Security & Firewall — MalCare Security


Instant WordPress Malware Removal at 25% of the Industry Cost. Detects Complex Malware Others Plugins Frequently Miss

Check out more MalCare customer testimonials from here.

With it’s smart “Cloud Scan”, MalCare’s malware scanner will never impact your website performance nor overload your server. Ever.

Clean your malware in less than 60 seconds. Our safe malware removal technology ensures that your website never breaks.

MalCare comes with an inbuilt smart and powerful Firewall for real-time protection from Hackers and bots.

It is the simplest WordPress Security plugin that doesn’t need any technical knowledge. You can get set and ready in just 50 secs.

The brands you trust, trust MalCare to keep them safe. MalCare is trusted by Intel, Dolby True HD, CodeinWP, Site Care, WP Curve, Valet, among others.

It is a perfect security solution for developer and agencies as it comes with all the tools you need to manage multiple websites from Website Management, White Label Solution, and Custom & Scheduled Reporting.

Learn more about MalCare from here.

MalCare in Numbers

  • 200,000+ Sites Scanned and counting
  • 250,000+ Successful Malware Removals
  • 330GB Largest site Scanned
  • 10,000+ Web hosts Compatibility
  • Five Star Support

Benefits of Using MalCare as Your Go-to Security Solution

1. Scanner That NEVER Slows Down Your Website

  • No Server Overload. Ever.
  • Scan website for vulnerabilities
  • Consistent Scanning Practices
  • Early Malware Detection

2. Fix a Hacked Website in less than 60 Seconds

  • Fully Automated Malware Removal
  • Unlimited Cleanups at No Additional Cost
  • Cleans Complex Unknown Malware
  • Support Always on Your Side

3. Real-time Protection from our Smart Firewall

  • CAPTCHA-based Login Protection
  • IP Blocking on a Global Level

4. Inbuilt WordPress Website Hardening

  • Disable File Editor
  • Protect Uploads Folder
  • Change Security Keys
  • Disallow Plugins

5. Single, Site Management Dashboard

  • Perform WordPress Core, Theme, Plugin Updates
  • Invite Team Members for Efficient Collaboration
  • Exclusive White-label Solution to Grow Revenues
  • Beautiful and Comprehensive Client Reporting

6. MalCare is a «Service,» Not just a Security Plugin

  • Always Improving & Adding Features Unlike Plugins
  • Our Support Has Your Back, Always
  • Independent Dashboard Offers 24X7 Access to Backups

Why Choose MalCare Security Services?

  • Set up & Running in Just 60 Secs — Get started in no time. Log in. Auto-Install. And that’s it!
  • Unlimited Scan and Cleanup — With MalCare Security Service, clean-up is automatic and at the click of a button, with no downtime.
  • Detects Malware Missed by Other Plugins — Our proprietary algorithm identifies even the most complex malware and security hacks, without any false-positives.
  • No Technical Knowledge Needed — Automated workflows that ensure everything you need is only a click away.
  • Personal Support for Everyone — Agile & Responsive Customer Support that caters to Everyone.

Difference Between Free & Paid MalCare Security Service?

MalCare Security Service has a free version and a premium version. We’ll scan your site with our Scanner and protect your website with our Firewall in the free MalCare version.

The paid version includes Cleaning a Hacked Site, Website Hardening, Website Management, White-Labeling, Client Reporting, and taking Regular Backups. Kindly take a look at our security feature pages for more details.

To learn more, please take a look at MalCare free vs premium page.


  • MalCare combines an inbuilt WordPress firewall with Captcha based login protection to defend your site against bots, hackers, and malicious traffic.
  • MalCare’s Early Detection Technology uses 100+ intelligent signals to detect even the most complex malware that other WordPress security plugins cannot detect.
  • No more waiting for days or hours to clean your website. Clean your website of malicious code with surgical precision in One-Click.
  • Manage multiple WordPress sites from one dashboard.
  • Based on an internal algorithm, the Score and Report indicates that health of the security of your website along with what steps you should be taking to score better.
  • Check the Performance Speed of your website from the BlogVault dashboard.
  • With Uptime Monitoring you get notified the moment your website is shut down.
  • With BlogVault's White-Label Solution you can showcase our service under your own brilliant brand.

Часто задаваемые вопросы

Can I Setup my MalCare account myself?

Yes. Take the help of this step-by-step guide.

I am unable to reach the security plugin. What can I do?

You can send an email to the support team on and notify our team regarding this.

Do you have a free version? How does it work?

MalCare Security Service has a free version and a premium version. We’ll scan and protect your website with a Firewall in the free MalCare version. You can download the security plugin from the WordPress repository.

The paid version includes Cleaning a Hacked Site, Website Hardening, Website Management, White-Labeling, Client Reporting, and taking Regular Backups. Kindly take a look at our security feature pages for more details.

To learn more, please take a look at MalCare free vs premium page.

How do I upgrade from free to a premium account?

To upgrade from free trial version to a premium account, please take the help of this guide.

How do I upgrade to a bigger Plan?

To upgrade to a bigger Plan, take the help of this guide.

Do I need to pay for support and help?

Never! We will be with you for any queries at any time. Click here to get in touch with us!

How many times does MalCare auto-scan a website?

MalCare automatic security scans a website once every 24 hours.

How does MalCare detect complex malware?

MalCare Security Service scans all your website WordPress files beyond just signatures and evaluates it automatically using powerful technology with the collective knowledge of 240,000+ sites. It uses 100 + intelligent signals automatically for deep security scanning and combing through all the files. That is how it detects even the most complex and well-hidden malware on your site.

Does MalCare affect my site performance?

No, not at all. MalCare Security Service performs all the heavy lifting of scanning your entire site WordPress files on its own. It does not use your site resources. MalCare Security Service runs its security operations on MalCare servers, thereby ensuring zero loads from its side on your website.

How does the unlimited cleanup policy work?

A situation may occur where your site is being repeatedly infected. In such events, there is no limit to the number of times you can clean up a hacked website.

But if the situation persists, then cleaning up the site, again and again, will not solve the problem. In such cases, you can contact us, and we will help improve your security posture. We’d ask you to take proactive measures based on the recommendation of the Support team. We reserve the right to refuse service until appropriate actions are taken from your end. In cases like this, we also reserve the right to deny refund or cancellation of the MalCare Security account.

What do I need to clean my website?

In order to begin the cleanup process, we need access to your server and its associated files. (Don’t worry, this will not compromise your site’s security).

We get this access in the form of FTP, SFTP, or SSH access to your server. FTP stands for File Transfer Protocol, sFTP for Secure File Transfer Protocol, and SSH for Secure Shell. These are connection protocol mechanisms that allow us to log into servers to edit/add/remove files. These connection protocols allow us to log into your websites, specifically the server, and perform the remediation process. If you for some reason are unfamiliar with these protocols, don’t worry, our team of security analysts are prepared to assist you in the process. To do so, you’ll need to be willing to share access information to your hosting account.

We covered how to clean a website here. Here’s a guide on how to find FTP credentials and another guide on how to locate a folder where WordPress is installed.

How long does it take to clean a site?

It really depends on the size of the website. In average, cleaning up with MalCare Security usually takes 5-10 mins.

How does the Login Protection work?

MalCare’s Login Protection feature prevents bots from entering your website stealing your data, spamming and other malicious activities that threaten the security of your site.

How does the Site Hardening work?

WordPress has recommended few extra security measures which will harden the security of your website. We have incorporated those recommendations in our Site Hardening feature. Kindly have a look at our guide on how to implement Site Hardening.

How does the Firewall work?

MalCare Security Service was created after analyzing over 240,000 sites from scratch. The Firewall constantly monitors traffic from all places and automatically blocks IP’s that seem malicious in nature. As such, it is automatically enabled and needs minimal overseeing.

MalCare Firewall Security ensures that attacks on your site by even bots are mitigated, without affecting your WordPress site. It monitors bots across a global level without ever overloading your server.

Can I update WordPress core, plugins and themes directly?

Yes. Updating WordPress add-ons tightens the security of your website. Take a look at this Manage Site help doc to learn how to update WordPress add-ons.

Can I manage my site users and their password directly?

Yes. With MalCare managing WordPress, users have become easier. Take the help of this Manage Site help doc. Remember to delete the passive user account and encourage users to use a strong password for better security.

Can I add Clients and Team Members on my account?

Yes, you can.
Our client feature is for your reference alone. You can assign a client to their site. If you want to give a user, the dashboard access, please add them as your team members under the team section. Please see How do I add clients and team members? For the sake of security, give dashboard access to only people you can trust.

Will MalCare Security work if my site is down?

We understand the pains of a website going down. If a site goes down after you have added the website and installed the security plugin from the dashboard, MalCare will clean up your site.
But if you add a website that was down beforehand, i.e. before adding the security plugin, then MalCare Security Service won’t work.

What information does MalCare Security Service store?

We only store data related to your site structure such as plugins/themes with their respective versions. This helps us identify vulnerabilities that may be present on the site. We track the IPs of visitors to your site, to identify malicious actors who might attack your site.

What makes MalCare Security Service better than other security plugins?

MalCare Security Service was developed after analyzing 240,000+ websites.
* It uses 100+ internal signals to Scan and identifies the most complex malware.
* It pinpoints the malware’s exact location on your site. It does remote security scanning, to ensure there are Zero loads on your server.
* MalCare comes with an industry first One-Click Malware removal service that eliminates any malware in a jiffy.
* We alert you only when there is a legitimate malicious discovery rather than ‘possible hacks’.

We feel these features set us apart from most other WordPress security plugins. For further information take a look at how MalCare Security Service stands when compared with Top Security Plugins.

I already have a backup solution. Something happens to my site, I can simply restore. Why do I need a security plugin?

Backups play a very important role in WordPress security, but it has some limitations. We have noticed that in many cases, it is weeks before a site owner realizes that his/her website has been hacked.

During this period multiple backups will be taken, and there will be a high chance that the files that contain the hack or the Malware are also backed up.

In such a case restoring from backup is not sufficient as it will not clean your website. Here is where a Malware solution like MalCare Security Service comes in. It does regular automated security scans of your website and notifies you if there is any sort of Malicious content on your website.

Isn’t WordPress secure enough?

WordPress core is safe, but the CMS does not work in isolation. Security plugins and themes are part of its ecosystem. Several studies on hacked sites show that plugins and themes are responsible for a majority of such compromise. MalCare Security Service is an easy and effective way of securing websites and keeping them safe from hack attempts. Look at this full feature list.

Why will an SSL certificate not suffice?

An SSL certificate is used only to encrypt a connection between the browser and server to safely transmit sensitive information. However, MalCare Security Service goes beyond and actually protects the database where this information is stored, scans your website files using 100+ intelligent signals automatically, and applications protect from data breaches and spreading of viruses/malware. These functionalities are not provided by an SSL certificate.

How is MalCare Security Service the best for agencies or developers?

We’re the best because of three features:
* We have developer-friendly plans that are easy on the wallet. If you’re a developer or an agency that hosts about 10 websites, the chances are that enterprise-level security packages would be too expensive for you. If you’ve got anything more than seven sites, take a look at our unlimited plans.
* Our auto-clean feature makes sure that you can scan, and clean your sites by yourself, so you don’t waste precious time.
* MalCare’s regular security scans alert you whenever it identifies hacks, so your sites are always secure.

How does MalCare Security handle WordPress Multisite installs?

We completely understand the concern and complexities surrounding WordPress Multisite installs. We treat each WordPress install as a license. It means that if you have a network of websites on a single WordPress installation, we treat that as a single license.

Will MalCare Security Service slow down my website?

MalCare runs on its own servers. We take great care to ensure that we do not add load to your site. We do all the hard work of security scanning, cleaning and protecting, on our servers and this is our USP.

Where are my FTP details processed?

FTP details input into MalCare is processed on our servers. We need your FTP credentials to access your website’s files and folders. We feel that FTP transfer is the safest way to transfer data to and from a site. However, they are treated like payment details (i.e. they’re not stored on our servers). Once we’ve processed them, they’re deleted from our servers.


Supporting multiple wordpress sites as developer can be crazy at time. Early 2020 most of our sites got hacked and MalCare came into rescue. Beside the protection which was easy to applied. What amazed me was the speed of reply from the support. (I'm never a fan of chatting with bots). They even cleaned up my site with trojan injection within 3 hours after just an email notification while I was sound a sleep.
I'm a pro as well as free user and I was not a fan of MalCare initially. Since I have been able to test it on a number of ex-client with hacked sites and not feel confident in it's ability to detect issues. As Pro user there have been constant improvements there. Great work. As free user I think it is amazing you get a very good scanner checking every 24 hours with almost no server resources used. Invaluable. Yes, you have to upgrade if you have a problem, but that seems fair given you also get their firewall which is trying to stop you from having a problem. It's a great set it and leave it solution and one I would recommend to self managing owners.
We have a high transaction website that was hacked. Did the scan, upgraded and solved the issue. We were at risk of losing $1,000's. We also had a tech from Malcare do a manual review of the site and they identified other issues that were critical and we repaired. I see some people complaining that this plug-in is not free. Not sure how they can actively support their software and provide additional consulting support for free. Totally worth it.
Посмотреть все 73 отзыва

Участники и разработчики

«Security & Firewall — MalCare Security» — проект с открытым исходным кодом. В развитие плагина внесли свой вклад следующие участники:


Перевести «Security & Firewall — MalCare Security» на ваш язык.

Заинтересованы в разработке?

Посмотрите код, проверьте SVN репозиторий, или подпишитесь на журнал разработки по RSS.

Журнал изменений


  • Updated MalCare landing page front-end


  • Removing deprecated get_magic_quotes_gpc function
  • Improving Firewall Logging


  • WPCli to server request path updated
  • Authentication header added in wpcli request param


  • Firewall in prepend mode
  • Robust Firewall and Login protection


  • Plugin branding fixes


  • Updating account authentication struture


  • Adding params validation
  • Adding support for custom user tables


  • Restructuring classes


  • Request profling and logging


*Firewall improvements


  • Callback improvements
  • Adding delete transient callback


  • Checking Whitelisted IP’s first


  • Updating tested upto 5.1


  • Disable form on submit


  • Setting blocked page to be non-cacheable


  • Updating tested upto 5.0


  • Adding Geoblocking functionality


  • Adding function_exists for getmyuid and get_current_user functions


  • Removing create_funtion for PHP 7.2 compatibility


  • Ability to show captcha for all login blocked


  • Adding Misc Callback


  • Adding logout functionality in the plugin


  • Adding support for chunked base64 encoding


  • Updating upload rows


  • Updating TOS and privacy policies


  • Bug fixes for lp and fw


  • SSL support in plugin for API calls
  • Adding support for plugin branding


  • First Release