I use MalCare on several sites for automated backups and security. Recently, I was notified by MalCare about malware found on multiple sites. Upon running the cleanup process, the detected malware was successfully removed. Not only that, but the founder and his team immediately got to work to detect the vulnerability that caused the malware to land on my sites in the first place. Turned out it was due to a plugin that had a security vulnerability. They then promptly notified the developer of that plugin and worked with their team to get it patched, and an update was released by the developer within hours to close the loophole.
All-in-all, great job by the plugin for detecting the malware and by the team to help address the root cause for malware landing on the sites, but when it comes to removing the malware from the site, while the process did work successfully, there was one serious shortcoming in the way it worked: it required manual initiation of the cleanup process by me for every site individually. The reason for that appears to be the way MalCare is built – it works on read-only access mode by default, and can’t make any modifications to the site without your manual initiation of the process, in which you provide FTP/SFTP/FTPS credentials to start the cleanup.
As someone who understands cybersecurity best practices, I’m sure this is by design in order to prevent MalCare from modifying anything on the site without explicit initiation by the site owner, but for a malware cleanup service, it’s extremely important that cleanup happens immediately upon detection, and automatically, since the owner might not be immediately available to initiate the process manually, or they might have too many sites to be able to initiate it for all of them at the same time, in case the same malware is detected on multiple sites. And in the meantime, even though malware was detected and MalCare had the capability to remove it, hackers could have a field day exploiting the malware till the site owner manually initiates the removal process for all sites.
Due to this, I’m deducting one star from what would have otherwise been a five star review. And I feel bad doing it because the team is so responsive and proactive in helping their customers, not to mention very talented at what they do. I hope fully automated malware removal is available soon, so that I could update this review with the full five stars.
