While the developers of WordPress take security very seriously and focus intently on securing the core, the real vulnerabilities are found within our plugins and themes. This means as bloggers and online businesses, we need to be concerned as to the security of our own sites and go the extra mile to keep them safe from attackers.
There are a number of solid solutions available today: Sucuri, Ithemes, Wordfence, etc. But in this post, I want to review a new contender: MalCare.
*This is my fourth purchase from AppSumo, ever. I pass on many things that they offer. However, every now and then they present a new application that fits my need AT THAT SPECIFIC TIME. At that point I buy. After using Sucuri and Wordfence free for a while, this came just at the right time as I had begun to search for a more professional, paid solution. And it’s currently
$49 for a lifetime license!!! Updated link
So Why Another Security Plugin?
To begin this MalCare review, let’s ask the question: Why another security plugin if we have a handful of solid and trustworthy options already? Let me mention a few reasons:
- Performance – one consistent complaint with Wordfence is that it bogs the site down. It taxes the performance. I can’t contest to this as I only briefly used the free version. Yet MalCare actually runs apart from your website, on their servers, so there is zero load on your site. This is good.
- Price – Sucuri is $200/yr for the basic plan, Wordfence is $100/yr, and iThemes is $200/yr (though they offer discounts at times & with bundling). The MalCare business plan is $249/yr, but at this moment it is only $49/one-time for a lifetime license!
Quite a deal. Updated link
- False positives – this was my experience with Wordfence and Sucuri’s free plugins….lots of false positives. One of MalCare’s core claims is to reduce this significantly.
MalCare Review - Comparisons
MalCare doesn’t seem to shy away from comparing themselves with other reputable security solutions out there.
Click any of those links to view the comparisons.
MalCare Review - Features
1. Comprehensive Malware Scan
MalCare is set to automatically scan your site daily. This is good!
There is also the ‘scan on demand’ option.
I ran the Scan Now feature and when it was complete I received an email letting me know there were no malwares found on my site. This is great as I assume I will be alerted each day, and ESPECIALLY if something is found. I will update this in a few days and let you know.
Malcare claims that they keep track of ALL file modifications in order to allow a very early and precise detection. Also they use more than 100 signals to make sure nothing slips through unnoticed. These both sound great. We’ll see.
2. Instant Malware Clean
In the case of being hacked, MalCare will alert you and there will appear an ‘Auto Clean’ button on the dashboard. Upon clicking this you will enter your FTP credentials, choose your WP install folder, and MalCare will do its thing.
After this cleanup is complete, MalCare will rescan and alert you as to your site being malware-free (or not).
Now look ….. I have not tested this. I am looking for someone with a hacked site, but up until now I don’t have a site to test.
However, if you read the reviews, even on AppSumo, it seems that MalCare does the job very well. I mean, this is one of the sole purposes of the application, and I would expect it to do what it promises. I have no reason to doubt.
I’m a ‘half-full’ kind of guy.
If this is true, this plugin is an absolute charm and worth every penny. Let me ask you: If your site got hacked, would you know the steps to take to pick through and clean it all out? Most of us wouldn’t, let alone have a “One-Click solution” available, right?
In addition, many hosting companies will go as far as deleting hacked sites, and Google will dish out penalties.
So without any reason to doubt the promise of this company, this is a vital tool in my toolbox for my own site, as well as the sites of my clients, until proven otherwise.
3. Powerful Malware Protection
Next in this MalCare review: Site hardening!
What a lovely word.
MalCare offers a few extra options to help lock down the security of your site. Here are the three categories and their contents:
- Block PHP Execution in Untrusted Folders
- Disable Files Editor
I would be really hesitant to disable the files editor in my own site because I use it to make quick changes. However, I can see the benefit if you do not make changes there or make changes infrequently.
- Block Plugin/Theme Installation
This is a good feature if you don’t install plugins often. However, I’m not sure I’ll utilize this because I seem to have plugin updates daily. I’m sure you do as well.
BUT…. the MalCare dashboard informs you of theme and plugin updates, so it may actually be a good idea to put your website through such a process. You make the call.
- Change Security Keys
- Reset All Passwords
The ‘paranoid’ hardening takes the options to a bit more extremes.
4. Zero Load and High Accuracy
Zero load is a great feature. As mentioned above, MalCare’s scanners run on THEIR site servers ensuring zero load on your own site.
MalCare also tracks any changes on all files on your website. This allows for a comprehensive detection, as well as the ability to pinpoint the exact file affected for cleaning. They also evaluate all identified changes across 100+ signals to detect changes on your site.
5. Integrated Secure Backups
Not available with the Business plan or the AppSumo deal, it’s an add-on. Bummer.
Yet, that really isn’t the purpose of this plugin at all, so I understand. I have a hosting provider and can simply back up my site there.
But What About The Footer Badge?
You may have already read about this on AppSumo or perhaps another MalCare review, but MalCare, upon installing the plugin, adds this ‘Secured by MalCare’ badge to the bottom of your site. The above image is from my own footer after install.
But people inquired about it, and how to remove it, and at this moment there is now an option within the Dashboard to remove the badge. It was a simple as clicking a button.
I love the transparency in this response from the founder and CEO of MalCare:
There is one more panel that I found helpful, the firewall panel:
Here you can click on each of these values (allowed, blocked, successful, etc.) and get specific data as to your Traffic Requests and Login Requests, from IP Addresses, to Paths, to User Agent info, etc. Great firewall features!
View Details just gives you an attractive graph of this data. Nothing special.
MalCare Review Verdict
- It’s Claim. MalCare charges $250 a year for its Business Plan! That’s a lot. As mentioned above, the other options are at most $200/yr AND they are well established. The fact that MalCare charges this much, and that people are paying yearly for it, leads me to believe that it indeed delivers what it promises. Amazingly, this deal is currently just a
one-time price of $49 for a lifetime plan(updated link). I’ll take it.
- It’s Purpose. MalCare has one purpose: Website security. If it fails at this, it fails completely. Looking at the reviews, it has not failed and is actually receiving quite the opposite.
- It’s Functionality. The dashboard looks great. It integrates smoothly with my site. And it provides helpful information aside from the security side of things (like my Google Safe status, needed updates, etc.). It provides automatic scans daily, and it allows me to harden my site for further security.
- The Current Price. As mentioned it is currently a
one-time price of $49(updated link) for a lifetime license. It is not $250 a year (as originally)…….but $49, forever! This came at the perfect time for me as I was looking to invest in a professional security solution for my website.
Do you have a security plugin on your site that you recommend? Have you tried MalCare? Let’s discuss below.