MalCare Releases Plugin Update with Improved Authentication Systems

Akshat Choudhary

July 8, 2023

7-layers of Security for Your WordPress Site

Your website needs the most comprehensive security to protect it from the constant attacks it faces everyday.

Recently, a security researcher reached out to us. He disclosed a limitation in the authentication system of our plugin. We responded to the security researcher, after conducting our due diligence.

In the rare situation, where a site has a pre-existing, high severity SQL injection vulnerability, an attacker might be able to read the MalCare key. To address such issues, we are further strengthening our authentication systems.

Authentication is a critical system and any improvements must be done in a careful manner. We have reviewed various plugins and best practices in our ecosystem to come up with our solution.

In light of the current public discourse, we are expediting the update of our plugin. We will initiate a rollout by EOD. All your sites will be automatically updated with the latest MalCare plugin as normal.

The MalCare firewall is enabled by default on your site. It includes rules that protect your site from such high-severity SQL injection attacks.

We have seen no evidence of any malicious activities.

We appreciate the work that security researchers put in, and we thank Calvin for his efforts.

Please reach out to our support if you have any questions or concerns.

Category:

Product updates

Akshat Choudhary

Akshat is the Founder and CEO of BlogVault, MalCare, and WP Remote. These WordPress plugins, designed for complete website management, allows 100,000+ customers to build and manage high-performance websites with ease.

Share it:

How to Fix the Google Blacklist Warning from Your Website

May 1, 2024May 1, 2024

Google blacklist is a colloquial term used to describe big red warnings visible when visiting websites. There are a few flavours, depending on various factors, but they all mean that…

MalCare Stands Strong Against WP Activity Log Premium SQL Injection Vulnerability

April 30, 2024April 30, 2024

A significant SQL injection vulnerability was identified in the WP Activity Log Premium plugin, a popular tool for tracking user activity on WordPress sites. An SQLi vulnerability poses a serious…

Fix Pharma Hack on WordPress and SEO

April 29, 2024April 29, 2024

Pharma hack is a prolific malware that redirects visitors from your site to an online pharmacy that sells Viagra, Cialis, Levitra, Xanax, Tadalafil, and other drugs. It also shows up…

How can we help you?

If you’re worried that your website has been hacked, MalCare can help you quickly fix the issue and secure your site to prevent future hacks.

My site is hacked – Help me clean it

Clean your site with MalCare’s AntiVirus solution within minutes. It will remove all malware from your complete site. Guaranteed.

Clean your Site

Secure my WordPress Site from hackers

MalCare’s 7-Layer Security Offers Complete Protection for Your Website. 300,000+ Websites Trust MalCare for Total Defence from Attacks.

Protect your Site

Malware Scanner

Malware Removal

WordPress Firewall

Bot Protection

Activity Log

Vulnerability Scanner

WordPress Backups

Atomic Security

Malware Scanner

Malware Removal

WordPress Firewall

Bot Protection

Vulnerability Scanner

WordPress Backups

Activity Log

Atomic Security

How to clean WordPress hacked redirect

How to clean a hacked WordPress site

How to remove malware from WordPress

Best WordPress Security measures

Best WordPress security plugins

Types of WordPress attacks

Remove Google blacklist warning

WordPress login security