MalCare Review - Real World WordPress Hack Results To Remove Malware & Viruses

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] hey guys I am live two times in the same day for those of you that are watching to replay this is a live video and I wanted to do a live video on and talk about a couple things number one securing your WordPress website what to do if there's a hack why do hacks keep coming back and this is also sort of a review of a product called mulcair now if you are here you can leave comments in the live comment stream and I have this going right here actually let me go ahead and show it there we go so I've got my comments stream right here and I'm gonna just jump into this now this is not what I was planning on doing today was to talk about security this is not what my plan was and but for some various reasons I decided to jump in and make this live stream video so some of this yeah so some of this information today is raw in this fresh so let me tell you kind of what brought about this video one of the things that has always bothered me is reliable solutions on how to resolve a hacked into WordPress website reliable ways because what I've noticed is if you have a WordPress website that gets hacked into and if you're live and you have any questions or if you're here and you have any questions you can enter them in the chat box and I'll try to answer some of these questions at the end questions related to security and the tool that I'm going to be talking about so anyways a lot of times what happens is how do you resolve a hacked website a WordPress base website and make sure that it doesn't get hacked into again a lot of times what happens is your website gets hacked you use some kind of whatever to get rid of it and then the hack comes right back so we're going to go over a lot of those issues today so what happened was today there was a discount deal for this product right here called Carrie and I thought well this is perfect I want to try this out it's a word press plug-in install it on your website it will harden the security of your website provide security features but what's unique is that it will also scan for malware hacking intrusions viruses and stuff like that and all of the scanning isn't actually done on your web hosting account it connects into their platform which does the scanning and so I you know I'm so grateful for this WP crafter community so what I immediately did was I wanted to put it through its paces I don't want to just install and say oh this is great I want to see if it can do what it claims it can do and the best way to do that would be to put it on hacked websites and see what it was capable of doing so a few hours ago I went into the WP crafter Facebook group if you're not in it you really should go into it go to Facebook and do a search for WP crafter and it will come right up for you and you can just request to join so I went in there and I said if anyone has a known hacked website that you want cleaned can you personal message me a login and we'll take it from there and it's kind of sad there were there was more than I was expecting of hacked websites and that's because a lot of times when you get your website hacked into and now there's malware on it it's hard to permanently get rid of it meaning you get rid of it and it comes right back I don't know how many of you have a or use a PC computer I use a Mac but I used to use species and when you get a virus those things just keep coming back and they just keep coming back and it's like you don't even know how to permanently get rid of it without completely wiping everything out and if any of you that are watching this have ever had your wordpress based website hacked and have malware in it you know exactly what I'm talking about it is frustrating so what I did was I took this and I connected in with one person who had - whack - whack - whack the websites were whacked this is life can't edit that out - hacked websites and he gave me a login and let me go at it and see what this thing can do so before I get into the results of what actually happened in those two websites some of it might surprise you and I'm gonna show you some screenshots about this tool I want to just talk about security for a minute and I think this is going to be a very valuable 5 or 10 minutes of your time if you have or managed wordpress based websites okay and if you want to check out mile care there is a special deal visit WP crafter dot-com / mal care mal CA re you can do that so let's take a look here okay we got a couple chatting people chatting it's probably not the best time to have a live video but that's okay so let's go ahead and jump on into this little bit of presentation that I have so let's go over how you get hacked what happens all of that kind of stuff so we're gonna talk about the hacking problem how do you get your website hacked in the first place well usually it's because of a number of things number one you have an outdated WordPress installation this happens a lot it doesn't happen as much nowadays because WordPress has a system where they can force an update on your website and if there's a security vulnerability that they discover or someone reports to them they'll just fix it and push out an update to your website they're usually not big updates it's just a security patch so you don't see that as much but what you do see all the time is outdated themes and plugins so if you are not managing your website by logging in every now and then or regularly I'm in my website every single day but if you're not doing that then you're not in there making those automatic or making those updates to your themes and plugins that happens a lot another way and is having just a week login and so what that means well not just a week login but a not having any login protection so if you have the username admin now a hacker knows half of the puzzle right then they can start doing what's called a brute force where they're just trying password after password after password and whether you know it or not this is happening to your WordPress website every WordPress website right now there are bots that are trying to login they're trying various different combinations of usernames and passwords so it's usually also a weak WordPress login that happens okay and here's another thing that most people don't realize and this is where some of the value of you investing your time and watching this right now is going to come to play that if you have a hosting account you it's usually based on something called cPanel and you can host more than one website they're called add-on domains or whatever and also you can host other types of things on your your website hosting account so what happens is if you say have five WordPress websites one of them gets hacked into because of an out usually an outdated plugin not usually the theme it's mostly the plug-in someone hacks in and it's all automated it's not some dude sitting behind their computer some automated system is now hacked into your website they infect everything on your hosting account so those four other websites are going to get hacked and that's exactly what ends up happening so so this is another way of how your website can get hacked into and that's why it's always good to keep tabs on everything you have installed in your hosting account just in case that happens so here's how you usually spot that your website is hacked well actually this is more how to spot it when you're looking at the file system so what ends up happening is when there's a hack on your website what happens is all of these backdoor files are placed all throughout your web site so they're gonna be in places where files shouldn't be up there it is may see I'm ahead of myself on the presentation these files are where they shouldn't be now most people aren't trained their eyes aren't trained to spot these things me I can login and I can look through the file system of a wordpress based website and I can spot it right away I can see that doesn't belong here that doesn't belong here that doesn't want care something's wrong and then look at the contents of those files I can do that but most people can't because this is just a WordPress website it's just a mining minor little part of their business or their life it's not taking up as much time as as someone like me that's looking at this stuff all the time and so what also they'll do and this actually happened with one of the sites that I used this tool on today is they'll modify one of the core WordPress files and in the example that I'm going to share with you the WP config file was modified okay so here's the question who is responsible when your WordPress website gets hacked and what ends up happening this is the typical scenario your website attacked you have no clue there's no notice going to you there's no notification going to you until you get an email from your web host saying oh yeah by the way we took all of your websites offline because there was a vulnerability in them and we've quarantined it now to the average person it's like what the heck do I do now I don't know where they move the files I don't know how to move them back it's just a problem and the reality is your host isn't responsible wait I'm getting behind myself okay you're responsible to fix it not your web host okay I'm the worst presentation giver you're gonna be the one that's responsible you can't expect a hosting service that's 5 or 10 or 15 dollars per month to be going in there and spending time fixing something that shouldn't have happened in the first place and it's not like it's your fault like you're a bad person it's just you've got better things to do than be logging into your website and making sure everything's update up to up-to-date most people have better things to do but at the end of the day the themes the plugins WordPress it's your responsibility to keep those updated it's not your web hosts so if your website is hacked and becomes vulnerable because of that it's not their responsibility and then what they do is they take it all your website files and they move them into a quarantine folder and when anyone visits your website from that point forward they're gonna see a blank screen this is not good okay so you know what do you do next well you can hire a service there's several services they're about two to four hundred dollars and I think it's three hundred dollars is the median that you can pay and then they're gonna go and they're gonna try to remove this problem that you have you can manually try to clean it and this is so for me I can go in there and because I can spot the files that have been modified or files that don't belong I could probably do an okay job at this or you can use a plugin like maybe wordfence that I spell wordfence wrong anyways that just doesn't look right to me and what that is or a plugin like it that has like a scanner and it's going to the plug-in itself scans and tries to scan and find things that don't look right or shouldn't be there and that's what you get out of a plugin like wordfence or a scanner and let's see now the problem with a plugin like wordfence or a scanner like that is there's a lot of false positives and that false positive is when wordfence or whatever tool you're using thinks there's a problem with the file when there isn't a problem with the file you get these false positives or I think more of a false sense of security using those tools and so here's a sad thing most of the time happening is the hack comes back it just comes right back and that's part of the problem is because if you use a tool like wordfence a plug-in so if you're using a plug-in a plug-in can't go outside of the confines of that website in the files for that website it can't look at the other four websites that you have on your cPanel account it can only look at the one that's all those scanner plug-in based scanners are capable of doing and that's why a lot of times the hack comes back because the hack now isn't just your website it's all the other ones too and there's random files put all over the place these little backdoors PHP files and it's really hard to get out and so most of the time what happens is the hack comes back I already talked about this just a second ago because the scanners can only scan because it's based on a plug-in it can only scan the one WordPress base website and that's a big problem also when you try to manually clean it it's almost a futile unless you're gonna sit there and sift through the average WordPress website might have 10,000 files unless you're gonna sift through 10,000 files it's not really possible manually these days to manually remove a virus it's very very hard to do it's not impossible but it's very hard so that is brings me to my lair which is totally different so all of the scanning is not done in a plug-in on your WordPress website it's actually done on their servers so it can actually access more than just the one WordPress website it can access other areas of your web hosting account I just keep getting ahead of myself because it can scan the entire hosting account and let's see what's next I'm not even following along with this I hope you appreciate the presentations and so I don't got any wild tangents which I know I'll get to when I'm going through the live comments actually let's check on those life check comments okay they are there oh this is perfect yes Owen that's a point I'm gonna bring up okay good I'm glad you guys are still with me ask away any questions Mao Care has no false positives and that I'm gonna tell you a story of what happened with those two websites and it really ties back into this no false positives because I thought Mao Kerr was not working and it actually was working and I didn't understand how it was working so that kind of brought about this video as well okay do I have more points it looks like I do also something neat that mal Kerr does it's it can it will let you know when you have themes plugins and WordPress whatever out of date and it can update them for you and keep you secure at that level let's see what else I got going on here okay oh yeah and it's always learning so essentially mal care has its own artificial intelligence so what happened and I'm going to show you some screaming shots in the story of what happened today but what it did was it scanned a hacked website and there was a couple files that I knew were vulnerable and had some malicious code in it and when mount Kursk and it didn't let me know and that's because of their no false positives and always learning they were flagged these two vulnerable files were flagged I'm gonna tell you the full story there but they were flagged mount care themselves were notified of it they checked the files and then they let me know that they were vulnerable but it didn't give me any they don't want you to have false Flags no there's an interesting thought with that with false Flags it's a balance right do you warn someone of every little potential problem or is the process of doing that gonna make someone numb to the fact that there might be problems you know it's like the person that always cries wolf they cry wolf they they cry wolf but then when they really cry wolf and they really have a problem you're just not it's not even on your radar you think they're just crying wolf again probably not giving the best explanation there ok I think that's it for the presentation side so let's take a look at Mulcair Isaac mal care must be mal mal where mal care I got a cut stop calling it mall mal care what this is is it's a software-as-a-service but there's also a plug-in that goes on your website that's how it all links up together now I'm not going because the the two websites I loaded up in it that have a known that were known to be hacked and have a current hacked they weren't my websites there were just people that were generous enough to let me fix their website for them for free to test this I can't log in and show you the dashboard I do have some screenshots I'm going to show you but I can't log in because I don't want you to see their websites as hack that were hacked ok and also let me give one little bit of warning I ran this software today it's clean and safe today I'll do some kind of a follow up in the Facebook group a week from now to let you know if this they are still clean and I'm pretty sure that they are going to be clean ok so you could check out mile cares website if you're interested in the special deal they have going on visit WP crafter calm slash mal care and you can see it's it's definitely something you want to pick up and I'll tell you at the end of the video what my plans are for this but essentially some of the points here is early malware detection the biggest problem with malware infections is that if your site gets hacked and there's something it does something funny to the front end of your website a lot of times what happens is Google will put a hacked notice when someone does a search in your website is one of the results saying that this site has a vulnerability or they also do it where like if someone clicks through to your website before they actually let the visitor go to your web site they give them a big red warning screen letting them know that they think your website's been hacked you do not want that no you don't okay so that's the early malware detection so they're always it's always keeping an eye on everything for you this is big the malware scanning does not overload your server so with wordfence it's slow so the two websites and this is the sad reality the two websites that were hacked had a theme security on it had wordfence on it and had security on it and kept getting hacked and vulnerable over and over and over again that's how bad the problem is and I did a scan with wordfence to compare word fences results to Mulcair's Malik Harris results and that's just the time to scan my mal Kerr was like like so quick wordfence was taking forever and while it's doing that if you were to look at charts on your server of resource utilization you're guaranteed to see spikes because all that scanning is happening on the server where was something like mal care it's not okay these are some of the claims detects hard to find malware one-click automatic cleanup no false positives I at first you can go either way of how you feel about that some people think that the tools should let you know regardless regardless if the tool knows 100% if that's an infected file but they feel differently they don't want you to have some kind of a false alarm because then how are you going to trust the tool that's always giving you false alarms okay login okay so the mal care also is a security plug-in it's going to provide login protection and what it does with the login protection is that thing that I really like where if it sees you're getting a lot of failed login attempts someone's trying to hack in its gonna take that info push it to their platform and so everybody else benefits from it and those malicious pots can be blocked dynamically I really like that however mal cares three years old it really needs to get a larger user base for that to really have the biggest impact it's also a wet a laughs web chin of firewall built-in security okay so you can actually integrate this with they're all side backup service blog vault and just you know you should really give mal care some credit they are made by the same owners of blog vault blog vault is trusted by some of the biggest most reputable hosting companies that could build their own blog vault if they wanted to but instead they use their sister product blog vault which can integrate with Mal care okay here is the pricing if you're to go to your website or you could just visit WP crafter comm slash mal care and the pricing is gonna be like you're gonna want to see it but this is what it costs if you just come straight to their website they have different packages for the individual or for an agency so if you just wanted one site for the security its $99 per year however if you're an agency actually let's go to business if you're like me I'm more business right for five sites it's 259 per year if you're a developer it's pretty good for 20 sites its $59 per month however like I said visit WP crafter comm slash Melchor and you'll see different pricing so let me tell you about the story okay this is kind of what you've all been waiting for let's see if I still have some people in here good I do have some people in here very good and I'm gonna get to all of your questions in a moment here okay so the first actually here I'm gonna save those screenshots for him for later let's go right here so I had this gentleman reach out to me on the WP crafter Facebook group and he gave me a login to one website and this is a website that had a theme security security and wordfence and the site has active hacks wordfence would clean it out find files clean it out and guess what it would come right back clean it out come right back there was no conclusion or there was no like permanent getting rid of it it was just getting rid of as it Rhian so what I did is I dis is with his permission I said can I disable wordfence and I think I might have also if I did it I better go in there delete a disabled I theme security and security and I put mild care in the way it works is I actually like it you log into mal care and you click on add a site you put in the URL to the site you put in the login and the password and then it will go ahead and put the plug-in in there for you and then it will initiate its first scan on this first website mal care found vulnerable files and cleaned out those a vulnerable files so it's going to find it it's gonna let you know and I'll show you some of the screenshots and then one click it got rid of those files for me and then there is a feature for to harden the security now here's one of the technical aspects of mal care it doesn't do anything through the plug-in so you can see this is negative I actually see this as a positive in order for it to clean out your website because it doesn't do it through the plug-in you have to have an FTP login to your website so that it can be put into mal care so it can do its cleaning directly on the file system this is actually a very good thing so when you go to clean it out you have to have your FTP server it's usually FTP dot your domain name.com and then you have to create an FTP login and an FTP user and then you have to point to the website where the if you have multiple web sites where the WordPress website is it's actually easy I'll probably make a companion video in a few days on start to finish how to do it but you have to do that and then it cleared it cleared that out and it also needs that to harden the security if you wanted to do that as well so that was good I'm thinking this is great I'm loving it and I really love the interface of it I thought wow this is a great value and you'll see the value when you vis that link I keep telling you about WP crafter dot-com / mal mal mal care anyways the second site though didn't go so smooth okay so word fence was on there as well and and all those other tools now what happened there was word fence was finding three files one of them or two of those files were modified core WordPress files the WP config file and also the index dot PHP file sorry I'm getting techie here but these were two normal files that should be there except they had encode injection so there was a bit of code in there that shouldn't have been there and there was also one little random file word fence found these and then I plugged the site into mal care and mal Care did it scan and it said it doesn't it said it's all good didn't find anything and so what I did was I was like oh my gosh this thing sucks you know what I mean mal care just let me down I cannot believe I cannot believe that this tool was looking so good and now it's just a complete and utter disaster and so I jumped on Facebook and I said that a few places cuz a lot of people are interested in purchasing this right now because there's a really good deal going on for it when you visit that link so what happened was the developer and earlier in the day the developer was on a podcast a week ago and I listened to that podcast and I'm thinking before I started using Mac I'm like this has got to be the nicest guy he sounds like a really nice guy anyways and Here I am going around Facebook saying don't get mal care I did it and look what happened wordfence which you guys on the channel know I don't like wordfence at all wordfence found it and mal Kerr did not and so anyways the founder or the creator of mal care and by the way it's a real company there's 13 employees or 14 employees it's a big business it's a serious product he reached out to me and told me what happened basically said with regards to the no false positives if they come across certain vulnerabilities they actually will will manually review those files it's Paul part of the artificial intelligence of mal care and it's also part of this no false positive and it's funny though because right when he reached out to me I looked back at the dashboard and it said we found the files and so what I was thinking immediately was this guy is is he probably found my account and made it say that that's really what I thought and so we're on Facebook and I said you know Facebook sometimes when you're instant messaging it's just like a big pain in the butt so I said hey okay now can I just call you right now and you know facebook Messenger you can talk so I called him and he's he's his time is like like 14 hours ahead of mine so it's the middle of the night and I'm talking to him and I was glad that he took the call and the reason is because I gotta tell you I did not believe him I did not I mean I didn't have a reason not to believe him but I didn't believe him and I told him I don't believe you I don't believe you can you show me and I asked all the questions and he actually showed me they're back in notification systems he showed me where they were notified why they checked it some of these status codes on these files and he walked me through their an entire proprietary back-end system I can't show those screenshots and I believed them then I totally believed him then and that actually made me appreciate this product a lot more than I was prior and we talked through and I specifically said here is the problem people get their the the two websites were having this problem that I was about to tell him people get their websites hacked they get this false sense of security by putting in word offense and the hat comes back and then they clean it and then the hat comes back and then they clean it and then the hack comes back and it's this never-ending cycle he told me why that is and I had already realized why that is but then he also told me that and I'm it makes sense to me now he says I don't think you can manually remove a hat of vulnerabilities off of websites and when I thought about it I thought you know you're right you're right I can't literally go through there and pick apart or look in every folder and find every potential backdoor and so that's when he showed me that one of the unique things that malcar does is it can scan your entire hosting account to get rid of every backdoor that is in there and that got my head turning because it stinks when I hear someone come to me and say my website attacked what do I do and they use one of these tools or they pay some fee and it keeps coming back and it keeps coming back so what I've done is I have malware on these two hacked websites right now and we're gonna see what happens in a couple of days but right now I I'm pro team mal care right now I am very impressed with it in fact it can actually replace I themes of security which I'm probably going to remove today and I'm gonna load in my website into mal care my website has not been at Guy's the best way to present your website to prevent your website from being hacked the very best way is through not to let it get hacked in the first place with strong security so I'm gonna actually get rid of a theme security he was actually telling me that I theme security and wordfence they do affect the performance and they do do some things to give you a false sense of security or a sense that they're actually doing something that they might not really be doing so anyways in infos because I dug it out of him anyways I'm gonna put this on my website I'm gonna monitor it on these websites I'm gonna come back and I'm gonna tell you the results or maybe I'll do it in the Facebook group but here's some of the screenshots of the interface now this right here I really like the admin interface of the tool so when you log in you would click on this plus and add your account right here is actually a screenshot of the account or of the website and it would show right here the website URL I put this white white box here to cover that but right here you can see this wasn't letting me know that the site is hacked and I like how it says hacked attacked and he emailed me saying his hacked and you need to resolve it and then here is the auto clean button right here and here it's keeping tabs on the amount of login requests and and right here you can see it's letting you know if you have some outdated items and you can just click into view details and click a button and it will update whatever needs to be updated it's really just really impressed to me okay and so let's just see I don't know if I have these in order okay and here is so when I clicked here on the auto clean it took me here and it showed me the files actually no I clicked onto the three you see how it says infected files sorry I clicked on the three it took me right here and this showed me where the files are and this is kind of what it looks like right these are random folders random files random names and that's how for a trained eye like me I can spot it and say this doesn't look right and I can always go in there and manually delete it but this is what it found right here in these various folders right here is when I was going through the cleaning process let me zoom in so you get to sit here and see it do its thing and then right here is the screen where it offers to harden the security and so I did these two items right here block PHP execution and untrusted folders I did this and I did the disable file editor but there is also some additional options that it gave me right here and lastly here is that code injection so remember I said on the second site the there was the index up PHP and that's what this file is had some code injection this is what code injection looks like you'll see something just like this it's from here to right here that is code injection that does not belong there I can open the file and spot it and usually the way you notice it when you're looking at your files in the file manager is you can look at the the modified date of the file and you can usually spot a file that had been modified which was this so what happened was this was actually sent off to Malka for them to look at and add to their AI and let me know that this file is and it's actually this in the WP config file their sensitive files if it tries to clean something and something goes wrong like extra care does need to actually happen so there is some concerns that some folks have voiced about the ability for mal care their service to scale if there's these manual checks and apparently the manual checks are very few meaning there's a lot most of the vast majority of files they're not going to have to go through this manual check but that's because they're trying to avoid the false positives okay so what probably really needs to happen is me putting a site in here from start to finish so that you can see and you can see some of the features of scanning the other folders on your WordPress site I do think and I do feel very confident that a service like this and you can get a really good deal right now that's why I'm talking about this partially but a service like this you can it I really believe it will keep the site from being hacked again and that's going to be the true test see when I realized this was out I knew that it was time for to ask and reach out to people that have hacked websites and actually put it in a real-world scenario not just install it on a clean website and say oh this is neat this is neat it's great guys but actually see if it does what it says it can do and so we're gonna find out we're gonna find out I've got two hacked websites as a matter of fact the account I have I can load five websites in so I have two I'm gonna load my website if you have a hacked website or reach out to me jump on Facebook Facebook message me I would like to try this on your website obviously I can't do that for everyone but I can certainly take a few more and see if this goes the distance without that hack coming back so that is what I have for you I hope you don't mind the whole presentation like that I think this is probably the most cleanest livestream that I've done as far as staying on point with the content content and so I have some questions here I'm just gonna look through this to find some questions that I might be able to answer if you have any questions please go ahead and enter it now and it's actually pretty light this must be a really bad time to do a live stream so let's see here Chris the first saying seems like like seems like you start you're starting to like live streaming do you I do like live streaming because to make its fast right I can just click a button it's up there I'm connected with you guys I like the communication back and forth and then you can ask questions that pertain to what we're talking about but it's so fast all right okay Owen this is a good question Owen Hobbes is it dangerous to host a wordpress on a home server oh I think you might be talking about on a server in your home if you are talking about your server in your home probably I wouldn't recommend it I would not recommend it there's lots of complications or complexity with open ports from pathways into your system I wouldn't recommend it I thought you were asking for a moment when you and this is something I wanted to address a good best practice security practice if you go and get a new hosting account with cPanel so if you're looking at the file manager there's all these folders and there's one called public HTML and that's where your first installation of WordPress on your hosting account is going to go now what happens when you want to put a second website or more on that cPanel accounts you go to add-on domains and you just pop your URL and you just clicking and the next thing you know you have your WordPress website well in that setup process what cPanel does by default some of them some of them don't do this anymore which is good it will actually put the folder for the new website in the same folder as the main website tied to your account that's actually a bad idea you want to have it in a separate you don't want it you don't want to stack WordPress sites in the same folder as another WordPress site you want it to be in a different one I should make a video on that okay okay so okay so I'm being asked if comments are being filtered or put in held for review links are a comment with a link will automatically put in held for review it's a youtube setting I have and any kind of curse words and things like that get held for review as well hello from Panama let's see okay Christopher saying all the alerts for anything of wordfence is actually the reason I don't like it yes one of the things with these security plugins you need to disable the alerts on failed login attempts because they'll drive you nuts you'll get a hundred a hundred a day easy okay Antonio is asking were those sites alone or with other add-on domains the hosting account I don't know how many web sites it had on it I think it was maybe like five or six maybe even more and they were add-on so one of the websites the first website that I put in Mal care was the main one and the second one was an add-on domain okay Lionel's saying is I themes good because all of my website and clients websites are protected by I themes yes I themes is good however I'm growing cold on a theme security because some people have experienced some problems with it and recently I'll tell you what those problems are just to be transparent problem number one there was an update a couple weeks ago that completely wiped out people's WP config file which mean your entire websites down because that's the file that links WordPress to your database and a couple people here on the channel couple people in the Facebook group that happened to and they had to go to and there's even a support or a complaint about it on the I themes plugin page that's bad that is bad that's problem number one problem number two is I themes does something very stupid okay and I hate to use strong language like that but this is idiotic it has a feature that if someone is going to your if someone's going to your website and they hit a bunch of 404 pages that means there was content there and it's not anymore WordPress shows I'm a 404 page well if someone received enough of those four or four pages it would block them entirely from your website and things good right do you think maybe that is a good idea bad idea and here's why and this is why it does this very stupid and if any of you have a theme security take this as a warning to go and look at this setting right now when a search engine a search engine crawler is coming to your website they're regularly going to get 404 pages and guess what I theme security does blocks the crawler now if you don't have Google search engine or Webmaster Tools integrated on your website you have no idea that I themes just blocked Google if you have Google Webmaster Tools it we'll send you an email notification letting you know hey we were on your website and we're getting all these 404 pages and I don't know what's going on and then you can take action and be alerted to it you have to go and disable that in ithemes if you want your website on Google and this happened to a few people is it was the problem I said it's stupid is it stupid because it doesn't have the logic to know this is a Googlebot on my website and don't block it under any circumstances that's why I'm using strong language and I think it's stupid and a lot of developers they're not thinking like this but it's about time plugins and themes become smart okay that's my little preaching for the day all right okay so let me just get through some more of these questions okay Kyle's asking how is this compared to ninja firewall I have not used ninja firewall to be able to look at its feature set so I don't know if it's it's hard to compare I think a system where the scanning doesn't happen on your hosting account and it's not stuck in the confines of the one WordPress website I think it will always be superior last I looked at ninja firewall I don't believe but I could be wrong that it didn't have this extended network feature and that means if if my website's been hacked or they're trying to law there's BOTS trying to login and I've got their IP addresses I want those IP addresses sent to the cloud so everyone else using the same plugin is automatically secured last I look ninja firewall doesn't do that I theme security free does that the paid version of wordfence does that and mal care does that okay okay I'm gonna read Antonio's comment here also shared hosting based on cPanel without cloud Linux or some kind of hosting account Gel is always a problem because sites hacked on another accounts can access all accounts on the server yes that is a big problem and you actually Antonio I think this used to be also a big problem with Blu is so the way web hosting works is there's one server with thousands of cPanel maybe not thousands of C panels but thousands of websites on that server it broken up into individual cPanel accounts and so Antonio's pointing out that if those servers don't have this certain way of SEC putting each cPanel account in its own container one totally unrelated person that's on the same server can get hacked there their website hacked into next thing you know everything's compromised and that was a big problem with Bluehost as a matter of fact flip back no there isn't a conflict with ithemes you can actually use them in tandem rahmel a great review Adam and I'm doing a good job I'm trying to say names even though I'm gonna but your home okay well now care replace all three plugins the answer to your question is yes now there might there not might there are a few things that you're gonna get up out of an i-team security or a word fence that isn't in Mal care but I'm thinking you might not even need those anyway so there's a few little features that aren't necessarily the core of the security and there might be some negative effects the perfect example was that 404 thing that I was talking to you about where Google's getting blocked and the reason I knew that I well two things it happened to me I got the email from Google Webmaster Tools and I was like oh crap what do I do now this is not good and then one of you guys emailed me and pointed me to pointed out three articles to me that we're reporting this issue okay hi Adam what do you think about elements or add-ons anywhere Oh Jerome you're talking about anywhere anywhere element or pro don't buy that because element or pro is going to do the same thing in a short period of time if you look at the element or two announcement yesterday you'll see how it's going to do the same thing but it's gonna do it the right way I never liked the way that anywhere Elementor Pro did it but I do know people I do understand why people used in anywhere Elementor Pro because it was the only way to do that but there is a right way in a better way and it's coming soon okay yes I can make a video I there's so many videos I need to make that's why I like this live because I can just click on go live and I'm ready to go okay Christopher once they have it may okay so this is back to mal care in this situation once they have it manually checked the most they'll most likely are going to add it to their system and have an automated from them yes that's what gives them the ability to be real quick recognizing issues yes and that's what got me really excited about mal care is that it's growing in its intelligence in its I just don't see how any other tool that it's just solely plug-in based is going to be able to compete with it or be able to be as accurate as it will because this is actually learning as it goes I really liked a lot creative collaborations what about file security I was under the impression that they make an initial copy of your files and then scan them actually no they do not do that they're not doing that at all but on these files that they are suspicious of and they wanting to manual check it they do send a cop actually you know what I'm they do send a copy to them because that's how they're manually checking it but they're not taking a copy of your website now they do have a companion service called blog vault that is used by wpengine cloud ways a lot of big players in the hosting industry but that's a separate thing but no they're not taking copies of all your files at all let's see here okay okay Christopher let me just read this okay not a bad time but you did a great job explaining they you I'll hit you up because I need to know the mic you're using I made a video last month going over all my equipment the only problem is I've since upgraded all my equipment but I haven't upgraded my mic I'm just using the audio-technica ATR 2100 it's like a $60 microphone I don't like the blue yeti a lot of people do I don't and I have this sound mixer here I haven't started using so right now my live video it's a little low not as deep as I'd like I have a mixer here that I'm gonna start using to make the sound louder and better during live streams okay Morgan is saying which one is better for hosting an e-commerce website shared hosting or a VPS I think depending on the amount it's really depending on the amount of traffic you have you can totally use shared hosting there's different quality levels of shared hosting but I like to go with the web host that has an upgrade path so you can start somewhere start and shared hosting and then when your website starts to receive more traffic you have more demands and more needs that you can message them and just be moved up and up and up probably ultimately the best solution for an e-commerce website would be some managed WordPress hosting and if you take a look at my more recent long epically long video how to create an online e-commerce webstore I talked about this and I talked about these different levels of web hosting Kyle saying VPS if you have the necessary skills go back to that video there's a long tape there's a table a detailed a table of contents and you can jump straight to the hosting part and I actually talked about what Kyle was saying right there because I'm I I don't say just get this host I'm not I don't want to be that guy I might have been that guy in the past I don't want to be that guy I want to say here's all the different types of hosting this is why you would choose this this is why you would choose this and here's some suggestions in each of these categories and I do address that Kyle as well that the different ones and the different demands on you as a knowledge level to be able to manage Sadie Sadie I hope I'm saying that right yeah you can use mal care and I themes security yes you can use them together although for me I'm gonna see what happens when I take item security off and just use mal care but I'll tell you what happens in a week with those two websites and I'll also tell you what happens with my own personal experience on my own website okay well I know yes mal care oh you disabled okay so Lionel also disabled the 404 detection yes that's caused problems for people let's see Vivian has an elementary question what's the best slideshow for element plus Astro since Astro doesn't have any mean a slider Elementor Pro has a slider module I would use that I'd prefer that over adding a slider plugin if I was to do a slider plug-in it would be probably that was it called smart slider three Christopher Christopher thank you Christopher went to WP crafter comm slash mal care and saw the great deal and purchased it and essentially when you're doing that you're kind of buying me a cup of coffee so I'm gonna go to Starbucks tomorrow on you Christopher I really appreciate that um let's see here John says what is the most hack-proof membership management plugin I don't know I think you might be referring to so this videos been about hacking in the terms of this automated BOTS hacking stuff like that putting these malicious PHP files I'm wondering if you're talking more about hacking the content meaning finding backdoors in through the membership security and accessing the content that way I when it comes to membership sites I like to go with paid solutions there are some free plugins as well I like member press I have member press I like member press a lot also restrict content Pro which is the only quality one that still has a lifetime license although I don't use either of them on my website I use lifter LMS which has membership features already built into the plugin and they work really good Christopher if it did the scan and cleaned up the system would it be possible to remove the website from the account and get the slot back that's a great question and what I believe from reading on where the link took you where you purchased that I think every quarter you can wrote every quarter you know every what a quarter so three months every three months or every quarter you can rotate out websites so oh and just a side note Christopher and anyone if you visit that link WP crafter comm slash mail care it's going to be a special deal that includes five sites you can buy that deal up to three times to have it now work up to fifteen sites so if you are a small agency you can definitely do that and that's the max but yes you can remove web sites and get the slot back every quarter not every day Robert Evans is saying what do you think of Shopify I like it but I'm sticking with WP and WooCommerce I think WooCommerce and compared to Shopify I think hyper I'm going to prefer a wordpress based solution not in every case but in that case I am but it depends so sure any platforms going to have a learning curve so WordPress has a learning curve Shopify has a learning curve all these different platforms if you want to have online courses and use teachable that's going to have a learning curve so there's always these learning curves with aw a WordPress and a WooCommerce solution you're gonna have more flexibility you're gonna be in the driver's seat of all your data and plus when you look at the Astra theme how simple it is to get a beautiful website within minutes or WooCommerce website within minutes I think now you know Shopify I think a WordPress WooCommerce combo is really easy it's very easy and you have to go through a learning curve anyway some people think Shopify is going to be easier this is gonna be easier that's gonna be easier but is it really I don't I don't know I don't know you're still gonna have to go through a learning curve Scott is there any choice for a table of contents plugin for word play word for Elementor no I've looked they're not there there is a really cool one that is on code Canyon that I recently purchased s-- because I'm working on some long-form content and I haven't put it on my web site yet but when I do it's it's really neat it's only like 19 bucks and it's really really neat it's the best I could find I'd prefer to have something built in Elementor but no one has it I think it's a missed opportunity however you know what I should do I should message sujay with the Astra theme and because they're there knee-deep in building ultimate add-ons for Elementor I should make that suggestion a table of contents and I would also like a tables plug-in a really good tables plugin okay Lionel I'll add you a just request you just requested to go on the Facebook group I'll approve you as soon as this is over and I think we are on the last question creative collaborations it's only the max if you use one account yes smart smart so I just mentioned if you visit the link WP crafter comm slash mal care there's a special deal where you can each purchase gets you five web sites and you can purchase that three times for 15 web sites well if you had more than that you could actually have a separate mal care account it's only 15 web sites loaded into that account because it's a special deal let's see and Lionel last question it's kind of a light group here tonight maybe cuz people have lives and I'm sitting here at home with you guys you know my wife's gone she had something to do today so it's been kind of an empty house alright Christopher okay Lionel I any more settings I should disable in I themes no I think you're good disable that 404 setting and you should be good and Christopher saying tables would be slick because that's an overall issue with WordPress right now yes tables with a inline editing I think is like holy grail for me any kind of content marketing when you're adding tables google loves tables there's some search Google search queries where you enter it in and they actually show the results of someone's table I want to be that website thank you John says way to go Adam you too man thank you I hope you guys liked this live format wow this is long but you know what there was a lot of good value in this video it wasn't just a review of mile care it was a whole this is what happens when your website gets hacked and there was a whole presentation that got tied up into that as well I want to thank you for joining me in this live broadcast I will probably come back live on Friday I didn't get anything done today that I wanted to get done so I might be up pretty late getting the video ready for tomorrow how to create an online course other than that you should jump consider jumping into the Facebook group you can just go to my website scroll down to the footer let me actually just show you that real quick on my website here it is you scroll down to the bottom I have these social links yes here's the Facebook group Facebook page I don't do enough there here's Twitter you can reach me on those but definitely jump into the Facebook group right there there's a lot of us in there and we're having real-time conversations I'm in there real-time conversations with me and also consider subscribing if you're not but I'm sure you guys are all subscribed I want to thank you for joining me on this live broadcast more to come I was saying earlier in the live broadcast my 4k camera comes tomorrow it's going to be 4k 60 frames per second so the quality is going to get a lot better in these hey thanks for watching I appreciate you guys thanks for joining me and supporting everything that I do here and I'll see you in the next live broadcast or video
Info
Channel: WPCrafter.com WordPress For Non-Techies
Views: 7,247
Rating: undefined out of 5
Keywords: malcare review, wordpress virus removal plugin, wordpress virus scan plugin, wordpress hacked, wordpress infected, wordpress hacked fix, wordpress hacked redirect, wordpress hacked 2018, how to fix hacked wordpress website, wordpress hacked can't login, wordpress hacked url injection, wordpress hacked plugin, wordpress hacked sending spam email
Id: 2yNIb4Pc_ig
Channel Id: undefined
Length: 62min 17sec (3737 seconds)
Published: Wed Feb 28 2018
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.