How does MalCare sync Data?

MalCare backs up your website by syncing data to its servers. To make the most of MalCare Malware Detection Technology, the website data including all its files and database of the website must be synced completely. The content, pages, text, users information, configuration forms the Database while the images, plugins, themes and WordPress Core forms the Files section of your site. This data begins to sync when MalCare is installed and connected to your WordPress site.

We handle synced data under the terms of our Privacy Policy.

How does MalCare sync Data?

When MalCare syncs your website to its servers, it first copies the website entirely.

This is just like a student who photocopies his teacher’s notes for a class. It is not, however, like the notes created by the student based on the teacher’s notes. That is to say, MalCare will not analyse or synthesise the information from your website. It will only create another copy of the data.

MalCare copies website data smartly and incrementally.

To continue the above mentioned analogy, let us consider the following scenario. On Day 1, 10 pages of notes are photocopied. On Day 2, there are 12 pages of notes. However, the student will have to photocopy only 2 more pages.

Similarly, MalCare syncs data in chunks of data. On Day 1, MalCare automatically scans your entire site. On Day 2, it will scans only the new data created since then. This is done to reduce server load, and to optimise processing time.

If any changes were made on the site, MalCare checks them, and then scans that file or table for malware too.

What data does MalCare sync?

Content, Settings and Configuration

Data is synced for the following reasons.

We send you email notifications from time to time about MalCare scanning processes. To display accurate information for your better understanding, MalCare syncs the following information:

  • Site name

  • Site tagline

  • Site locale

  • Permalink structure

For the smooth Scanning and Cleaning across off-site storage locations the following information is synced:

  • Posts, including WordPress user ID of author.

  • Pages, including WordPress user ID of author.

  • Custom post types.

  • Signature uploaded on website

  • PDFs or other collateral content uploaded

  • Any related metadata, including:

    • Whether or not the post is public

    • Whether or not the post is excluded from search

    • The permalink of the post

    • The excerpt of the post, if available

    • External ID (specific to the site in question) of the post author

    • The featured image of the post, if available

Please note that MalCare does not process data while syncing. We are concerned mainly with syncing the complete database. Since all these settings, posts, etc. are present in database tables, we sync them as well. This data is then parsed on our servers to show you facts and figures about your website in our dashboard.


MalCare syncs different kinds of user information:

  • UserID, Usernames, Email addresses, Passwords, User roles, User Capabilities of registered users.

  • User ID of users who try or make changes in the website, as well as the content related change.

  • Connection data including Email addresses and usernames from connected services

  • Login attempts (both successful and unsuccessful) made by IP address and user of individual trying to login.

Essentially, we sync anything WordPress stores locally. We do not do any extra tracking. When you edit a post, WordPress automatically creates post revisions and logs of users who edited them. Since we sync the complete database we get this information too. If WordPress did not store this information in first place, MalCare would not sync it.

That is to say, we just scan the site at its entirety. We then might parse that data to show reports.

Themes and Plugins

MalCare syncs different kinds of plugin and theme information:

  • Plugin or Theme name

  • Plugin or Theme versions and capabilities (including featured image, menu locations, and pending updates)

  • Plugin Installation path

Anything else?

We also sync the following data to further enable and improve the functionality of MalCare:

  • Comments and metadata on them like the following:

    • Comment author name.

    • Comment author email address.

    • Comment author URL.

    • Comment author IP address.

    • Comment author WordPress user ID, if known.

    • Comment author external (specific to the site in question) user ID, if known.

  • Taxonomies (including categories and tags).

  • Custom taxonomies (if used on the site).

  • Menus.

  • All core WordPress options.

Everything locally stored in WordPress is synced, even passwords. In the case of smart platforms like WordPress, you need not worry about data security since Multiple Layers of Encryption is enforced for Enhanced Security. Critical information like passwords will not be available in plain text.

How Does MalCare Use this Data?

  • Prevents unauthorized access

  • Providing audit logs

  • Plugin Management

  • Theme Management

  • User Management

  • Advanced Queries on website

  • Unauthorized login protection

  • Vulnerability exploits

  • Unauthorized Data Requests

  • Remote Plugin and Theme Installation and Management via WordPress Repository.

  • Enables Plugin and Theme updates.

  • Enables Plugin and Theme activation

  • Enables Plugin and Theme deactivation

Syncing exactly the same data onto the MalCare server enables a number of features, like scanning and cleaning.

Have any more Questions?

If you still have questions or require clarification on the information presented in this document, please feel free to contact us at any time.


Jajwalya is a WordPress enthusiast, and enjoys sharing their experience with fellow enthusiasts. On the MalCare blog, Jajwalya distils the wisdom gained from building plugins to solve security issues that admins face.

Copy link
Powered by Social Snap