MalCare Releases Plugin Update with Improved Authentication Systems

by

Editorial Team

7-layers of Security for Your WordPress Site

Your website needs the most comprehensive security to protect it from the constant attacks it faces everyday.

Protect Site for Free

Recently, a security researcher reached out to us. He disclosed a limitation in the authentication system of our plugin. We responded to the security researcher, after conducting our due diligence.

In the rare situation, where a site has a pre-existing, high severity SQL injection vulnerability, an attacker might be able to read the MalCare key. To address such issues, we are further strengthening our authentication systems.

Authentication is a critical system and any improvements must be done in a careful manner. We have reviewed various plugins and best practices in our ecosystem to come up with our solution.

In light of the current public discourse, we are expediting the update of our plugin. We will initiate a rollout by EOD. All your sites will be automatically updated with the latest MalCare plugin as normal.

The MalCare firewall is enabled by default on your site. It includes rules that protect your site from such high-severity SQL injection attacks

We have seen no evidence of any malicious activities. 

We appreciate the work that security researchers put in, and we thank Calvin for his efforts. 

Please reach out to our support if you have any questions or concerns.

Category:

Avatar

Editorial Team

MalCare’s editorial team comprises WordPress security experts and enthusiasts, who collaborate on building the most useful WordPress content. We test every plugin, theme, update, and setting to ferret out potential issues and provide the best advice possible.

Share it:

You may also like

7 Best WordPress SSL Plugins
7 Best WordPress SSL Plugins

An SSL certificate is a reassuring sign that your WordPress website is secure and trustworthy. Installing an SSL certificate is the first step towards protecting the exchanges between your users…

How to get an SSL certificate for WordPress
How to get an SSL certificate for WordPress

Most web hosts will provide WordPress sites with free SSL certificates, however, there are still those that don’t. In those cases, what do you do?  Alternatively, you’ve recently learned that…

How to Stop a WordPress DDoS Attack
How to Stop a WordPress DDoS Attack

Repeated spikes in traffic are not always a good thing for WordPress sites. On the one hand, it could mean that new visitors are finding your site. However, it could…

How can we help you?

If you’re worried that your website has been hacked, MalCare can help you quickly fix the issue and secure your site to prevent future hacks.

My site is hacked – Help me clean it

Clean your site with MalCare’s AntiVirus solution within minutes. It will remove all malware from your complete site. Guaranteed.

Clean your Site
Secure my WordPress Site from hackers

MalCare’s 7-Layer Security Offers Complete Protection for Your Website. 300,000+ Websites Trust MalCare for Total Defence from Attacks.

Protect your Site