Why Secure Your WordPress Site?
WordPress is used by close to 20 million websites on the internet, which is about 30% of all sites. Its popularity has a good reason – WordPress makes it easy to build websites that otherwise would take much more time and effort to build from scratch.
On the other hand, the drawback of this popularity is that it is tempting for hackers to look for vulnerabilities and exploit them for their malicious purposes. Finding a single weakness exposes thousands of websites to hacks since they may be using a standard plugin or theme which contains a bug.
I experienced this first hand last month. A vulnerability in one of the plugins that I was using at the time lead to the compromise of one of my WordPress sites. I immediately began searching for a good WordPress security plugin. MalCare is a security plugin that is gaining prominence. It has an impressive set of features and its layered approach to security compelled me to give it a go.
An Introduction to MalCare
MalCare is built by the same people that made BlogVault, a WordPress backup plugin that’s used by over 200,000 websites online. After spending years developing a product to provide a backup service, it became clear that the next step was to build a security plugin.
MalCare is comprehensive security plugin that includes detection and removal of malware. It also protects against further hacking attempts.
The kicker on top of this multidimensional solution is that it takes no technical know-how to get started with MalCare. At the click of a button, the robust software triggers its malware cleaner and scans your website without the need to share credentials or wait for manual intervention.
How Do I Install and Setup MalCare?
Getting the plugin installed and ready to use is easy and takes just a few minutes.
Step 1 – Sign up and you’ll receive an email from MalCare. There’ll be a link to MalCare dashboard, click on it. Next, you’ll have to add your site to MalCare account.
Step 2 – Enter the WordPress credentials for your website and you’re set to start using MalCare’s services to secure your site!
Deep Dive into the MalCare Feature Set
This section delves into the security features that MalCare comes with to arm your website against potential hacks.
MalCare Scanner
The MalCare Scanner is built using data from over 240,000 websites. Since it uses continuous learning and artificial intelligence, it can even point out the presence of complicated malware that would be difficult to detect if it relied on pre-existing criteria for detection.
Testing the Scanner
MalCare scans WordPress websites that it has been installed every day at a scheduled time. You can plan this to happen at whatever time you please – I set it to 9 pm.
Since the scanner checks for incremental updates by tracking file changes, the time taken for a scan is typically less than a minute.
In addition to the daily scans, you can also choose to do a manual scan by selecting the website and clicking ‘Scan Now’.
Upon scanning my infected site with MalCare, I received an email notifying me of the hack and also a notification on the dashboard!
MalCare does more than match lines of code –
The naive way to look for malware involves searching for a specific string in each line of code. MalCare goes beyond this method and can detect more complex malware because it does not only rely on signature matching.
MalCare doesn’t put your server under heavy load –
Unlike most security scanners that use the server resources of your website while scanning it for hacks, MalCare runs scans on its servers. This ensures that your page continues to be served smoothly and your traffic does not fall when a scan is going on.
MalCare Cleaner
Even if you currently run a WordPress site, you might not know what to do if a security scan reports a hack. Reaching out to the security experts and expecting them to fix the problem quickly and efficiently might be too much to expect since it requires human intervention. In this case, an automated malware cleaner could be extremely useful.
This is where the MalCare Malware Cleaner comes in. In the click of a button, it runs a comprehensive cleanup after malware is detected, taking the burden off your shoulders.
Testing the Cleaner
After getting an email from MalCare with the information that my site was hacked, I went to the dashboard and clicked on the ‘Auto Clean’ button. Less than a minute after entering details of my website, the panel showed me that the malware was removed, and my site was cleaned up. I also got confirmation of this via an email notification.
The ‘Infected Files’ section in the scanner menu shows the list of infected files that were removed.
Benefits of MalCare’s Malware Cleaner
Comprehensive cleanup – In some cases, malware makes a comeback even after removal since there are open loopholes and backdoors that the hacker can exploit. But in my case, the malware did not appear again.
Ease of use – The cleaner assumes no technical knowledge on your part. Just hit the ‘Auto Clean’ button, and MalCare takes care of the rest.
Clinical Approach to Removing Malware – MalCare uses advanced technology to pick out the files that led to the malware, leaving all other files of the website untouched.
These benefits outweigh the pain of manual intervention and having security specialists look at your compromised website and figure out the best way to eliminate malware.
Website Hardening
Given the state of security, WordPress recommends a few site hardening measures. With MalCare you can easily harden your site with the click of a button. MalCare helps you perform the following actions..
- Essentials
- Block execution of PHP code in files marked as compromised
- Update prefix for databases
- Disable the files editor since a hacker could use this in the future
- Advanced
- Block installation of new themes or plugins since these introduce more complexity and may contain further vulnerabilities.
- Paranoid
- Reset all passwords across the site since a hacker may have gained access to them
- Change security keys since exposed keys might cause future problems
Setup Procedure
To set up website hardening, you select the fixes that you want MalCare to execute, enter your site details and wait for the magic to happen.
These fixes are crucial to future-proof your website after a hack and make sure your backend remains safe after a hack.
MalCare Firewall
The firewall feature of MalCare protects your website from hack attacks. Since it gets set up with the installation, no further steps are needed to activate it. It can be disabled from the menu if you desire.
MalCare uses the following methods to keep a check on incoming traffic to your website :
IP blocking – MalCare performs scans on over 100,000 websites to identify bad IPs. If your site gets a request from any of these marked websites, it is automatically blocked. Smooth, right!
Login protection – A hacker may use a manual process of guessing credentials on your website. Given enough attempts couple with easy password and username, bots can compromise your WordPress site.
MalCare fixes this problem from getting out of hand by introducing captcha after a few incorrect guesses. This helps filter out bots that are trying to brute-force passwords.
Managing Your Website and Users
MalCare allows you to manage plugins, themes and WordPress core files right from your dashboard.
It also acts as a proxy to your WordPress panel and will enable you to update roles, change credentials and add or remove users.
MalCare Support
When I reached out to MalCare regarding some of their features, the turnaround time to get a response was 24 hours. The support staff came across as competent and answered my questions about their product as well as general security concerns.
How Expensive Is It?
The free version of MalCare includes the scanner and firewall protection. There is also a paid version starting at an affordable price of $8.95 per month.
Takeaways
Based on my experience using and getting to know the product and all its features, I have no qualms about suggesting it to other WordPress users for the security of their websites and their peace of mind.
The fact that I can use its features (especially the scanner & cleaner) just with the click of a button and little technical know-how is a huge plus. If I have any other concerns, then I can rest assured that the support staff will address them.
Since MalCare uses artificial intelligence to improve its models of detecting and cleaning malware continually, I trust that it is getting better with time and keeping up with exploits as they are discovered.
I also love the white-labeling and reporting features because it makes handling clients easier. I can submit reports of scans and cleans to them and they won’t even have to know what tool I’m using.
The one missing feature at the moment is 2-factor authentication. Having spoken to the MalCare team about this, they said it was in the pipeline and will be released soon.
Try MalCare From Here.