediately asked to Add a Site.

Add site to MalCare

Step 2: Then, you need to install the plugin by filling in the necessary website credentials.

Add site to Malcare2

And that’s it. Now your website is being protected by MalCare security plugin.

A Well-Designed Dashboard

MalCare dashboard is well-designed and easy to use. There are different sections, with clearly distinct functions and shortcuts on the left. The various parts of the dashboard are Security, Management, Reporting, Backup, and White-Labeling.

After installing the plugin, it’ll scan your site. Following the scan, you’ll see the score of your website on the dashboard. The score indicates the security health of the site – A for the best and D suggests low security. These are based on an internal algorithm and multiple parameters. Based on the score, you will get recommendations to update your WordPress site.

MalCare DashboardMalCare Scanner

The MalCare Scanner was built using data from more than 240,000 websites over two and a half years. Its AI-based advanced technology can detect even unknown, hidden, and complex malware.

MalCare scans are automatic and daily. But there’s also on-demand scanning. If you want to scan your site, all you need to do is select the site you want to investigate and click Scan Now on the dashboard. The scan does not take more than a few minutes minute.

MalCare ScannerIn my case, MalCare found the hack successfully, and I received a notification on the panel and in an email too.

When I used MalCare scanner, I made a few observations.

Detailed Scanning

MalCare looks for anomalous changes in your site files for signs of intrusion. The sites are tracked incrementally and synced to the MalCare server. At the same time, the plugin AI sends in more than a hundred signals to scout a website for malware. This dual approach is instrumental in rooting out even the most hidden malware.

Regular malware checkers work by investigating every line of code to find the malware string. But MalCare isn’t just limited to only signature matching. The plugin monitors website abnormalities to identify malware.

A Light and Accurate Plugin

I have previously experienced instances where a security check slows down the website. One of the great features of MalCare is that it runs on its servers, so your website server resources are not strained during a scan, and website performance remains unaffected. My MalCare scans (both on-demand and automated) were smooth and did not reduce the efficiency of my website.

With MalCare I did not have to worry about chasing red herrings. False positives can consume a lot of time and create a chain reaction of unnecessary tasks. The plugin ensures minimal false positives and only genuine malware gets identified.

MalCare Cleaner

The most refreshing part about MalCare is that it takes one click to set things into motion. After receiving the email from MalCare about the hack, I opted for the Auto Clean feature. And while I sat back and sipped on my coffee, my site got cleaned. MalCare sends a complete task notification by mail and on the dashboard. You can even check the Infected Files section under Scanner to see for yourself if the malware has been removed successfully.

MalCare CleanerWith MalCare, the power is in your hands. I did not need to consult with a security expert or have any technical knowledge. Imagine if I had this tool when I started using WordPress. I could have avoided a lot of troubles!

Malcare auto cleanedMalCare seems pretty good at keeping the guilty malware at bay too. Malware tends to show up as a serial killer in a sequel, but so far my site has not been revisited. The MalCare cleanup is a very operational process. Other non-infected files do not get touched or interrupted.

Website Hardening

MalCare seamlessly fits into the website hardening best practices recommended by WordPress.
The site hardening practices form a three-part set-up.

The Essentials – These include features like Change Database Prefix, Block PHP Execution in Untrusted Folders and Disable Files Editor.

Advanced – These site hardening features include Block Plugin/Theme Installation.

The Paranoid – This mode allows you to reset all passwords and change the security keys.

Website Hardening

MalCare Security Features

Security Keys – Stored in your site database, security keys can be accessed by hackers. With MalCare you can create strong security keys and store them in a wpconfig.php file.

Protect Upload Folders – The MailPoet hack is a perfect example of how intrusions can occur through execution of PHP files in your ‘uploads folders’. MalCare blocks such scenarios.

Disallow Plugin Installation – MalCare can disallow installations of unwanted themes and plugins, many of which are used by hackers to infiltrate sites.

Disable File Editor – Prevent access to your backend files by disabling the file editor.

The MalCare dashboard has an easy to use Security Fixes section where you select your options and apply. Even though these security fixes are going into technical territory, MalCare’s dashboard design and one-click setup simplify things. You don’t have to be a website expert to give your domain full protection.

MalCare Firewall

The MalCare firewall is enabled automatically when you start using the plugin, but there is a disable option too. The firewall filters incoming traffic with the Login Protection and IP Blocking features.

MalCare Firewall

IP Blocking – MalCare blocks IPs with a bad history, and there are quite a few of them.

Login Protection – Hackers tend to use bots to brute force your username and password. MalCare blocks anyone who make too many login attempts on your login page.

Login Protection1

  • The plugin also enables CAPTCHA protection, unreadable by bots, to protect your site if it has noticed multiple failed login attempts.


  • To view details of the traffic allowed, blocked, etc, click on Allowed or Blocked on the Firewall section.
Login logs
Login logs
Traffic logs
Traffic logs

Website Management

Website Updates

Managing and updating outdated WordPress plugins and themes can be a major hassle, particularly if it needs to be done on multiple WP-hosted websites. The MalCare tool simplifies this by consolidating all website management functions including updating or removal of outdated plugins and themes from a single location – the MalCare dashboard.

Website Updates

User Management

In addition to efficient website management, the MalCare tool is handy in managing users and user roles with its user management functionality that can save a lot of time and does not require me to access the WordPress website.

User Management

Quick and Quality Support

MalCare provides immediate support. I had a few queries regarding the plugin which I raised via an email message. I got a response in less than a day, and the in-depth knowledge they shared helped me resolve my concerns. Support is one aspect that many products tend to ignore, (speaking from experience) but MalCare has that department covered pretty well.

Fair Pricing

I was quite impressed that MalCare comes at just $8.25 a month, a pretty decent price for so many services. A free version is there too which allows users to try out the plugin. With the free version users get the scanner and firewall features.

My Verdict

I would have to say that MalCare is a security plugin that will pleasantly surprise many WordPress users including me. The easy-to-use dashboard encapsulates the myriad features in a very convenient way for regular website owners. The light and accurate Scanner and the one-click Cleanup feature are the highlights for sure. Based on these observations I would say that MalCare is worth it.

The White-Labelling and Client Reporting features are a nice bonus. I can use my brand in the plugin. MalCare is working on a Two Factor Authentication security feature as I share these observations so expect even more robust security with this product.

Try MalCare from here