MalCare WordPress Security Plugin – Is it Right for Your Site?

Last Updated on January 24, 2023 by 14 Comments

Editorial Note: We may earn a commission when you visit links on our website.
MalCare WordPress Security Plugin – Is it Right for Your Site?
Blog / Resources / MalCare WordPress Security Plugin – Is it Right for Your Site?

The MalCare WordPress Security Plugin is all about boosting the security of your WordPress site. It’s no secrete that guaranteeing security on your WordPress website is something you should always keep in mind. With so many great WordPress security plugins out there, we want to help you find the better fit for your website.

In the past, we’ve already provided you with reviews of the Sucuri and the Wordfence plugins. This time, we’re going to take a look at the MalCare WordPress Security plugin. MalCare is a one-click security solution for your website. This security plugin has both a free and premium version. Both versions focus on making the experience as easy and straight-forward as possible.

In this post, we’ll discuss the free version of the MalCare plugin. We’ll show you how to set it up and what you can expect from it. Although it doesn’t offer features such as backups, it does offer you the possibility to scan for malware and keep track of your firewall and login protection logs.

After going through the setup, we’ll discuss the user-friendliness of this plugin which will help you figure out whether or not the MalCare WordPress security plugin is a good fit for your website.

MalCare WordPress Security Plugin – Installation and Setup

Install the Plugin

To install the free version of the MalCare security plugin, go to your Plugins > Add New > Search for the MalCare WordPress Security plugin. Once you find the plugin, click on the ‘Install Now’ button.

Malcare install Plugin

Activate the Plugin

Once you’ve installed the plugin, make sure you activate it right away so you can start using its features.

Malcare activate Plugin

Enter Email to Get Started

After installing the plugin and activating it, the plugin will lead you to an activation page where you have to add your email address to get started.

Malcare email

Dashboard Redirect

Once the setup is completed, you will automatically be redirected to the plugin’s dashboard. You’ll notice a welcome message saying all three free features are enabled on your website. From that point on, you will be able to scan your website for malware and be up to date with firewall and login protection logs.

Malcare scan

MalCare WordPress Security Plugin – Overview


Once you exit the dashboard redirect, you can always go back to the MalCare dashboard by going to your WordPress dashboard > MalCare > Visit Dashboard.

Malcare dashboard

Malware Scanner

This plugin is daily and automatically keeping track of the activity on your website. The only thing you’ll need to perform manually is the malware scan. You can scan your website for malware at any time. After it’s done scanning your files, it tells you whether or not your site is clean and/or if you any hacked files. It also shows you the last time you’ve scanned which helps you keep track of how often you perform a malware scan on your website.

The Malware Scanner reduces chances of your website getting blacklisted by detecting the most complicated malware at an early stage. They use more than 100 signals to investigate your website’s code and make sure no malware escapes.Malcare scanner signals

Malcare scanner signals


The firewall feature follows up on which visitors should be allowed, blocked or bypassed on your website. The data is updated on a daily and if you click on the ‘Firewall Logs’ button, it will share additional information about the traffic requests such as IP, status, time, method, path, response and user agent.

MalCare WordPress Security Plugin MalCare WordPress Security Plugin

Login Protection

The login protection works the same way the firewall does. It shares all the succeeded, blocked and failed login requests in a graph that is automatically updated to keep you in touch. When clicking on the ‘Login Protection Logs,’ you’ll find more information about login requests that have happened in the past.

MalCare WordPress Security Plugin

MalCare WordPress Security Plugin – User Friendliness

As you can notice in the overview above, the free MalCare WordPress Security plugin does offer great features. But what about the user-friendliness?

If you’re looking to give your WordPress website the protection it needs regarding logins, firewall and scanning malware, then the free MalCare WordPress Security plugin does an excellent job. It automatically keeps track of your logs on a daily basis. The only thing you’ll have to start manually is the malware scan and you can do that at any time and as frequently as you want. The firewall and login protection features are enabled from the moment you link your website to the plugin so there’s no time being wasted.

You can also access the logs at any time which makes it easy for you to remain up to date and take matters into own hands if necessary.

Conclusion: Is the MalCare WordPress Security Plugin the Right Security Plugin for Your Site?

If you’re looking for a plugin that gives you peace of mind and does the security job for you, the MalCare WordPress Security plugin will definitely not fail you. However, if you’re looking for more advanced features such as backup or complete site management, you might consider switching from the free version to the premium version.

If we take a look at the free features it offers, we can conclude that the plugin does quite a good job. It keeps track of all data regarding your firewall and login protection. You can access this data at any time and you can also use the malware scanner that focuses on early detection of malware.


Want To Build Better WordPress Websites? Start Here! 👇

Take the first step towards a better website.

Get Started
Premade Layouts

Check Out These Related Posts

WordPress vs Medium (2024) — Where Should You Blog?

WordPress vs Medium (2024) — Where Should You Blog?

Updated on February 14, 2024 in Resources

If there is one question that goes back to the very beginning of blogging, it’s “what blogging platform should I use?” Everyone asks this question (to Google, most likely), and everyone gets bombarded with a thousand different answers. That’s primarily because there are so...

View Full Post
9 Non-Profit Child Themes for Divi

9 Non-Profit Child Themes for Divi

Updated on January 23, 2023 in Resources

There are lots of nonprofit organizations across the globe. Just about every one of them needs a well-designed website to tell their story and receive donations to help their causes. Divi is an excellent theme for nonprofits such as charities. Fortunately, you don’t have to start from scratch for...

View Full Post


  1. Hey guys. Ive been using siteground hosting (grow big package) and paid versions of Malcare and BlogVault. Very pleased so far. The cleanup service from Malcare provides great piece of mind.

  2. I bought this plugin a few months ago. I also subscribe to their sister backup service, Blogvault. The two actually work great together, although you can just opt for Malcare by itself you want. Malcare is solid. It also places literally no load on your server, unlike other options I’ve tried. I’d certainly recommend it.

  3. Good post!

  4. This plugin looked promising. I was going to purchase the premium version through a deal but I missed the deadline.

    Thanks for the reminder! I need to take a second look…

  5. Herby,

    Thanks for your review.

    I run multiple Multisite networks with over 100 sites and 800 plugins in service and am always looking for newer, better solutions to replace outdated or buggy ones.

    Reviews like yours helps minimize the time I must expend to get an overview of a potentially new solution. Thank you.

    For years we have been using paid Wordfence with custom scanning configuration and country blocking features activated and have never had a breach. However, we also have some features deactivated (live traffic) as they can have a significant negative impact on site performance.

    Again, thanks for pointing out a new solution that might be just the ticket for less complex sites.

  6. It is again only a part solution which won’t help you much.

    People will install it and then think they live in secure haven but that is definitely not the case.

    1st most attacks come to the login page. Is that page secured i.e. with a cookie based Brute Force Prevention then it will stop the majority of Brute Force Login Attacks at the .htaccess level thus providing even better protection for your WP login page and also reducing the load on your server because the system does not have to run PHP code to process the login attempts.

    If you want to slow down the site use the plugin described above. I recommend using All In One Security as the best FREE and most complete solution to secure your site. It also provides a way to backup your data on a regular base, no need to do things manually – which is pretty stupid for a security plugin.

  7. Looks like a great plugin. I will definitely give it a try. Thank you for the information.

  8. This looks like a nice easy plugin to use. Most people do very little to secure their websites, so this can be a viable option for many people. The free version is best to try these plugins and see if they meet your needs. Then you can consider upgrading if you want. An easy solution is what people are looking for, so I am going to try this plugin on one of my websites and give it a try.

  9. Bloody hell, can’t you just put a f*****g hyperlink pointing to the plugin page ? Come on !
    It looks basic to be honest and doesn’t do any better job that lots of other security plugin. So what’s the differentiation factor ?

    • This looks like a nice easy plugin to use. An easy solution is what people are looking for, so I am going to try this plugin on one of my websites and give it a try.

    • I don’t think you need to provide comments like this which aren’t helping anyone. Not all Divi users are power users and this may be just the solution for those that just want basic.
      Have a nice day StartMeUp.

      • Hi Herby
        Thanks for your reply. Yes you’re right, I realise my comment was really not nice, I got myself carried away and reacted too badly. I don’t know what happened, I’m usually quite nice (I think). You’re totally right when you say it’s good for those who want basic. But I still think they could link to the plugin, and I don’t see how it’s better than other plugins that do the same job – unless you only want the very basic stuff shown through a pretty graphic interface.
        I promise I’ll be good next time 🙂

  10. Frankly, some folks are better off getting a web hosting company that specializes in WordPress and handles the updates and security for them. Php scripts, plugins and external services are very inefficient, too late and just not capable of thwarting and recovering from the most persistent attacks. These scripts can never match the prowess of an expertly managed firewall and recovery system.

    For the money one shells out on these very limited plugins and services one can carefully choose a host that offers far greater protection and maybe even save a buck in the end. Though, even if it costs pennies more–you’d be much wiser to have a professional team handle this at the proper levels which is on the levels of the server and routers.

    But it is tough because there are many big player, big name hosting companies that cheat folks saying that they offer managed WordPress hosting all the while they really fail to protect their customer’s sites.

    How can you tell if a host is good? One new and quickly evolving security technology used by some of the serious about security hosts is called Imunify360 (not affiliated but we use it). Hosts that have this kind of multiple high-layer protection and fully managed support that ensure that your plugins are up to date are indicators of a good host that provides such tight security that these plugins are then not recommended to be used.

    • seams that somebody make some advert here 🙂 (like the writer too:))

      No offence but server level security has nothing to do with WordPress security.

      Due to various plugins usage WP it’s vulnerable by the quality of that piece of code.
      You can have state of the art security at the server level if your plugins have exploits.

      The big players do not cheat, only mislead the user because do not know the difference between a managed server for WP and WP maintenance.

      Indeed only a good maintenance combined with well secured server can prevent exploits, and even so it’s not 100% safe.

      Keep in mind that maintenance for WP means that you give full access to your platform to the security team. That need an commercial agreement and non disclosure terms because we are under GDPR rules.

      Please… here we want professional guidance not advertorial writings.

Leave A Reply

Comments are reviewed and must adhere to our comments policy.

Get Started With Divi