74,652,825 websites depend on WordPress and yet yours was the one that got hacked? Well, join the club, you’re not alone!
WordPress is a phenomenally popular site that powers about 30% of the internet. I have also been a constant victim of getting my WordPress site hacked frequently and decided to take action needed to stop this once and for all. Here is how I found a solution to my hacking woes.
While browsing the internet for the best security plugin by WordPress out there I came across MalCare. This was a relatively new security feature that I became even more convinced of as I learned more about it. And let me tell you, I went for it, and since then, my site hasn’t been hacked to date.
How MalCare Came About
MalCare is the brainchild of BlogVault, a popular WordPress backup plugin. They started working on a multidimensional solution that focuses on several fronts of website security. The idea was to create something that won’t just prevent a hack, but also block further attempts.
With multiple websites and lack of technology expertise, MalCare has been a saviour for me because of its ease of use. If all you want is to scan and secure your site, you don’t need to have any technical knowledge for that. With MalCare it’s an automated process, one that does not even ask for your site credentials. This is as easy as it can get!
Installation and Setup of MalCare
Anyone can do MalCare installation and setup. It took barely a few minutes to get the plugin and have it running on my site.
Step 1: Sign up and Add Site to your MalCare account.
Step 2: There are two ways in which the plugin can be installed –
- There is an Auto option that will install the plugins easily. All I had to do was log in to my account
- If the auto installation fails, there’s an option for Manual installation.
The dashboard features five neatly categorised sections to the right and quick links for the same functions on the left.
These are the options I found on the Dashboard:
The best part about this plugin is, once it was installed, it automatically started scanning my website. There is a score given on the dashboard indicating the security level for the site. If you get the highest score A, your website is secure. On the other hand, D is the lowest. If this pops up, MalCare guides you through the steps that should be taken on how you can improve the score.
The extensive set of features that MalCare provides did impress me. It had everything I needed to keep my website free from malware for now and in the future.
This WordPress scanner was built using AI after analysing and studying over 240,000 sites for 2.5 years. It is one of the most advanced security measures introduced to detect unknown malware in the last few years. With daily scans that are automatically activated once the timing is set. The security plugin can also scan the site on demand. MalCare will sync your site to their server and even note the file changes. All this, in 60 seconds!
So, to put the MalCare scanner to the test, I intentionally compromised my website and decided to let MalCare do its job.
And the result? The hack was identified, and I received notification through email as well in real-time!
How malware does it’s scanning?
Complete Malware Scanner
100+ signals are searching for malware on the website. The AI technology actively searches for malware by cross-checking with 240,000 and more sites. Any changes that aren’t supposed to be happening are also detected in specific files to locate the malware.
Goes Beyond Signature Matching
MalCare does not use the regular run in the mill methods to find the malware. It won’t check each line of code on your website for the malware. Instead, it looks for abnormalities and examines them for the presence of malware. This algorithm has proven to be useful in finding even the most complex malware.
Does Not Overload Server
Most of the security scanners present in the market tend to overload your server. This is something that the MalCare team has taken note of. Scanning by MalCare takes place on its server without affecting our websites. A shift in the entire load means our page load speed is not affected either.
When I ran the scans on demand or automatically I noticed that the speed of my site was not slow.
No False Positives
I have been using MalCare for quite some time now and have never come across any false positives from their end. You’ll receive an alert only when there is a presence of a specific malware on your WordPress site. On the other hand, it is good that you won’t receive any false positives. This way, you won’t have to be alarmed when there is no attack on your system.
When I enquired, the support team informed me that extra care was taken to make sure it reports only genuine malware issues.
When you notice signs of a hack, panicking is a typical reaction. Finding the right experts who can help explain the issue and get the website back on track has always been a tedious task in the past. MalCare has taken away this worry from me with the One Click Malware clean feature.
While the manual clean is always a Hercules task, MalCare makes the job easy with just a few clicks.
Here is what I did when I received an email informing me that there is a hack.
I used the Auto Clean option that is present below the scanner options.
MalCare immediately took care of it. It took less than a minute to remove the malware. I was informed through my dashboard and email that my site was clean again.
I was utterly bowled over this feature and, I dug in deeper to explore MalCare, and this is what I learned.
Perfect for Newbies
If you are using MalCare for the first time, you don’t have to worry about a thing. Thanks to the MalCare cleaner, you’ll never have to know the difficulties of doing a manual clean up. All you have to do is select the one-click feature, and it will clean up the site. It was gratifying to discover that we need not rely on external specialists every single time anymore.
Defense Against Malware
You will be surprised to know that despite frequent clean-ups malware generally comes back by finding a backdoor! However, MalCare takes care of this, and I haven’t had the same hack taking place on my website, as of now.
MalCare removes all the malware from the system without leaving a speck behind. The good thing – it only removes parts of the files that were hacked. The others remain unchanged.
I am glad this feature is available because now I won’t have to depend on anyone to get a malware clean done one on my sites.
MalCare has a feature called Website Hardening that is even recommended by WordPress.
It is done in three parts based on the level of security.
This is the primary website hardening step that all are suggested to take. It disables the files editor, changes the database prefix and blocks the PHP executions in untrusted folders.
Here, it blocks the theme installations and plugins.
This is where it resets all your passwords and changes your security keys. It is the final step to ensuring you don’t get hacked.
Here is how MalCare performs the necessary actions for website hardening.
Changing the Security Keys
The security keys are stored in the database of the site by default. This can be very dangerous if the hacker probes into the database tables of your site. MalCare helps you create a whole new set of robust security keys and stores them in the wp-config.php file that is secure.
Protects Upload Folders
Many of the hacks happen through the execution of PHP files in the upload folder. MalCare blocks such executionsMalCare.
Prevent Plugin Installation
One of the common ways hackers try to get into your site is through the backdoors by using themes and plugins. By disallowing these installations, you can reduce the risk of getting hacked.
Disabling File Editor
One way of preventing malware from getting in is to block all access to your backend files.
All I had to do was select all the fixes that I wanted to deploy for my site and enter the site details. And just like that, my site was secured!
Firewall protecting is like a defence you put up for your site from external hackers. You can automatically enable or disable it when you add your site to MalCare. The firewall filters the traffic that comes in from the outside online world.
MalCare is continuously in search of bad IP’s. These are ones that can cause harm to your website. When one of these IP’s tries to access your site, MalCare Firewall blocks it. Reassuring right? It even gives you all the information about the bad IP that was blocked.
I could see the number of IP’s that were barred from entering my site on the dashboard. By selecting the amount of allowed traffic, the IP address and more details of the incoming traffic were available to me.
Hackers are always on the lookout to target websites by trying various usernames and passwords to get into the site. After a few unsuccessful tries, malicious bots and hackers are locked out. MalCare deploys a CAPTCHA designed to be unreadable for machines thus preventing the hack. Even brute force attacks by bots are ineffective when you have your MalCare firewall enabled.
MalCare support is very reliable and took the time to help me with my queries and even explain how it works. They were very helpful in making me understand the MalCare features in details. This is more reassuring as it shows that they care about online security and appreciate its importance.
There are both free and paid versions of MalCare. The scanner and the firewall are features that can be used in the free version. If you are looking for more of their security features, you can opt for it for $8.25 per month.
Several features in MalCare impressed me. What I liked, in particular, was the Website Hardening feature. As a website owner, I would want to do everything in my power to protect my website from a hack, and this feature gives many ways in which that can be done.
Scanning is a task I generally postpone because it slows down my site. This does not happen when I use the MalCare scanner. The server is not overloaded, and so to my delight, the working of my site was not interrupted. This is another feature that led me in favour of the MalCare product. I should also mention White Labelling and Reporting that makes life easier for those who handle client sites.
I would recommend all WordPress site owners to get MalCare to keep their site protected. It is a one-stop shop for all your security needs.
Try MalCare and experience it for yourself.