MalCare Security Service: One-Stop WordPress Security Solution

MalCare is a complete security solution for WordPress sites and non-techie WP users. With the Malcare plugin installed, you can keep your WordPress site secure and protected with just a few clicks.

MalCare Security Service: One-Stop WordPress Security Solution

MalCare Security Service: One-Stop WordPress Security SolutionWordPress is the world’s leading  platform for building websites and for publishing and managing content online. Over 30% of all websites in the world are powered by WordPress, making the platform a huge target for hackers and malicious users looking for vulnerabilities that they can exploit and use to compromise a website.

According to security experts, 90,978 hack attempts are made on WordPress websites every minute!

Our own security reports and logs confirm this. We run a number of WordPress sites and these are constantly under attack …

WordPress sites are constantly under attack!

(WordPress sites are constantly under attack!)

If you have created a website without proper security planning and the right WordPress security plugins installed, then it’s only a matter of time before you fall prey to hack attempts.

Find Out If Your Website Has Been Hacked

(For more details, visit BlogVault. Source: Slideshare)

If you suspect that your website has been hacked, then check out this tutorial:

How To Prevent Your Website From Being Hacked

To prevent your WordPress website from being hacked, you should have a web security plan in place and choose security plugins that you can trust and that are well-supported.


MalCare: One-Stop WordPress Security Solution

(MalCare: One-Stop WordPress Security Solution)

MalCare is regarded by many WordPress security experts and top WordPress plugin listicles as one of the best security solutions in the market.

MalCare is one of the best security solutions for WordPress!

(MalCare is one of the best security solutions for WordPress!)

What’s MalCare?

MalCare dashboard

(MalCare dashboard)

MalCare was built by the same company that developed BlogVault, a popular WordPress backup plugin with over 200,000 users. While working on BlogVault, they saw the need for a good security plugin and decided to build a comprehensive security solution that can detect, remove, and prevent hacking attempts.

What makes MalCare a better WordPress security plugin? First of all, this is a multidimensional solution created for non-technical users that allows you to keep your WordPress site secure with just a few clicks.

In this post, we are going to cover the following areas of using MalCare:

  • Installation and Setup
  • MalCare Dashboard
  • MalCare Scanner
  • MalCare Cleaner
  • MalCare Firewall
  • Website Hardening
  • Website Management
  • Secure Backups
  • MalCare Support

Installing MalCare

Installing and setting up MalCare requires no external help or technical assistance from experts.

Setting up MalCare and ensuring that your security plugin is running and keeping your site protected is a simple two-step process:

Step 1 – Add Your Site

First, sign up to  create an account, then log in.

After logging into the MalCare dashboard, add your site(s) to the MalCare dashboard by selecting the Add New Site button …

Add new site

(Add new site)

A field will display asking for the address of your website. Enter the URL of your site into the field and select the Next Step button …

Add a site

(Add a site)

Step 2 – Install The Plugin

You will be asked to enter your site’s admin login details. Type in the credentials to your site and MalCare will do the rest for you and begin securing your site.

Exploring The Dashboard

The MalCare dashboard provides a clean and intuitive interface that makes it easy to navigate to the various plugin sections and features.

The left-hand side of the dashboard provides one-click navigation links to help you access all the main features quickly.  The dashboard is neatly divided into five sections: Security, Management, Backup, Reporting, and White-Labelling. Below this, you will find everything you need to keep your site secure.

After performing an initial scan, your site will be marked with a security rating ranging from A to D (A is best and D is worst). The score is determined by an internal algorithm that tells you the health of your site.

Don’t be alarmed if your scan doesn’t result in an “A”. MalCare will tell you what you can do to improve the score.

There are four main features available in MalCare that you need to know about. Let’s take a deeper look at each of these features:

The Scanner

An impressive fact worth knowing is that MalCare was built after collecting data from over 240,000 websites. The scanner uses artificial intelligence to detect hard-to-find malware. MalCare scans sites at a scheduled time every day.

MalCare scanner

(MalCare scanner)

Apart from the scheduled scans, there is also a Scan Now option that lets you instantly run a scan and display the results.

Select the Scan Site option

(Select the ‘Scan Site’ option)

Scanning Technique

MalCare doesn’t just search for strings in the code to find malware. This technique is not sufficient to detect complex malware. It has a sophisticated algorithm along with AI that learns and discovers new and complex malware in your system with ease.

Reduces Load

Another reason why MalCare is impressive is that the scanning does not slow down your site. Instead, MalCare transfers your website data to its own server and runs the scan on the server.

After the scanning is done, if malware is found, the next step is to clean it.

The Cleaner

Cleaning malware is normally a time-consuming task. MalCare, however, makes this easy. The Auto Clean option is present in the Scanner section and the malware clean happens at the click of a button.

MalCare cleaner

(MalCare cleaner)

 If you are informed that your site has been hacked, all you need to do is press the button, and your website will be malware free! You will be informed of this by email and receive a notification alert on the dashboard.

No Technical Expertise Required

You don’t need technical experts to use the MalCare Cleaner. The entire cleaning process is simple and easy to follow and can be done by a non-technical person.

Thorough Malware Removal

The nature of malware programs is that even after being removed, many will try to make a comeback by finding a backdoor. MalCare was built to prevent these kinds of issues. After running the cleaner, most malware issues should be permanently resolved.


The MalCare cleaner works in a way that does not affect any part of your site while removing malware. It takes care of the files that were hacked and leaves your clean files untouched.

Many people will recommend performing a manual clean up after your site has been hacked. This kind of cleanup, however, is considered outdated. MalCare employs the latest technologies to clean a site with the click of a button!

Your site is now clean!

(Your site is now clean!)

While removing existing malware is essential, the next important step is preventing malware from infiltrating your website again.

Website Hardening

WordPress recommends certain website hardening measures to improve website security. To perform those measures, however, requires some technical knowledge. MalCare makes it easy to perform these measures. Based on the level of security required, MalCare offers three types of protection.

MalCare website hardening

(MalCare website hardening)

1. Essentials
  • Block PHP Execution in Untrusted Folders
  • Change Database Prefix
  • Disable Files Editor
2. Advanced
  • Block Plugin/Theme Installation
3. Paranoid
  • Reset all Passwords
  • Change Security Keys

MalCare performs these actions when the above security levels are enabled. Here are a few technical aspects of the website hardening feature.

Security Keys

These are stored by default on the database of the site. However, it can be dangerous as it is an easy target for hackers. With MalCare, these keys can be replaced with a new set of keys that are stronger. They are also placed in a more secure location.

PHP files

Attacks caused due to the execution of PHP files in the uploads folder are frequent, but MalCare efficiently takes care of this too!

Prevents Plugin Installations

Rogue plugins and themes are an easy way for hackers to get into your site. MalCare detects them at the initial scan itself. It will disable these installations and reduce the risk factor.

You can select your preferred security level and choose the actions to take when you navigate to the website hardening feature. The hardening feature is highly recommended even if you have not experienced hacking issues.

MalCare Firewall

MalCare Firewall is a feature enabled to fortify your website and protect it from hackers. This feature is automatically activated when a site is added to MalCare.

MalCare firewall

(MalCare firewall)

However, you can disable if you wish. MalCare filters the traffic coming from the outside world in two ways:

IP Blocking

MalCare scans more than 100,000 websites in search for bad IPs. These are the ones that are known to harm your website when they visit it. So whenever one of these IP addresses try to gain access from your site, the firewall blocks it!

MalCare traffic log

(MalCare traffic log)

Login Protection

Some hackers continuously try to gain access to your site by trying different combinations of passwords. MalCare blocks them after a few unsuccessful attempts by deploying a CAPTCHA.

This feature will make you feel a lot safer, so ensure that the firewall remains enabled all the time.

MalCare login logs

(MalCare login logs)

Integrated Backup

Backups are an essential part of website security. They are your safety net if a hacker gains access to your site and wipes out your files and data. With MalCare’s powerful backup service, your sites will remain protected and you always have access to your backups.

Website Management

MalCare has a website Management section where you can manage your dashboard, update plugins, themes, and a lot more. The site also has a feature that alerts you if your plugins are outdated!

Additionally, you can change passwords, user roles or even delete users who have access to your WordPress site.

MalCare website management

(MalCare website management)

MalCare Support

If you need support or have any questions or concerns about the features or the technology behind MalCare, you will find that the MalCare support team is very responsive and eager to share their knowledge with you.

Recommendation: Install The MalCare Plugin

The features in MalCare are simple and easy-to-use. If you own or manage multiple WordPress sites, adding these to the dashboard is just a simple ‘rinse and repeat’ process. MalCare is a robust WordPress security solution backed by a solid support team and extensive help documentation.

With MalCare’s Scanner actively looking after your WordPress sites on a daily basis, you will have peace of mind knowing that your sites will be safer.

Using the Cleaner is easy and the procedure takes only a few minutes. Use the Website Hardening feature to lock down the backend of your site(s). Malcare also provides two additional useful features for agencies, web developers, or anyone managing client websites: White-Labelling and Client Reporting.

MalCare is very reasonably priced and offers a range of options to suit your needs, depending on how many sites you need to protect and manage.

If you are a WordPress site owner, we recommend installing the MalCare security plugin and using the service as part of your regular website management and security maintenance process.

For more details, go here: MalCare – Complete WordPress Security Solution

How To Stop Comment Spam On Your WordPress Media Attachment Pages

Learn how to prevent spammers posting comments on your WordPress media file attachment pages …

How To Stop Comment Spam On Your WordPress Media Attachment Pages

How To Stop Comment Spam On Your WordPress Media Attachment PagesAre you getting comment spam on your WordPress media attachment pages?

This step-by-step tutorial will show you how to delete comment spam from your media attachments and how to prevent this from happening in the future.

Spammers can be quite devious when it comes to finding new ways to spam your site. Recently, while doing some administration work, I received an automated email notification message from one of my sites that a spam comment had been posted on a media file attachment page …

WordPress comment notification email

(WordPress comment notification email)

My first thought was “How did spammers get to my media files?”

After logging into the site, clicking on the ‘Comments’ menu and verifying that the spam comment had indeed been posted on a media file attachment page, my second thought was … “Oh no! I’ve uploaded a bunch of media files to this site, so I need to shut down hundreds of pages that spammers can target!”

WordPress Comments section

(WordPress Comments section)

I then checked some of the media file attachments pages on the site and saw that the “comments” section was enabled …

Media file attachment page - Comments enabled

(Media file attachment page – Comments enabled)

This was a new site that I had quickly set up and hadn’t finished fully configuring. To prevent further comment spam from being posted on the site through its media attachment pages, I now had to disable the ‘Discussions’ feature for all existing media items.

The tutorial below will show you how to delete comment spam posted to existing media file attachment pages and how to prevent new comment spam from being posted to these pages in the future

How To Delete Comment Spam On Existing Media File Attachment Pages

Useful Tip

Normally, the best way to prevent comment spam is to configure your discussion settings as shown in the tutorial below:

Also, unless certain plugins or features installed on your site require you to upload and use images from the WordPress Media Library, we recommend storing and serving all media used on your website from a media storage and delivery service like Amazon S3.

How To Delete Comment Spam On Existing Media File Attachment Pages Manually

To delete comment spam from existing media file attachment pages, log into your WordPress admin, go to the main menu in your dashboard and select Media > Library …

WordPress Menu: Media > Library

(WordPress Menu: Media > Library)

This brings you to the Media Library screen.

Media Library Grid View

The screenshot below shows items uploaded to your media library displayed as a grid.

To disable comments on media files in the grid view, click on a media element …

WordPress Media Library - Grid Layout

(WordPress Media Library – Grid Layout)

This brings you to the Attachment Details screen.  Click on the ‘View attachment page’ link …

Attachment Details - View attachment page

(Attachment Details – View attachment page)

We need to turn comments off on this page. To do this, click on ‘Edit Media’ in your WordPress admin toolbar

WordPress admin toolbar - Edit Media

(WordPress admin toolbar – Edit Media)

In the Edit Media screen, scroll down to the ‘Discussion’ section and untick the ‘Allow comments’ checkbox to disable comments for that media element’s page …

Edit Media - Discussions

(Edit Media – Discussions)

If you can’t see the Discussion section, scroll to the top of your page and click on the Screen Options tab …

Screen Options tab

(Screen Options tab)

Make sure that the ‘Discussion’ checkbox is enabled in the ‘Boxes’ section …

Screen Options - Boxes > Discussion

(Screen Options – Boxes > Discussion)

After disabling the ‘Allow comments’ checkbox, click Update to save your new settings …

Comments disabled. Update to save your settings

(Comments disabled. Update to save your settings)

Make sure that your media file has been updated. Comments are now disabled for your media attachment page.

Media file updated

(Media file updated)

Useful Tip

Note: If you have sharing features enabled for your media files through a plugin, you may also want to consider disabling sharing options on you media attachments pages (unless you need to leave these turned on) …

Consider disabling sharing features on media attachment pages

(Consider disabling sharing features on media attachment pages)

If using a plugin like Jetpack, for example, you can configure your sharing options to make sure that buttons don’t appear in places where they are not useful or required …

Jetpack Sharing Options

(Jetpack Sharing Options)

Media Library List View

A quicker way to edit your media files attachment pages is to display your media library in ‘List’ view. This way, you can go to the Edit Media screen directly by clicking on the ‘Edit’ link in the Quick Edit menu …

Media Library - Quick Edit > Edit

(Media Library – Quick Edit > Edit)

In the Edit Media screen, disable the ‘Allow comments’ checkbox in the Discussion section to disable comments, then resave the page to update your settings …

Edit Media screen - Disable comments in Discussion section

(Edit Media screen – Disable comments in Discussion section)

What If You Have Too Many Media Elements In Your Media Library … ?

If you have too many media elements uploaded to the WordPress Media Library, then disabling comments for each item manually can become a long and painful task …

What if you have too many media elements to update manually?

(What if you have too many media elements to update manually?)

In this case, we recommend using a plugin.

There are a number of plugins available for WordPress that allow you to disable comments on your site. Let’s take a look at one of these …

Disable Comments

WordPress plugin - Disable Comments

(WordPress plugin – Disable Comments)

Disable Comments is a free WordPress plugin that allows site administrators to disable comments globally on any post type (posts, pages, media attachments, etc.)

It also removes all comment-related fields from edit and quick-edit screens, the WordPress Dashboard, Widgets, the Admin Menu, and the Admin Bar. On multisite installations, it can be used to disable comments on your entire network.

Note: Don’t use this plugin if you want to selectively disable comments on individual posts. This plugin should be used if you don’t want comments at all on your site (or on certain post types), as the plugin settings cannot be overridden for individual posts.

To install the plugin, go to Plugins > Add Plugins and type in “disable comments” in the ‘Keyword’ field …

Plugins > Add Plugins

(Plugins > Add Plugins)

To use the ‘Disable Comments’ plugin, locate the item and click on the ‘Install Now’ button …

Add Plugins > Install Now

(Add Plugins > Install Now)

Click on ‘Activate’ …

Add Plugins > Activate

(Add Plugins > Activate)

After the plugin has been installed and activated, visit the configuration page to configure the plugin’s settings …

Plugin activated

(Plugin activated)

You can also access the plugin settings screen by going to Settings > Disable Comments.

Select the option that best suits your needs (e.g. disable comments throughout your site or only on selected post types – in this case ‘Media’) and click ‘Save Changes’ to update your settings …

Disable Comments screen

(Disable Comments screen)

After configuring and saving your settings, it’s time to check that everything is working as it should.

Go back to your Media Library section by selecting Media > Library from the main menu …

WordPress Menu - Media > Library

(WordPress Menu – Media > Library)

Select a media element that has not been updated yet, and right-click on ‘Edit’ to open the attachment page in a new browser tab …

Media Library - Edit

(Media Library – Edit)

The ‘Discussion’ and ‘Comments’ features should be disabled on the page …

Discussion feature disabled in media attachment page

(Discussion feature disabled in media attachment page)

These features should also have been disabled in the Screen Options tab …

Discussion feature disabled in Screen Options tab

(Discussion feature disabled in Screen Options tab)

And if you visit the media attachment page itself, you should not see the Comments field displayed (No Comments field = No Comment Spam!)

No Comments field = No Comment Spam!

(No Comment!)

Hopefully, this tutorial has helped you with stopping or preventing comment spam from being posted on your WordPress media attachment pages.

How To Stop Comment Spam On Your WordPress Media Attachment Pages

How To Create A Site Map With Post Images And Descriptions In WordPress

Learn how to create an HTML site map with post images and descriptions for your visitors without touching code in this WordPress ‘quick tips’ tutorial …

How To Create A Site Map With Post Images And Descriptions In WordPress

How To Create A Site Map With Post Images And Descriptions In WordPressSite maps are useful for helping visitors find what they are looking for quickly and easily on your site.

In this WordPress ‘quick tips’ tutorial, we’ll show you a simple and easy way to make your site map more attractive to visitors by including post thumbnail images and descriptions without modifying any code on your site.

In other tutorials, we show you how to create an HTML site map for your visitors and an XML sitemap for search engines.

To learn more about the differences between an HTML site map and an XML sitemap, what they are used for, and how to add them to your WordPress site, see these tutorials:

Most Visitor Site Maps Are Plain And Boring …

Normally, visitor site maps tend to look a little plain or boring, as most consist of a simple list of all the pages and posts on your site …

An HTML site map

(An HTML site map)

As explained in our tutorial on how to add an HTML site map to WordPress, you can easily add a site map for your visitors by installing a plugin (there are many site map plugins to choose from), and then copying and pasting the plugin’s shortcode in the page where you would like your site map to display …

Add a site map shortcode to your Site Map page

(Add a site map shortcode to your Site Map page)

Take Your Visitor Site Map To The Next Level …

Add Post Descriptions To Your Visitor Site Map

Instead of creating a site map for your visitors using a site map plugin, you can add a site map with post descriptions like this …

Add a site map with post descriptions for your visitors

(Add a site map with post descriptions for your visitors)

The above was created using a free plugin called Content Views.

Content Views

Content Views - Post Grid & List for WordPress

(Content Views – Post Grid & List for WordPress)

Content Views is a free WordPress plugin that lets you organize, filter, sort, and display content from selected posts, pages, or custom post types using different views and layouts (e.g. grid, table, list) and insert these views anywhere on your site using a shortcode …

Content Views WordPress plugin

(Content Views WordPress plugin)

The plugin is very easy to use and lets you create unlimited custom views and layouts without touching code.


‘Content Views’ is a powerful and versatile plugin that can do a whole lot more than just add an attractive site map to your site. For a tutorial that shows you how versatile and useful this plugin is, go here:

Add Images And Post Descriptions To Your Visitor Site Map

The free version of the plugin let’s you add post descriptions but offers limited functionality compared to the premium version (called ContentViews PRO), such as little control over  your post descriptions and no thumbnail images taken from your content.

To have full control of your post descriptions and the ability to display post thumbnail images on your site map, you will need to upgrade to ContentViews PRO

Site map with post images and descriptions

(Site map with post images and descriptions)

To add this enhanced site map to your site, create a “view” (i.e. a layout) that includes all of your posts and copy the shortcode to your clipboard …

Content Views Shortcode

(Content Views Shortcode)

Then paste the views shortcode into your content where you would like the site map to display …

Add the 'content views' shortcode to your Site Map page

(Add the ‘content views’ shortcode to your Site Map page)

Creating a ‘view’ is simple. Here is the process in a nutshell:

After installing the plugin, do the following:

1 – Create a new view and give it a title (e.g. Sitemap).

2 – In the ‘Filter Settings’ tab, select Content Type > Post (note: the premium version of the plugin lets you combine posts, pages, media, and other custom post types).

3 – Make sure that the ‘Include Only’ field is left blank to select all posts published on your site. To exclude posts from displaying on your site map, add the post ids of the posts you would like to exclude into the ‘Exclude’ field.

4 – Leave the ‘Limit’ field blank to display all posts on your site map.

5 – You can sort your list of posts if you like (e.g. alphabetically, by published or modified date, by comment count, etc.)

Content View - Filter Settings

(Content View – Filter Settings)

To configure how the site map will display to visitors, switch to the ‘Display Settings’ tab and change the settings to suit your preferences.

For example, to display a list of posts with one item per row, a  thumbnail image on the left, the post title and the post excerpt, do the following:

6 – In the Layout section, select ‘Grid’ view.

7 – Select 1 item per row.

8 – In the Format section, select ‘Show thumbnail on the left/right of text’ and adjust any other settings to suit (e.g. wrapping text around image), including Thumbnail Position (Left or Right)

9 – Configure your settings for Post Title, Post Thumbnail, and Content.

Content View - Display Settings

(Content View – Display Settings)

Below are screenshots of how the Fields Settings options have been configured for the Thumbnail image, Post Title and Post Description used in our example site map (using ContentViews PRO).

Useful Info

You can change the order of how your post images, post titles and post descriptions display in your views using drag and drop to reposition element layouts.

Post Title

For site map post titles, we just left the default settings (H4 heading) …

Content Views: Fields Settings - Title

(Content Views: Fields Settings – Title)

Post Thumbnail Image

For our example site map, we have configured the following settings:

  • Selected 150×150 thumbnail image size,
  • Enabled ‘Show all images in same size’ checkbox,
  • Added a style to the image (Shadow)
  • Selected to show an ‘Image’ if no featured image found (this automatically grabs an image from your content) …

Content Views: Fields Settings - Thumbnail

(Content Views: Fields Settings – Thumbnail)

Post Description

For the site map used in our example, we have configured the following settings:

  • Selected ‘Show Excerpt’,
  • Limited excerpt to 25 words,
  • Selected ‘Use manual excerpt (without modifying)’. This displays the post excerpt for each entry in the site map (instead of grabbing the first 25 words of each post, which the free version of the plugin does).
  • Enabled the ‘Read More…’ text to display for each entry (the premium version of the plugin lets you customize this section, including text, typefaces, button colors, etc.) …

Content Views: Fields Settings - Content

(Content Views: Fields Settings – Content)

As you can see, we have gone from adding a plain looking site map for your visitors like this …

Visitor site map created using a site map plugin

(Visitor site map created using a site map plugin)

To adding a site map with post descriptions like this …

Visitor site map created using Content Views plugin

(Visitor site map created using Content Views plugin)

To adding a site map with an attractive layout for visitors that includes post thumbnail images and customized post excerpts like this …

Visitor site map created using ContentViews PRO plugin

(Visitor site map created using ContentViews PRO plugin)

We hope that you have found this ‘quick tips’ tutorial on how to create a visitor site map with post images and descriptions in WordPress useful.


For loads of useful WordPress tips, sign up to our FREE 101+ WordPress Tips, Tricks & Hacks For Non-Techies e-course!

How To Create A Site Map With Post Images And Descriptions In WordPress



"This is an awesome training series. I have a pretty good understanding of WordPress already, but this is helping me to move somewhere from intermediate to advanced user!" - Kim Lednum