Security & Firewall – MalCare Security


MalCare Security: The Most Innovative WordPress Security and Firewall Plugin

MalCare is truly a one-click security solution for your website. Developed by the team behind BlogVault, MalCare plugin packs an intelligent machine-learning based security firewall, a one-stop login protection system and a no false positive security scanner. All the heavy lifting is done at our end which ensures your site’s security does not come at the cost of your site’s performance. The built-in Firewall ensures your site’s all-round security. MalCare is the most innovative and effective WordPress security solution available.


  • MalCare Firewall starts protecting your site from the word go.
  • MalCare Firewall has a rule based Protection system from malicious request.
  • Analyse Firewall performance through request history, graphs and logs.
  • Have full control over the firewall. It comes with three options- Disable, Audit, and Protect.

Login Protection

  • Block brute force login attempts to stop malicious bots from gaining unauthorized access to your site. MalCare keeps a close watch on such activities and blocks them automatically.
  • MalCare ensures your site is accessed only by users who are approved by you.
  • MalCare asks users to enter CAPTCHA after 3 failed attempts in last 30 minutes.
  • Prevent a hack with temporary IP blocking after 6 failed attempts in last 30 minutes, makes all malicious login attempts futile.
  • Block all logins if more than 100 failed attempts are made in past 1 hour, therefore protecting both the site’s security as well as performance.
  • Whitelist IPs so known users don’t have to fill captchas.
  • MalCare provides a regular report containing all the unauthorized access recorded to your WordPress admin through wp-admin login history chart and logs.

Malware Scanner

  • Mitigate getting blacklisted by Google, being blocked by web hosts or any possible security threats from the most complex malware with MalCare’s comprehensive and powerful automatic website malware scanning.
  • Our automatic scanner instantly alerts you of any malware detected on your website. Scan your website, whenever you want. MalCare keeps track of all file modifications for an early detection of malware.
  • Detect even the most complicated and under-the-radar running malware. MalCare intelligently uses more than 100 signals to investigate the website code ensuring that no malware skips our watch.
  • MalCare automatically scans all the files in your website to detect malware daily.

How to get started

You need to create an account with us at MalCare to use the security plugin. The API key for your account can then be used to configure the plugin on your site.

How does MalCare work?

MalCare consists of 2 parts:

  • The security plugin which is installed on your WordPress site
  • Our servers which work in tandem with the plugin to ensure the security of your site.

The security plugin monitors the traffic to the site, such as login attempts, visits and errors. It then records this data into your WordPress database.

The MalCare servers at regular intervals contact the security plugin on your site to get the status of the above data. It then collates this data, along with the data from all the other sites on our network. This is then intelligently used to prevent hacks on all the sites on our network, for your website security.

Ease of Use

MalCare’s zero configuration approach to security ensures anyone can use the plugin to protect their website. Unlike other services, we never intimidate users with useless technical or security jargons. MalCare is by-far the most innovative, easy to use and effective security service for WordPress.


Does MalCare work with all hosting providers?

MalCare works with all web hosts. We will protect your WordPress site, whether it’s on popular webhost like GoDaddy, BlueHost, HostGator, 1 & 1, DreamHost, WPEngine, etc.; or if it’s on a smaller web host.

What information does MalCare store?

We store data related to your site structure such as plugins/themes with their versions. This helps us identify vulnerabilities that maybe present on the site. We track the IPs of visitors to your site, to identify malicious actors who might attack your site.

Is MalCare Free

Yes, MalCare is a free service. There are paid plans also available for advanced usage. To know more about the plans and pricing, please visit our Pricing page

Do I need to pay for support and help?

No! We can be contacted at any time for any queries that you might have about MalCare. We try our best to be quick with the answers and help. Click here to get in touch with us!

What are the terms of subscription?

All plans are monthly/yearly subscriptions with no long term commitment required. You can cancel at any time from the account dashboard, if not happy with the service.

How do I register to use the service?

Please visit MalCare site to create an account for free. After signing up, you can configure the plugin with the API key.


A great tool

I use this tool complementary to another one, and it is better - found leftovers from a malware i had and allowed me to clean it (the top competitor did not find it). love it!

Nice to not have to worry

It's nice to know that my site is being monitored by MalCare. It's one less thing I have to worry about thereby giving me more time to work on my business.
Read all 16 reviews

Contributors & Developers

“Security & Firewall – MalCare Security” is open source software. The following people have contributed to this plugin.




  • Disable form on submit


  • Setting blocked page to be non-cacheable


  • Updating tested upto 5.0


  • Adding Geoblocking functionality


  • Adding function_exists for getmyuid and get_current_user functions


  • Removing create_funtion for PHP 7.2 compatibility


  • Ability to show captcha for all login blocked


  • Adding Misc Callback


  • Adding logout functionality in the plugin


  • Adding support for chunked base64 encoding


  • Updating upload rows


  • Updating TOS and privacy policies


  • Bug fixes for lp and fw


  • SSL support in plugin for API calls
  • Adding support for plugin branding


  • First Release