MalCare Security Service: One-Stop WordPress Security Solution

MalCare is a complete security solution for WordPress sites and non-techie WP users. With the Malcare plugin installed, you can keep your WordPress site secure and protected with just a few clicks.

MalCare Security Service: One-Stop WordPress Security Solution

MalCare Security Service: One-Stop WordPress Security SolutionWordPress is the world’s leading  platform for building websites and for publishing and managing content online. Over 30% of all websites in the world are powered by WordPress, making the platform a huge target for hackers and malicious users looking for vulnerabilities that they can exploit and use to compromise a website.

According to security experts, 90,978 hack attempts are made on WordPress websites every minute!

Our own security reports and logs confirm this. We run a number of WordPress sites and these are constantly under attack …

WordPress sites are constantly under attack!

(WordPress sites are constantly under attack!)

If you have created a website without proper security planning and the right WordPress security plugins installed, then it’s only a matter of time before you fall prey to hack attempts.

Find Out If Your Website Has Been Hacked

(For more details, visit BlogVault. Source: Slideshare)

If you suspect that your website has been hacked, then check out this tutorial:

How To Prevent Your Website From Being Hacked

To prevent your WordPress website from being hacked, you should have a web security plan in place and choose security plugins that you can trust and that are well-supported.

MalCare

MalCare: One-Stop WordPress Security Solution

(MalCare: One-Stop WordPress Security Solution)

MalCare is regarded by many WordPress security experts and top WordPress plugin listicles as one of the best security solutions in the market.

MalCare is one of the best security solutions for WordPress!

(MalCare is one of the best security solutions for WordPress!)

What’s MalCare?

MalCare dashboard

(MalCare dashboard)

MalCare was built by the same company that developed BlogVault, a popular WordPress backup plugin with over 200,000 users. While working on BlogVault, they saw the need for a good security plugin and decided to build a comprehensive security solution that can detect, remove, and prevent hacking attempts.

What makes MalCare a better WordPress security plugin? First of all, this is a multidimensional solution created for non-technical users that allows you to keep your WordPress site secure with just a few clicks.

In this post, we are going to cover the following areas of using MalCare:

  • Installation and Setup
  • MalCare Dashboard
  • MalCare Scanner
  • MalCare Cleaner
  • MalCare Firewall
  • Website Hardening
  • Website Management
  • Secure Backups
  • MalCare Support

Installing MalCare

Installing and setting up MalCare requires no external help or technical assistance from experts.

Setting up MalCare and ensuring that your security plugin is running and keeping your site protected is a simple two-step process:

Step 1 – Add Your Site

First, sign up to  create an account, then log in.

After logging into the MalCare dashboard, add your site(s) to the MalCare dashboard by selecting the Add New Site button …

Add new site

(Add new site)

A field will display asking for the address of your website. Enter the URL of your site into the field and select the Next Step button …

Add a site

(Add a site)

Step 2 – Install The Plugin

You will be asked to enter your site’s admin login details. Type in the credentials to your site and MalCare will do the rest for you and begin securing your site.

Exploring The Dashboard

The MalCare dashboard provides a clean and intuitive interface that makes it easy to navigate to the various plugin sections and features.

The left-hand side of the dashboard provides one-click navigation links to help you access all the main features quickly.  The dashboard is neatly divided into five sections: Security, Management, Backup, Reporting, and White-Labelling. Below this, you will find everything you need to keep your site secure.

After performing an initial scan, your site will be marked with a security rating ranging from A to D (A is best and D is worst). The score is determined by an internal algorithm that tells you the health of your site.

Don’t be alarmed if your scan doesn’t result in an “A”. MalCare will tell you what you can do to improve the score.

There are four main features available in MalCare that you need to know about. Let’s take a deeper look at each of these features:

The Scanner

An impressive fact worth knowing is that MalCare was built after collecting data from over 240,000 websites. The scanner uses artificial intelligence to detect hard-to-find malware. MalCare scans sites at a scheduled time every day.

MalCare scanner

(MalCare scanner)

Apart from the scheduled scans, there is also a Scan Now option that lets you instantly run a scan and display the results.

Select the Scan Site option

(Select the ‘Scan Site’ option)

Scanning Technique

MalCare doesn’t just search for strings in the code to find malware. This technique is not sufficient to detect complex malware. It has a sophisticated algorithm along with AI that learns and discovers new and complex malware in your system with ease.

Reduces Load

Another reason why MalCare is impressive is that the scanning does not slow down your site. Instead, MalCare transfers your website data to its own server and runs the scan on the server.

After the scanning is done, if malware is found, the next step is to clean it.

The Cleaner

Cleaning malware is normally a time-consuming task. MalCare, however, makes this easy. The Auto Clean option is present in the Scanner section and the malware clean happens at the click of a button.

MalCare cleaner

(MalCare cleaner)

 If you are informed that your site has been hacked, all you need to do is press the button, and your website will be malware free! You will be informed of this by email and receive a notification alert on the dashboard.

No Technical Expertise Required

You don’t need technical experts to use the MalCare Cleaner. The entire cleaning process is simple and easy to follow and can be done by a non-technical person.

Thorough Malware Removal

The nature of malware programs is that even after being removed, many will try to make a comeback by finding a backdoor. MalCare was built to prevent these kinds of issues. After running the cleaner, most malware issues should be permanently resolved.

Precision

The MalCare cleaner works in a way that does not affect any part of your site while removing malware. It takes care of the files that were hacked and leaves your clean files untouched.

Many people will recommend performing a manual clean up after your site has been hacked. This kind of cleanup, however, is considered outdated. MalCare employs the latest technologies to clean a site with the click of a button!

Your site is now clean!

(Your site is now clean!)

While removing existing malware is essential, the next important step is preventing malware from infiltrating your website again.

Website Hardening

WordPress recommends certain website hardening measures to improve website security. To perform those measures, however, requires some technical knowledge. MalCare makes it easy to perform these measures. Based on the level of security required, MalCare offers three types of protection.

MalCare website hardening

(MalCare website hardening)

1. Essentials
  • Block PHP Execution in Untrusted Folders
  • Change Database Prefix
  • Disable Files Editor
2. Advanced
  • Block Plugin/Theme Installation
3. Paranoid
  • Reset all Passwords
  • Change Security Keys

MalCare performs these actions when the above security levels are enabled. Here are a few technical aspects of the website hardening feature.

Security Keys

These are stored by default on the database of the site. However, it can be dangerous as it is an easy target for hackers. With MalCare, these keys can be replaced with a new set of keys that are stronger. They are also placed in a more secure location.

PHP files

Attacks caused due to the execution of PHP files in the uploads folder are frequent, but MalCare efficiently takes care of this too!

Prevents Plugin Installations

Rogue plugins and themes are an easy way for hackers to get into your site. MalCare detects them at the initial scan itself. It will disable these installations and reduce the risk factor.

You can select your preferred security level and choose the actions to take when you navigate to the website hardening feature. The hardening feature is highly recommended even if you have not experienced hacking issues.

MalCare Firewall

MalCare Firewall is a feature enabled to fortify your website and protect it from hackers. This feature is automatically activated when a site is added to MalCare.

MalCare firewall

(MalCare firewall)

However, you can disable if you wish. MalCare filters the traffic coming from the outside world in two ways:

IP Blocking

MalCare scans more than 100,000 websites in search for bad IPs. These are the ones that are known to harm your website when they visit it. So whenever one of these IP addresses try to gain access from your site, the firewall blocks it!

MalCare traffic log

(MalCare traffic log)

Login Protection

Some hackers continuously try to gain access to your site by trying different combinations of passwords. MalCare blocks them after a few unsuccessful attempts by deploying a CAPTCHA.

This feature will make you feel a lot safer, so ensure that the firewall remains enabled all the time.

MalCare login logs

(MalCare login logs)

Integrated Backup

Backups are an essential part of website security. They are your safety net if a hacker gains access to your site and wipes out your files and data. With MalCare’s powerful backup service, your sites will remain protected and you always have access to your backups.

Website Management

MalCare has a website Management section where you can manage your dashboard, update plugins, themes, and a lot more. The site also has a feature that alerts you if your plugins are outdated!

Additionally, you can change passwords, user roles or even delete users who have access to your WordPress site.

MalCare website management

(MalCare website management)

MalCare Support

If you need support or have any questions or concerns about the features or the technology behind MalCare, you will find that the MalCare support team is very responsive and eager to share their knowledge with you.

Recommendation: Install The MalCare Plugin

The features in MalCare are simple and easy-to-use. If you own or manage multiple WordPress sites, adding these to the dashboard is just a simple ‘rinse and repeat’ process. MalCare is a robust WordPress security solution backed by a solid support team and extensive help documentation.

With MalCare’s Scanner actively looking after your WordPress sites on a daily basis, you will have peace of mind knowing that your sites will be safer.

Using the Cleaner is easy and the procedure takes only a few minutes. Use the Website Hardening feature to lock down the backend of your site(s). Malcare also provides two additional useful features for agencies, web developers, or anyone managing client websites: White-Labelling and Client Reporting.

MalCare is very reasonably priced and offers a range of options to suit your needs, depending on how many sites you need to protect and manage.

If you are a WordPress site owner, we recommend installing the MalCare security plugin and using the service as part of your regular website management and security maintenance process.

For more details, go here: MalCare – Complete WordPress Security Solution

How To Stop Comment Spam On Your WordPress Media Attachment Pages

Learn how to prevent spammers posting comments on your WordPress media file attachment pages …

How To Stop Comment Spam On Your WordPress Media Attachment Pages

How To Stop Comment Spam On Your WordPress Media Attachment PagesAre you getting comment spam on your WordPress media attachment pages?

This step-by-step tutorial will show you how to delete comment spam from your media attachments and how to prevent this from happening in the future.

Spammers can be quite devious when it comes to finding new ways to spam your site. Recently, while doing some administration work, I received an automated email notification message from one of my sites that a spam comment had been posted on a media file attachment page …

WordPress comment notification email

(WordPress comment notification email)

My first thought was “How did spammers get to my media files?”

After logging into the site, clicking on the ‘Comments’ menu and verifying that the spam comment had indeed been posted on a media file attachment page, my second thought was … “Oh no! I’ve uploaded a bunch of media files to this site, so I need to shut down hundreds of pages that spammers can target!”

WordPress Comments section

(WordPress Comments section)

I then checked some of the media file attachments pages on the site and saw that the “comments” section was enabled …

Media file attachment page - Comments enabled

(Media file attachment page – Comments enabled)

This was a new site that I had quickly set up and hadn’t finished fully configuring. To prevent further comment spam from being posted on the site through its media attachment pages, I now had to disable the ‘Discussions’ feature for all existing media items.

The tutorial below will show you how to delete comment spam posted to existing media file attachment pages and how to prevent new comment spam from being posted to these pages in the future

How To Delete Comment Spam On Existing Media File Attachment Pages

Useful Tip

Normally, the best way to prevent comment spam is to configure your discussion settings as shown in the tutorial below:

Also, unless certain plugins or features installed on your site require you to upload and use images from the WordPress Media Library, we recommend storing and serving all media used on your website from a media storage and delivery service like Amazon S3.

How To Delete Comment Spam On Existing Media File Attachment Pages Manually

To delete comment spam from existing media file attachment pages, log into your WordPress admin, go to the main menu in your dashboard and select Media > Library …

WordPress Menu: Media > Library

(WordPress Menu: Media > Library)

This brings you to the Media Library screen.

Media Library Grid View

The screenshot below shows items uploaded to your media library displayed as a grid.

To disable comments on media files in the grid view, click on a media element …

WordPress Media Library - Grid Layout

(WordPress Media Library – Grid Layout)

This brings you to the Attachment Details screen.  Click on the ‘View attachment page’ link …

Attachment Details - View attachment page

(Attachment Details – View attachment page)

We need to turn comments off on this page. To do this, click on ‘Edit Media’ in your WordPress admin toolbar

WordPress admin toolbar - Edit Media

(WordPress admin toolbar – Edit Media)

In the Edit Media screen, scroll down to the ‘Discussion’ section and untick the ‘Allow comments’ checkbox to disable comments for that media element’s page …

Edit Media - Discussions

(Edit Media – Discussions)

If you can’t see the Discussion section, scroll to the top of your page and click on the Screen Options tab …

Screen Options tab

(Screen Options tab)

Make sure that the ‘Discussion’ checkbox is enabled in the ‘Boxes’ section …

Screen Options - Boxes > Discussion

(Screen Options – Boxes > Discussion)

After disabling the ‘Allow comments’ checkbox, click Update to save your new settings …

Comments disabled. Update to save your settings

(Comments disabled. Update to save your settings)

Make sure that your media file has been updated. Comments are now disabled for your media attachment page.

Media file updated

(Media file updated)

Useful Tip

Note: If you have sharing features enabled for your media files through a plugin, you may also want to consider disabling sharing options on you media attachments pages (unless you need to leave these turned on) …

Consider disabling sharing features on media attachment pages

(Consider disabling sharing features on media attachment pages)

If using a plugin like Jetpack, for example, you can configure your sharing options to make sure that buttons don’t appear in places where they are not useful or required …

Jetpack Sharing Options

(Jetpack Sharing Options)

Media Library List View

A quicker way to edit your media files attachment pages is to display your media library in ‘List’ view. This way, you can go to the Edit Media screen directly by clicking on the ‘Edit’ link in the Quick Edit menu …

Media Library - Quick Edit > Edit

(Media Library – Quick Edit > Edit)

In the Edit Media screen, disable the ‘Allow comments’ checkbox in the Discussion section to disable comments, then resave the page to update your settings …

Edit Media screen - Disable comments in Discussion section

(Edit Media screen – Disable comments in Discussion section)

What If You Have Too Many Media Elements In Your Media Library … ?

If you have too many media elements uploaded to the WordPress Media Library, then disabling comments for each item manually can become a long and painful task …

What if you have too many media elements to update manually?

(What if you have too many media elements to update manually?)

In this case, we recommend using a plugin.

There are a number of plugins available for WordPress that allow you to disable comments on your site. Let’s take a look at one of these …

Disable Comments

WordPress plugin - Disable Comments

(WordPress plugin – Disable Comments)

Disable Comments is a free WordPress plugin that allows site administrators to disable comments globally on any post type (posts, pages, media attachments, etc.)

It also removes all comment-related fields from edit and quick-edit screens, the WordPress Dashboard, Widgets, the Admin Menu, and the Admin Bar. On multisite installations, it can be used to disable comments on your entire network.

Note: Don’t use this plugin if you want to selectively disable comments on individual posts. This plugin should be used if you don’t want comments at all on your site (or on certain post types), as the plugin settings cannot be overridden for individual posts.

To install the plugin, go to Plugins > Add Plugins and type in “disable comments” in the ‘Keyword’ field …

Plugins > Add Plugins

(Plugins > Add Plugins)

To use the ‘Disable Comments’ plugin, locate the item and click on the ‘Install Now’ button …

Add Plugins > Install Now

(Add Plugins > Install Now)

Click on ‘Activate’ …

Add Plugins > Activate

(Add Plugins > Activate)

After the plugin has been installed and activated, visit the configuration page to configure the plugin’s settings …

Plugin activated

(Plugin activated)

You can also access the plugin settings screen by going to Settings > Disable Comments.

Select the option that best suits your needs (e.g. disable comments throughout your site or only on selected post types – in this case ‘Media’) and click ‘Save Changes’ to update your settings …

Disable Comments screen

(Disable Comments screen)

After configuring and saving your settings, it’s time to check that everything is working as it should.

Go back to your Media Library section by selecting Media > Library from the main menu …

WordPress Menu - Media > Library

(WordPress Menu – Media > Library)

Select a media element that has not been updated yet, and right-click on ‘Edit’ to open the attachment page in a new browser tab …

Media Library - Edit

(Media Library – Edit)

The ‘Discussion’ and ‘Comments’ features should be disabled on the page …

Discussion feature disabled in media attachment page

(Discussion feature disabled in media attachment page)

These features should also have been disabled in the Screen Options tab …

Discussion feature disabled in Screen Options tab

(Discussion feature disabled in Screen Options tab)

And if you visit the media attachment page itself, you should not see the Comments field displayed (No Comments field = No Comment Spam!)

No Comments field = No Comment Spam!

(No Comment!)

Hopefully, this tutorial has helped you with stopping or preventing comment spam from being posted on your WordPress media attachment pages.

How To Stop Comment Spam On Your WordPress Media Attachment Pages

How To Fix Can’t Change WordPress Website Address – Greyed Out URLs

Are your WordPress Address (URL) and WordPress Site Address (URL) greyed out? This step-by-step tutorial shows you how to fix this issue.

How To Fix Can't Change WordPress Website Address - Greyed Out URLsThis tutorial is part of our FREE WordPress Management training and WordPress Troubleshooting tutorial series.

In this series of step-by-step tutorials, we show you how to troubleshoot and fix common WordPress errors.

If you plan to move your WordPress installation to another directory or change your website from ‘http’ to ‘https’, you will need to edit the URLs in your Settings > General Settings section.

If these fields are greyed out, however, the fields will be uneditable  …

WordPress General Settings - Greyed out URLs

(WordPress General Settings – Greyed out URLs)

If you find that your WordPress Address (URL) and Site Address (URL) are greyed out on your Settings > General Settings section, the step-by-step tutorial below will show you how to easily fix this issue.

For help configuring your General Settings section, see this tutorial:

Useful Information

Important: Always do a backup of your WordPress site (files and database) before modifying any files or performing any upgrades or installations! 

If you don’t want to back up your data yourself, then consider getting professional WordPress assistance, or use backup plugins.

How To Fix Can’t Change WordPress Website Address – Greyed Out URLs

Greyed out WordPress Address and Site Address URLs can be caused when someone moves or clones a WordPress site but forgets to delete a couple of lines of code or the migration process is interrupted, making the fields uneditable in the General Settings section …

WordPress General Settings - Greyed out URLs

(WordPress General Settings – Greyed out URLs)

To fix this issue, you will need to edit the wp-config.php file in your WordPress installation, either using FTP software, or File Manager in cPanel.

For this tutorial, we’ll use File Manager in cPanel.

How To Edit wp-config.php File Using cPanel File Manager

If your WordPress site is hosted on a server with cPanel installed, log into your cPanel control area and click on File Manager (Files > File Manager) …

cPanel Files - File Manager

(cPanel Files – File Manager)

Most WordPress installations are found inside the ‘public_html’ directory. Double-click on ‘public_html’ to open the directory folder …

cPanel File Manager - public_html directory

(cPanel File Manager – public_html directory)

Locate and select the wp-config.php file …

wp-config.php file

(wp-config.php file)

With wp-config.php selected, click on Edit to open the file (note: we recommend making a backup of the file before editing. To do this, select ‘Download’ first and save a copy of the file to your hard drive) …

File Manager - Edit function

(File Manager – Edit function)

A warning dialog window may pop up reminding you to back up the original file. Click on ‘Edit’ to proceed …

Edit dialog window

(Edit dialog window)

Scroll down through the code in this file until you find the two lines shown below (define ‘WP HOME’ and define ‘WP SITEURL’). The ‘yourdomain.com’ URLs should display your actual domain …

Find these two lines in wp-config.php

(Find these two lines in wp-config.php)

Select only these two lines inside the wp-config.php file, nothing else …

Select define 'WP HOME' and define 'WP SITEURL'

(Select define ‘WP HOME’ and define ‘WP SITEURL’)

Delete only these two lines, nothing else …

Delete define 'WP HOME' and define 'WP SITEURL'

(Delete define ‘WP HOME’ and define ‘WP SITEURL’)

After deleting these two lines of code, the section of your wp-config.php file should look like the screenshot below …

wp-config.php file with define 'WP HOME' and define 'WP SITEURL' lines removed

(wp-config.php file with define ‘WP HOME’ and define ‘WP SITEURL’ lines removed)

Click the ‘Save Changes’ button to save and update your wp-config.php file and then click ‘Close’ to exit the editing window in File Manager …

Save changes in your wp-config.php file

(Save changes in your wp-config.php file)

Log out of cPanel and log into your WordPress site’s admin area, then click on Settings > General in the main menu. The WordPress Address (URL) and Site Address (URL) fields should no longer be greyed out, but restored to normal and editable once again …

WordPress Address (URL) and Site Address (URL) fields are no longer greyed out

(WordPress Address (URL) and Site Address (URL) fields are no longer greyed out)

Useful Info

The above should fix this issue in most instances. If you are still experiencing issues with greyed out URLs, contact your website developer or web hosting company for help.

Congratulations! Now you know how to fix the issue of greyed out URLs preventing you from changing your WordPress site address URLs in the General Settings section.

How To Fix Can't Change WordPress Website Address - Greyed Out URLs

More WordPress Troubleshooting Tutorials

Refer to the tutorials in the section below if you experience any other errors with WordPress:

***

"This is an awesome training series. I have a pretty good understanding of WordPress already, but this is helping me to move somewhere from intermediate to advanced user!" - Kim Lednum

***