Review MalCare add-ons, can you rely on them to protect your site?
Website owners face constant problems and anxiety due to the protection of their WordPress site from hacking and exposure to security problems that may affect the stability of the site and may lead to a poor user experience, declining search engine results, loss of customer data, and much more.
When searching, site owners will find many plugins and options available to secure WordPress sites, and the most prominent of these options is MalCare, which is one of the latest security options but has managed to gain the trust of more than 300.000 users around the world.
This is because the MalCare plugin secures the WordPress site in all respects, for example, scanning malicious site files, activating an advanced firewall, detecting site vulnerabilities, securing the login page, etc.
So in today's article we will give you a comprehensive review of the MalCare extension, and we will compare it with other popular plugins in the field such as the Sucuri plugin and the Wordfence plugin, and we will show whether the MalCare add-on actually helps secure your site adequately or not.
Why choose the MalCare add-on?
The MalCare plugin provides a range of features that make it one of the most prominent options available to protect WordPress sites. The most important of these features are the following:
- Integrated protection system: MalCare provides an integrated protection system for WordPress sites, including checking the site for malicious files and restricting modification to plugins and themes if accessing the WordPress control panel, backup services, site analysis reports, advanced firewall and login page security, etc. Thus, you can secure most system vulnerabilities without the need for other security plugins.
- Periodic inspection : The MalCare add-on is characterized by checking your website files periodically 24 hours a day to search for any problems, hacked files, etc., and it also addresses the problem automatically with the ability to manually scan from the extension. on the control panel.
- Non-consumption of server resources : The MalCare extension relies on its own servers to scan the entire site files and therefore does not affect the performance or speed of the site completely, unlike other security plugins such as the Sucuri plugin or the Wordfence plugin, which depends on the entire site's resources, which Reduces site speed especially during periodic scanning or backup. This is clearly evident in the Wordfence extension, which is one of its most common drawbacks.
- Scanning speed : The extension is characterized by the maximum speed in all its operations on your site, whether scanning, backup, etc., because it depends on its own resources, as we mentioned in the previous point.
- Automatic settings : Works silently by adjusting the automatic settings for scanning, mechanism of dealing with malicious files, firewall, backups, etc. only for the first time. The extension then works on these settings and does not send any notifications to WordPress or email except in necessary cases only, with the ability to sort the notification properties from the internal settings.
- Advanced backup : Where all your website files are backed up automatically but in an advanced way, where if you encounter a problem with a file or it has been hacked, the MalCare add-on replaces the problem file with the latest, clean copy of it inside the backup files without affecting the site completely. .
- Advanced firewall: The firewall in the MalCare plugin has the ability to work, sort traffic, and avoid malicious traffic without visitors realizing it, it doesn't need bot checks, different pattern solutions, or anything else.
But against all the previous features, you will find that the free version of the MalCare add-on imposes multiple restrictions on you in scanning and removing malicious files, etc., so you may need to get the paid version of it, and during the following paragraphs we will review the pricing options available from the MalCare add-on , and we will learn about all the features. Add in detail.
Review the protection features of the MalCare add-in
The MalCare plugin provides a set of features that make it an integrated system to protect WordPress sites and maintain the site's performance and stability in the long term. During the following paragraphs, we will review with you these features and explain to you whether they really help you secure the site sufficiently or not compared to other protection add-ons.
1- Check the site files by Malware Scanner
When you install the MalCare add-in, the data is automatically synchronized with MalCare's external servers, including the databases and website files themselves.
The MalCare add-on then automatically scans all your website files once every 24 hours, with the ability to flexibly control the scheduling of scans, as well as manual scans on demand.
MalCare is based on advanced scanning algorithms that compare changes that have occurred on your site with files that have been previously synced on its servers and examine the correctness, nature and impact of those changes on your website. This is because malicious files can be embedded in plugins or themes in WordPress. Or indirectly, which is what distinguishes it from the Sucuri plugin or the Wordfence plugin.
MalCare also relies on artificial intelligence to scan more than 100 different indicators on the site to check for any indications that the site is at risk or vulnerable to hacking in general.
It should be noted that all scans are done automatically on MalCare's external server on synchronized data and therefore will not fully affect the speed or performance of the website during the scan.
2- Firewall
A firewall is a firewall that sorts traffic on your website, tracks visitor activity, and automatically blocks a visitor when they feel a danger or threat from the visitor.
The MalCare extension provides a good firewall that helps you perform the basic function required by the firewall, as well as detailed reports in the control panel showing you the number of visits that have been blocked, the reason, the IP address of each user, as well as the source, timing, etc. to avoid or block these sources in general and track them. The performance of your website.
It also offers some advanced options in the free version, for example, preventing Brute Force Attack, as well as injecting SQL files. The firewall works in complete silence without any request for confirmation or resolution of the CAPTCHA code from the user.
When compared with other protection add-ons, for example the Wordfence add-on, we note that Wordfence offers all the previous features plus a more advanced firewall in terms of responding to DDoS attacks, as well as periodic updates to track new malicious attacks detected, but these options are only available in the paid version of the add-in. .
The same goes for the Sucuri plugin, which provides a firewall that includes a range of multiple functions, for example, a WAF service and a CDN service, which helps to better sort traffic and improve overall site performance.
So it can be said that the MalCare add-on only provides you with the basic requirements as a firewall and relatively less with other security add-ons.
3. Secure login protection for the login page
The third criterion that webmasters are looking for is the security of the login page because when a hacker succeeds in accessing the WordPress control panel they can deactivate the security add-on and thus lose all the protection features it provides to you.
When testing the MalCare add-on, we found that it is relatively weak in this matter, relying on the firewall only to block high-risk traffic and relying on artificial intelligence to identify duplicate or fake recordings.
But you can't rely on it to enforce the maximum number of incorrect logins for a single IP address or enable the two-factor authentication option, as it relies on the CAPTCHA V1 option, which means that if the firewall notices a problem, it will ask for a special captcha resolution.
When compared to other security plugins, you'll find that Wordfence excels considerably, offering the ability to limit the number of login attempts, as well as the ability to enable two-factor authentication with customizing roles. It also relies on reCAPTCHA v3 which relies on hidden authentication by relying on the browser so as not to affect the user experience.
Therefore, the superiority of the Wordfence plugin in securing the login page is obvious, and if you want to rely on the MalCare plugin, you need help extensions so that you can activate these features independently.
4- Backup site files
Backup is the last resort that site owners resort to in case the site is hacked or there are technical problems of unknown cause.
When testing the MalCare plugin, it was clearly superior to all other security plugins, and this made sense because MalCare is basically a development of the BlogVault plugin, which is the most popular in the BlogVault industry. Backup WordPress.
MalCare provides the ability to copy all site files, whether databases or site files itself, from templates, plugins, server-uploaded files, etc., to MalCare's external servers. So, if the server has a technical problem, you can get the files from an external source, and the storage space for backups is unlimited. .
What distinguishes MalCare is its reliance on artificial intelligence to compare site files and files uploaded to the server and clarify the difference between them, with the ability to restore only different files, which helps you address the problem on your site gradually and without affecting the databases completely.
The automatic settings of the MalCare add-on get an updated backup on the servers once every 24 hours. You can customize that period or perform a manual backup, but that comes with additional costs, especially since the backup service is a fully paid service on the MalCare extension and the same goes for other protection add-ons.
5- Improving site vulnerabilities through tighter security
The security of websites is not only through installing an advanced firewall or scanning malicious files, but the function of the basic security add-ons is to provide an integrated environment for you secured from various intrusion and vulnerability factors, and this is the main point of competition between protection and add-ons.
When we examined the MalCare extension, we found that it offers a set of basic features for securing the site in general, which are as follows:
- Change the database prefix to the prefix.
- Prevent PHP from being installed in untrusted folders on your website.
- Disable the file editor, so the hacker can't modify the plugins or theme if they access the WordPress dashboard.
- Prevent the installation of components or plugins on your site completely, the hacker is unable to add any changes to your site or install its own plugins that affect the site when you enter the WordPress control panel.
- Change all passwords on your website, server, and databases at once with Paranoid.
The MalCare extension also scans all the extensions and templates on your website and identifies the important additions that need to be updated to the latest version, specifying the version of the current version and the required version, because the latest versions are used to develop the firewall and close the security holes that hackers were able to access, as shown in the following image:
It is also worth noting that it monitors the server and the site in terms of the number of hours of operation and sends you a direct notification via email in the event of a site downtime so that you can examine the underlying issue and try to resolve it, as shown in the following image.
Most of these options are also available in other security plugins, but the option to monitor the server, Paranoid tool, or change the database prefix is not available in the Wordfence plugin, but in return it provides other features such as hiding the WordPress version, and the visitor cannot specify the operating system, theme, plugins, etc.
This point therefore varies from add-on, but the MalCare plugin can be rated as excellent because it provides you with the simplest options you need to secure and monitor all aspects of the site.
6- Easy setup and control panel
All of the above features are not important if you cannot handle the security add-on properly and adjust all the basic settings you need on your website, and this certainly depends on the control panel.
When we reviewed the MalCare add-on control panel, we found that it is the best among other security add-ons because it provides a comprehensive external control panel with a main interface that includes all the basic reports on the site, for example, backups, scan results, plugins, and templates on your website, including version, status, and much more. .
So you can rely on the main interface only. Scan your entire website, and you'll find that you can embed that interface into the internal WordPress panel as well, but the reports will be more concise and separate.
The control panel is straightforward and quite intuitive, you can handle it with minimal prior technical experience, and you may not need a manual to use and adjust add-on settings.
You can also link all the sites you own to just one dashboard, which makes managing the security standards for those sites better and easier. Unlike the Sucuri add-in, it doesn't support multiple websites on the same control panel.
7- Cost price
The last point in reviewing the MalCare plugin is cost, and it may be an important criterion for some users, but it is not always preferred to save on the budget of protecting the site because it is the basis of the success and stability of the site. The project is long-term.
Initially, we reviewed the free plan in the MalCare add-on, which provides you with basic scan and firewall options for your website only. As for all the advanced features, you need access to the paid plans. Unlike the Wordfence plugin, it offers you more flexible options on the free plan, but it imposes high restrictions on it, for example. Example: Do not update firewall databases until 30 days after they release the paid version.
In the case of relying on the free option, it is better to rely on the Sucuri add-on, as it is a completely free add-on, but the advanced services for it are paid, for example, the backup service or the CDN service.
If you rely on the paid plan, you'll find that the MalCare add-on starts at $99 per year per site and offers three progressive plans, which is about the same as the cost of Wordfence, unlike the Sucuri -on add-on, which has almost double its basic cost, which is a single plan at a cost of $199.99 per year for sites. One, but equivalent to the advanced plans of the paid version, which costs up to $250 per year per site for both the MalCare add-in and the Wordfence add-in.
Therefore, the obvious superiority of the MalCare or Wordfence extension is if you want to rely on a medium-cost paid plan, but you should compare the cost with the features you also get to get the best quality of protection at the lowest cost. Cost.
Install and set up the MalCare plugin on your WordPress site
Now that we know the features of the MalCare plugin, we will now learn how to install and set up the plugin on the WordPress site. It's worth noting that MalCare provides a ready-made WordPress extension that you can rely on to link all MalCare security services directly to your website.
First you go to the WordPress dashboard, then click on Add-ons from the side menu, choose Add New, then search for the MalCare plugin and click on Install Now next to it, as shown in the following image:
After that, the extension will be downloaded and installed on your site within minutes, then you click on Activate next to it. In this way, the add-in is installed and activated.
After that, you will be automatically redirected to the MalCare add-on settings page. If you are not redirected to it, you will find a new tab appearing in the WordPress side menu called Malcare, from which you can control the settings for plugins.
You will now be required to register a new account on the MalCare website in order to use all the features of the add-on, as well as to link the add-on's cloud services to your website. You write your email and then agree to the terms and conditions. It is preferable to review them before approving and then click on send as shown in the following image:
After that, you type the email again, then type the password the password, then confirm it again to confirm the password, then agree to the terms and conditions, and then click on Get Started, as shown in the following image:
In this way, a new and successful account was registered on the MalCare platform. Now you go back to your site's main WordPress dashboard and then choose MalCare from the side menu again. You will see the following page:
This message states that all Malcare extension settings and files are on their own external servers and you must click Visit Dashboard to go to them. This illustrates what we mentioned in the previous paragraph that the Malcare extension does not affect the speed or performance of your website, unlike security extensions. other.
If you see the same previous page, you retype the email registered in the Malcare platform, and the link will be done directly, and the last page will appear to you without problems. This way, the Malcare extension has been linked to your site correctly and successfully, so you now click on Visit Dashboard to go to the Malcare settings. .
To start, you'll find that the Malcare server uploads all your website files to its own server and connects the data in real time, updating it with the location data. You must wait for the file upload rate in the Sync In Progress bar to complete, as shown in the following image:
After reaching 100%, the site is now connected to MalCare add-on servers, and you can adjust the settings for the extensions, as we will review with you in the following paragraphs, read with us.
Conclusion
If you are looking for a WordPress plugin that helps you fully secure your site and achieve the full equation for you, it is almost impossible and you will find many options, including the MalCare plugin, which we reviewed in today's article, in addition to the Wordfence extension, the Sucuri plugin, and many more.
You'll find that all extensions have a range of advantages and disadvantages, so you should read the review and determine if the vulnerabilities provide you with the minimum required security standards or require a more advanced degree of security.
The MalCare plugin can quickly be judged as a good add-on for website security, especially at the paid level, but you may need some external help plugins to reach the full degree of security, for example setting the maximum number of registration times, two-factor authentication, etc., depending on the needs and degree of security. Your website is required.