plugin-icon

Malcure Security Suite

By Malware Intercept·
🔐 All-in-one WordPress security: malware scanner (files+DB), force re-login, force logout, control logins, email-alerts. Cloud-based, light & fast.
firewall
login
malware
Rating
5/5
Version
3.1
Active installations
200
Last updated
Sep 26, 2025
Malcure Security Suite

Malcure Security

★★★★★

Protect your WordPress site from hacks and downtime.

Malcure Security Suite is a fast, lightweight, cloud-connected security platform for WordPress. It performs deep server-side scans (files + database) to catch malware and unauthorized changes, allows you to monitor login activity, enables a site-wide forced re-login after incidents, and sends email alerts of incidents upon scan. Built for commercial workloads—WooCommerce stores, memberships, LMS, bookings, directories, and multi-vendor marketplaces—it plays nicely with caching/CDNs and won’t get in the way of checkout, lessons, or bookings.

What Malcure Security Suite Focuses On

  • Detect: Deep server-side malware scans (files + database), integrity/diff checks, and vulnerabilities.
  • Control: Session analytics (user/IP/device), Emergency Logout (everyone except you), rotate auth keys & salts to invalidate tokens, and force site-wide re-login post-incident. Compatible with 2FA/SSO.
  • Report: Clear, actionable summaries with exact file paths and reasons, email alerts with next steps, and audit-friendly logs for teams and compliance (coming-soon).
  • Logging: Event logs with identifiable and traceable details.

How It Works (SaaS)

  1. Secure Handshake: Your site authenticates with Malcure and pulls fresh threat intelligence (signatures, heuristics, rules and analysis).
  2. Local-first scanning: Scans your files and database in the background.
  3. Severity-ranked results: Findings are grouped by Critical/High/Medium/Low with exact specs, the reason they were flagged, and one-click actions plus email alerts and audit-ready logs.
  4. Graceful: If the cloud is temporarily unreachable, Malcure Security Suite continues with last-known rules and logs locally until it reconnects.

Features

  • Deep server-side malware scans (files + database) using tuned signatures + heuristics.
  • Background scanning so long runs finish reliably on large sites.
  • Low overhead by design; preserves Core Web Vitals and optimized to minimize impact on site speed
  • Session management: see who’s logged in, from where.
  • Emergency Logout: one-click sign-out (everyone except you); rotate auth keys & salts to invalidate sessions.
  • Robust Event Monitor.
  • Optimal Dark Mode.

Highlights

  • Signature + heuristic detection for obfuscated/injected PHP/JS (backdoor/web-shell traits).
  • Database scan of options, postmeta, posts, and comments for malicious payloads.
  • Email notifications for critical events and scan results
  • Security status panel (permissions, environment)
  • Compatible with WooCommerce, LearnDash/TutorLMS, MemberPress/PMP, major booking/event plugins, WPML/Polylang, Elementor/Divi/Block Editor, and caching/CDNs (LiteSpeed Cache, WP Rocket, NGINX FastCGI, Cloudflare).

Premium (Pro)

  • Scheduled scans (daily/weekly/monthly) with summary emails.
  • WP-CLI automation for headless/CI workflows and cron.
  • Priority support with accelerated SLAs.
Freeon Business plan
Get started
By installing, you agree to WordPress.com Terms of Service and Third-Party plugin Terms.
Tested up to
WordPress 6.8.3
This plugin is available for download for your site.
Download