The following article is with Akshat Choudhary, founder of BlogVault and MalCare, two leading security products in the WordPress Community. We sat down with him to find out more about his recent success with MalCare, how he did it, and what we can all learn from him about keeping our WordPress sites secure.
Akshat, thanks for taking the time for this interview. You’re running BlogVault and MalCare, two companies settled in the WordPress security space. Can you please give us a run-down about your services?
Hi, thanks for having me.
I started BlogVault – a WordPress backup service 8 years ago. At the time, I had a full-time job, and it was meant to be a small side-project. But after putting in some consistent effort into building a good backup service, I saw how the product had great potential to grow. Fast-forward to 2018, BlogVault is one of the most popular backup services in the WordPress ecosystem right now. Presently we are trusted by over 300,000 websites, and we provide a comprehensive set of backup services that includes Daily Automatic Backups, On-Demand Backups, Real-Time Backup, Incremental Backup, Off-site Storage, Access up to 365 Days Backup, One-Click Auto Backup Restore, as well as built-in Staging and Merging feature.
We recently launched MalCare – a complete WordPress security solution to an overwhelming success. We developed MalCare from grounds up after analyzing over 240,000 websites over the course of 2 years. MalCare comes with a comprehensive set of features that scans, cleans, and protects your site.
MalCare offers a powerful Scanner that doesn’t slow down a site and goes beyond just signature matching to find new and complex malware. This is the type of malware that usually goes undetected in other popular scanners. It also comes with an industry first One-Click Automatic Malware Cleaner and an intelligent plugin-based Firewall that protects your website from bad traffic by using the collective intelligence of its network of sites. There’s a Site Management module that lets you manage your themes, plugins, users and WordPress core for better security of your website. MalCare facilitates implementation of WordPress security best practices, i.e., Website Hardening to strengthen your site. And it offers a premium White-Label solution along with an ability to generate beautiful and detailed Client Reports. It allows you to sell our service to your clients on your terms.
Apart from BlogVault and MalCare, we’ve built another WordPress plugin called Migrate Guru. It is a completely free one-click Migration plugin, and it’s our biggest contribution to the WordPress community.
You recently completed a hugely successful launch on AppSumo, can you tell us a bit more about that?
After building MalCare, we were looking for ways to find the right users. AppSumo seemed like a suitable channel that could bring MalCare to people who need a good security service. But since this was the first time a security product was appearing on AppSumo, we kept our expectations really low. We thought maybe some 500 people would buy our product but ended up selling over 4000 deals. MalCare was declared sold out on AppSumo.
Congrats on those results. Why do you think was your launch so successful?
A couple of things made the launch very successful. First, the reduced cost, second, a lifetime deal and third, a really good product.
Security plugins are an expensive affair. When we offered our $259 yearly Business Plan at a price of $49 for a lifetime, people couldn’t resist.
And not to blow our own trumpet but we know the product that we have built. We believe MalCare is a great product because if it weren’t, we would have still been working on it. One of MalCare biggest USP is the industry-first One-Click Malware Cleaner. Generally, security plugins allow ticket-based cleaning services. If your site gets hacked today, you’ll have to raise a ticket with a security service, and they’ll clean the site for you. There are a few catches to this method. One, you’ll have to give access to your site to an unknown security professional and two the process is time-consuming. For a hacked site, time is of the essence. There are many dangers of delay. Google can blacklist the site; web hosts can suspend your account. You’ll experience a drop in the visitors and revenue count among other things. MalCare Cleaner fast tracks the process. With MalCare, users can clean their site instantly with just one-click. It wipes off all traces of malware from a site while also offering post-hack protective features.
We shared our entire AppSumo journey as transparently as we could on our blog, for those interested.
According to CodeInWP, WordPress powers around 30% of the entire Internet. This makes it a very attractive platform for hackers, doesn’t it?
It certainly does. Popularity draws more and more new users, but it also puts a target on the back. Moreover, with the advancement in technology, hackers are developing abilities to execute really complicated hacks. It’s hard to even recognize a hack. Having been involved in the WordPress community for so long, we knew there was a need for an intelligent security service, one that comes at an affordable price and can combat sophisticated hacks. We are very happy to be able to offer the WordPress community a valuable service.
In what state do you see the current WordPress security space? Are bloggers and business owners becoming more aware of the threats they face when running WordPress?
There are many challenges to the WordPress ecosystem. Moving such a large ship with so much mass is a tremendous challenge. WordPress is constantly evolving but technology changes even more rapidly and thus keeping up is not easy at all. With hack attacks becoming more and more powerful and untraceable, there is a need for intelligent, intuitive security services that can ensure security in such an ecosystem.
Since you’re running two services heavily related to WordPress security and data-loss prevention, there’s one very obvious question I have. Are there protective measures that every WordPress user should take to protect their website?
Glad you asked this. Unfortunately, there is no silver bullet that can take care of all your security issues. Therefore, one must do many things, take several protective measures to keep a site safe.
- Remember, hackers can target your site even if it’s small, unpopular and draws barely any traffic. In fact, small websites are an easy catch because they take their security leniently. Hence, small sites owners must take their site’s security seriously.
- Keeping your site’s WordPress core, plugins and themes (even the ones that are inactive) updated is very important. Often developers release vulnerability patches in the form of updates. When you don’t update your site, vulnerabilities in the core themes and plugins remain and could be exploited to break into your site.
- Migrate your site to HTTPS. It encrypts information that your visitor inserts in your site. It’s a good security practice, one that even Google recommends. Get started with an SSL certificate.
- The login page of a WordPress site is one of the targeted pages by hackers. To protect the login page, website owners can have a number of measures in place like using Firewall, limiting failed login protection, HTTP Authentication, etc.
- Apart from these, taking regular backups, deep-scanning the site on a daily basis, following WordPress recommended site hardening practices are necessary.
For the last part of this interview, I’d like to talk business for a little bit. When it comes to starting your two companies, what were two of the most important lessons you learned?
Having competitors is good. When VaultPress, a backup service developed by Automattic was launched, regular bloggers would write articles on its alternatives. They’d just google for “VaultPress competitors,” find BlogVault somewhere and call us the competitor of VaultPress. That way we got a lot of exposure. We weren’t the first ones to enter with backups in the realm of WordPress, but serendipity helped make our service into a big league player. Which is why I encourage people to pursue their ideas even if it’s not unique.
Another important lesson I’ve learned is to look for whether there are growth opportunities in the world where you want to plunge yourself into. Back in 201-0 when we released BlogVault WordPress Backup plugin, the WordPress market share was about 10%. Today it’s 31.5%. In the span of a few years, many people saw the opportunity that WordPress is providing and they built valuable businesses (like iThemes, WPEngine, Sucuri, etc.) surrounding the ecosystem.
If you could give one piece of advice to a beginning entrepreneur in the WordPress field, what would that be?
Recurring payments – 2 words which I think are key to building sustainable businesses in the WordPress space. While being a SaaS we were always a recurring business, the rest of the ecosystem was based on one-time payments. In the early days, this did make competing lot more difficult, but today we have a lot more robust business. We see a lot of traditional products/plugins in the WordPress space charging on a recurring basis. This will make our whole ecosystem much more valuable in the long run.
What do you think about the direction where WordPress, as a platform, is heading?
Gutenberg and improvements to the editor are one of the biggest things happening in WordPress currently, and it is overshadowing any other development. With this, in many ways, WordPress is getting back to improving its roots of “Democratizing Publishing.” It is a big step forward from a user experience perspective and will also serve as a platform for a great deal of innovation.
Once the dust settles on this, I feel the next few years will be about the battle with platforms such as Wix, Squarespace and more. The competitors have many advantages, but at the same time, WordPress too has great strengths – the biggest being the ecosystem. The onus will be on all of us to ensure that WordPress is the preferred choice for customers around the world.