MalCare Security and Firewall – Free Version


MalCare Security: the most innovative WordPress security plugin

MalCare is truly a one-click security solution for your website. Developed by the team behind BlogVault, MalCare plugin packs an intelligent machine-learning based security firewall, a one-stop login protection system and a no false positive security scanner. All heavy lifting is done at our end that ensures your site’s security does not come at the cost of your site’s performance. MalCare is the most innovative and effective WordPress solution available.


  • MalCare Firewall starts protecting your site from the word go.
  • Rule based Protection from malicious request.
  • Analyse Firewall’s performance through request history, graphs and logs.
  • Have full control over the firewall. It comes with three options- Disable, Audit, and Protect.

Login Protection

  • Block brute force login attempts to stop malicious bots from gaining unauthorized access to your site. MalCare keeps a close watch on such activities and blocks them automatically.
  • MalCare ensures your site is accessed only by users who are approved by you.
  • MalCare asks users to enter Captcha after 3 failed attempts in last 30 minutes.
  • Temporary IP blocking after 6 failed attempts in last 30 minutes, makes all malicious login attempts futile.
  • Block all logins if more than 100 failed attempts are made in past 1 hour, therefore protecting both the site’s security as well as performance.
  • Whitelist IPs so known users don’t have to fill captchas.
  • MalCare provides a regular report containing all the unauthorized access recorded to your WordPress admin through wp-admin login history chart and logs.

Malware Scanner

  • Mitigate getting blacklisted by Google, being blocked by Webhosts or any possible security threats from the most complex malwares with MalCare’s comprehensive and powerful automatic website malware scanning.
  • Our automatic scanner instantly alerts you of any malware detected on your website. Scan your website, whenever you want. MalCare keeps track of all file modifications for an early detection of malware.
  • Detect even the most complicated and under-the-radar running malwares. MalCare intelligently uses more than 100 signals to investigate the website code ensuring that no malware skips our watch.
  • MalCare automatically scans all the files in your website to detect malware daily.

How to get started

You need to create an account with us at MalCare to use the plugin. The API key for your account can then be used to configure the plugin on your site.

How does MalCare work

MalCare consists of 2 parts:

  • The plugin which is installed on your WordPress site
  • Our servers which work in tandem with the plugin to ensure the security of your site.

The plugin monitors the traffic to the site, such as login attempts, visits and errors. It then records this data into your WordPress database.

The MalCare servers at regular intervals contact the plugin on your site to get the status of the above data. It then collates this data, along with the data from all the other sites on our network. This is then intelligently used to prevent attacks on all the sites on our network.

Ease of Use

MalCare’s zero configuration approach to security ensures anyone can use the plugin to protect their website. We focus on clear and concise communication that focuses on cogent message delivery. Unlike other services, we never intimidate users with useless technical jargons. MalCare is by-far the most innovative, easy to use and effective security service for WordPress.


Does MalCare work with all hosting providers?

MalCare works with all web hosts. We will protect your WordPress site, whether it’s on popular webhost like GoDaddy, BlueHost, HostGator, 1 & 1, DreamHost, WPEngine, etc.; or if it’s on a smaller web host.

What information does MalCare store?

We store data related to your site structure such as plugins/themes with their versions. This helps us identify vulnerabilities that maybe present on the site. We track the IPs of visitors to your site, to identify malicious actors who might attack your site.

Is MalCare Free

Yes, MalCare is a free service. There are paid plans also available for advanced usage. To know more about the plans and pricing, please visit our Pricing page

Do I need to pay for support and help?

No! We can be contacted at any time for any queries that you might have about MalCare. We try our best to be quick with the answers and help. Click here to get in touch with us!

What are the terms of subscription?

All plans are monthly/yearly subscriptions with no long term commitment required. You can cancel at any time from the account dashboard, if not happy with the service.

How do I register to use the service?

Please visit MalCare site to create an account for free. After signing up, you can configure the plugin with the API key.


Simple to use. Great support.

I’m using this along with the BlogVault backup solution. I’m very pleased. This has reduced server load since the scans are run from their server. Setup took 5 minutes. The team has been very responsive.

A great product

I’m using the Pro version of Malcare. This is by far the easiest security, firewall, malware cleaner I’ve ever worked with.

I’ve tried most other “similar” products. But this is my new standard solution to keep my web sites safe!

Wasn’t expecting to be blown away

I installed it, ran a scan, I was amazed because it totally works differently than ANY plugin I’ve ever used (in about 9 years of experience with WordPress). NOW I get it, I get what MalCare was talking about when they say it doesn’t use resources off your server—–that instead, you click settings and are bounced over into your MalCare dashboard. From there you can see all your sites.

It found Malware (that I KNEW was there) on a site where Sucuri Sitecheck couldn’t find a thing.

Tried to autoclean. Apparently it was a bit too involved for the autoclean to take care of it. So what was really cool, it listed all the questionable files in my dashboard. I just went one by one and knocked them all out. Rescanned and all was good.

Simple Security & Cleanup

Easy to install, no crazy configurations, don’t see any slow downs on site as with some other security plugins. DIY security is good if you have a lot of time and want to install a bunch of plugins. This one plugin handles it and I don’t need to worry or monitor as I know they will handle whatever is thrown at the site. I am always looking for plugin reduction and site optimization and this one fits that category.

Read all 6 reviews

Contributors & Developers

“MalCare Security and Firewall – Free Version” is open source software. The following people have contributed to this plugin.




  • First Release