SiteLock is a service that is sold by a lot of popular hosts. A lot of them have licensing deals with SiteLock. Hostgator is one company that is partnered with them. SiteLock seems to be a big partner with all EIG owned web hosting companies. So, there is a good chance you have heard of them before. Maybe your website has been hacked, or your host has notified you that your account has been suspended. Typically, they require you to purchase SiteLock to help safeguard your files. Should you hurry up and purchase SiteLock or is it just a waste of money? In this article I hope to teach you everything you need to know about SiteLock; then you can decide if it’s right for your website or not.
Pros & Cons of SiteLock
Pros
- Daily malware scans.
- Automatic malware removal.
- Web Application Firewall (WAF).
- Remove you from a blacklist.
- DDoS attack protection.
- Website acceleration.
- PCI compliant.
- Builds trust between your customers and your website.
Cons
- Monthly or yearly fee.
- Nothing you can’t do on your own.
- Deceptive billing.
- Lots of negative feedback.
- False claims.
How Does SiteLock Work?
You sign up through their website, or your web hosting company will send you a link to sign up with them. The process of integrating to SiteLock on your website takes up to 24 hours to install. You will get a notification whenever there is a problem. Notifications will be emailed to your inbox. You can go right to SiteLock’s product page and learn more about the process. But you are paying for site scans, backups, DDoS protection, malware removal, and a seal to build trust between your website and your customers.
SiteLock Malware Removal
Your website is scanned once a day automatically. Think of it as an anti-virus service for your web server. SiteLock uses something called “SiteLock911 scans.” What this does is scan all your files on your server to see if there is any malware injected into them. If any files are corrupted SiteLock will download them and reupload your data. It sounds like a simple process for safeguarding your data, but as you will see it isn’t that black and white.
Sitelock Security
I’m not going to argue the fact that websites getting hacked aren’t a big problem. But, some host does get hacked more frequently than another host. I have worked on dozens of sites over they years and seen the ugly world of hackers. A lot of webmasters don’t know that they are hacked until they get a message from Google or someone points it out. For me, since I use the WordPress platform exclusively I have written an article on checking WordPress for malware.
Does SiteLock Work?
Yes, SiteLock does work, and over 5 million websites have installed SiteLock on their website. I do encourage you to keep reading about SiteLock because I am going to show you why you don’t need this service, though.
SiteLock Cost
There are some different options for SiteLock. You can just display a simple badge on your website that is “supposed” to scare hackers away from your site. SiteLock also states that having their badge on your site increases trust and conversions will be increased by 15%. There are no commitments with SiteLock, and you can even get a 30-day risk-free trial. Here is a look at the current plans they offer:
However, webmasters have reported that it can cost an extra $30 to $300 to repair single pages on their website. So, basically what I am stating is your paying SiteLock for a monthly fee for security, and then your website ends up getting hacked. There is some malware installed on the site and then you will need to pay more money to fix the problematic pages. It doesn’t seem fair to me. In fact, there have been a lot of webmasters that are always complaining about SiteLock’s business practices.
SiteLock Reviews
Here is a bit of rant I found by Nathan Hammond which warns people to stay away from SiteLock. It does drive home a good point though that SiteLock baits you in with a 30-day free trial and makes it hard to cancel:
https://www.youtube.com/watch?v=MsiGSDFhNcY
So, what are other webmasters saying about SiteLock? To answer this question I went to Google and typed in “SiteLock Reviews” and was shocked at what came up on the first page of Google:
Doesitreallywork.org This site showed the features of SiteLock and 21 people gave it a thumbs up, and 33 gave it a thumbs down. The comments on this article were very negative, though. People state that that customer support is “pushy” and people feel SiteLock paid people to leave positive feedback about them.
Jlellis.net This is a post written by Jennifer Ellis who practices law. She feels that SiteLock tricked her because they told her they didn’t scan the “full” website. SiteLock urged her to pay $199 to remove links from her site. Her website was blacklisted. It turns out there wasn’t anything wrong with the site in the first place. People left comments on her article and are always complaining about canceling their service, spending more money to fix problems, etc.
There are various complaints on consumeraffairs.com, webmastertalk.net, ripoffreport.com, etc. from webmasters that feel they were conned by SiteLock.
Final SiteLock Review
I do not recommend that you sign up with SiteLock. The conclusion I draw from them is you pay a monthly bill, your website gets hacked, and then you have to pay more money to fix the problems. Sure, they do work but at the end of the day the prices to fix problems don’t seem to be worth it. Be careful if you are with any EIG owned web hosts because they are partnered with SiteLock and tend to really push this service on to their customers.
I feel that there are some WordPress plugins that you can use to protect your website. A lot of them are free. I use Wordfence (the free version), and they have been amazing. I just don’t feel SiteLock is worth the money. There is a good chance that you could end up spending money if your site gets hacked on top of your current monthly bill. It doesn’t seem worth it to me.
Please read the comment below for even more insight into SiteLock. If you have experience using SiteLock yourself then please leave your comments down below about SiteLock. Are their services good or bad? Worth it or not? Why?
Emily Giguere says
Hi Garen
I have never heard of SiteLock and I did not know that having your website scanned was a thing. I mean, I thought that the hosting platform would perform such a task. Am I wrong? After reading your review, I have to agree that SiteLock is not necessary. It seems like they hook you with a free membership but then “pretend” that you actually need to pay more to have additional or full on scans of your site. And that is misrepresentation if they originally say that it was free.
Garen says
Most host will do a scan on your website for free. For instance I have asked InMotion to run a scan on my server a couple times before. They ran a scan and didn’t charge me anything. I really think SiteLock is a waste of money!
James thompson says
The biggest thing here I’ve noticed in these reviews on Sitelock is the lack of education. Sitelock doesn’t appear to be a scam. It’s the misinterpretation of services offered and the technical understanding of website security as a whole by many uneducated website owners/consumers. Don’t blame the company because of what your host support or sales rep is saying about it. They are not specialists in the company product or the technical aspects of what it entails and the web application firewall is always a good thing to have on any website that exists.
Jessica says
Agree. Today hosting companies concentrate on selling you something and often don’t even understand what they sell.
Sitelock is a good software.
jeroen de wit says
don’t get suckered people , you sign a total one sided contract that only benefits them , you are stuck for a year to pay them way to much money for a service where there are better and cheaper alternatives then signing with this company . 50% of an annual fee as cancellation , that is what you call a true scam.
Jake says
Their sales people are very pushy and will trick you into paying for their services for entire year. I got a notice from my dashboard that my website had some vulnerabilities and SiteLock said it was urgent. Otherwise, my websites seal would no longer be in good standing. The price for fixing the problem was in the hundreds. I actually checked my website with https://sucuri.net/ and found out that there wasn’t really anything wrong with the website.
I requested a refund and SiteLock would not honor it. This company extorts people into getting more money from you. There should seriously be something done about this. They are charging people a monthly fee for protection. Then, they will tell you something is wrong when in actuality there isn’t anything wrong. Don’t let them trick you out of your money.
Garen says
Thanks for your input. Sorry, you had to deal with SiteLock.
Ryan says
Unfortunately, I was conned by SiteLock. I use BlueHost and one day they contacted me because they suspended my account. There was a malware injection which they discovered. I panicked at the time and didn’t know what to do. I spoke with a SiteLock agent. He was very smooth talking and eventually signed me up for a $14.99 a month plan.
About 4 months after SiteLock I got a message in my Google Webmaster Tools. This told me my website had been hacked. I contacted SiteLock. They were unaware of the problem at first. Later they told me there was malware on the site. They requested that I pay them $249 to resolve the malware.
I couldn’t believe this. Why am I paying $14.99 for a service that is supposed to protect my website. Then it gets hacked and these these people want $249 to fix it! I canceled my account with SiteLock and hired someone on Upwork to fix my site for $15.
I feel cheated by SiteLock. Learn from my mistake and avoid them if they ever approach you. There are hundreds of stories like mine that I have read online. This is horrible!
Garen says
Hey Ryan,
Thanks for stopping by and sharing your experience with us. $249 to clean up the malware and still charge you $14.99 a month for something that is supposed to protect you doesn’t seem like a worthwhile expense.
Kane says
It’s impossible to be 100% effective in thwarting malicious attacks…
The $15 per month subscription IS GOING TO stop a lot of mischievous behaviour, just because some expertly developed malware may slip through the cracks doesn’t mean your money has been wasted.
Your complaint against SiteLock is like spending $15 on a meal at a restaurant and being upset about having to pay for more food to fill your stomach. This isn’t really the restaurants fault and it’s not really your fault, but what do you do about it? You either go hungry, or you order more…
Brian says
Hey, I’m currently going through the same problem that you did a couple years ago. I’m getting smooth talked by a Sitelock rep too.
What was your experience with the person you used from Upwork? Can you recommend that person? I’m interested in taking this route!
Thanks!
swampscrapper says
I am very troubled that now that HostGator has a strategic partnership with SiteLock, I have seen a dramatic uptick in security and malware issues on my hostgator servers. After years of only having an issue of perhaps one per year, I am now dealing with new reports of malware on a weekly basis and more. Imagine how much money that would be if you could set a script on a server (and lets face it, this would be a piece of cake for HG) that would set off malware and antivirus detectors? Then you sell your clients marketing details to SiteLock and let them sell you a $100 or $500 / year fix PER DOMAIN!! You could be talking many many millions of dollars. Scary stuff.
Garen says
I agree it’s really kind of an unethical business plan in my opinion. Charging people for protection and then once that fails charging $100+ doesn’t seem right to me.
Mohammed says
Similarly BlueHost as well 🙁
They renewed my SiteLock subscription without my approval. There is nowhere on the website to cancel it manually or put the renewal to manual. Strangely, they renewed it at the time when I was searching and looking for SiteLock reviews and how to cancel it. Although there are other services which expire at the same time as the SiteLock, only SiteLock got renewed. Daammn!
Later, I contacted BlueHost by chat and got it cancelled and got full refund.
Misti says
You can cancel it by setting it to expire under products and services. Go to home then on the right hand side you can go to my products under account. The three dots on the right hand side allow you to upgrade your Sitelock service or you can set it to expire. I didn’t see an option to cancel, but that should help not renew automatically. I just got my bill for rewewal and was floored because of the price. Turns out it has a lot to do with the $32.04/month SiteLock renewal.
JP says
The sales people are so pushy. I can’t imagine why anyone would want to sign up with SiteLock. I tried them out for 20 days and cancelled before I was billed. As soon as something happens to your website SiteLock is nowhere to be found. After 4 days they wanted to charge us 300+ dollars to fix our website! What a complete waste of time. I asked for my refund for the last 8 months of service. They wouldn’t even give me my money back for the last month. Way to go SiteLock; I am sure this will come back to haunt you!
Garen says
Thanks for letting us know the sales people are pushy. I have heard a number of times that they are very pushy. The real problem is when you actually need them they want to charge you a boatload to fix it. Kind of looks a little unethical to me. Who in their right mind would pay to prevent something and then pay more just to have it fixed? Wouldn’t it be a better option to invest in a backup plugin or security plugin?
Rebecca says
I have to say I disagree and believe SiteLock is an excellent service. If you’re successful with your website it’s a matter of time before you website will be hacked. If you’re website is unsecure your setting yourself up for failure.
SiteLock has helped me a number of times minimize a complete disaster. True, they charged me money for the help, but aren’t businesses in business to make money. They can’t just do it out of the kindness of their own hearts?
Garen says
Thanks for your feedback.
I have to disagree with that statement because hackers don’t seek money. Instead they look for vulnerabilities and then exploit them. I really don’t feel they are service worth paying for.
Andylim says
If I already sign the year agreement with sitelock how can I cancel. It automatically transfer my money without letting me know. Please help me
Russ says
“If you’re successful with your website it’s a matter of time before you website will be hacked.” – that is exactly, word for word, what the Sitelock representative said to me last night. This comment sounds a lot like Sitelock propaganda…
Garen says
I agree it seems like a high-pressure sales tactic to me. Hence, why I wrote this article to show people how their service works.
Sally Adams says
I thought the same thing.
Racheal says
After using them for 8 months I discovered that my website has been corrupt for about 2 weeks. No one at SiteLock ever pointed this out to me. This sort of protection isn’t worth the monthly fee I have paid them. I asked for a refund and they told me they won’t refund me.
Forget them and I want the world to know they are not worth a second look. They should be shut down. They have cost me lots of money, time, and I have lost countless hours of sleep because of them.
Garen says
Thanks for letting us know.
Unhappy Customer says
Unfortunately, I signed up with SiteLock during their 30 day free trial. The sales people were very pushy and wouldn’t take no for an answer. Seeing how it didn’t cost me anything for the first 30 days I figured it couldn’t be that bad. I did plan on cancelling, but didn’t get around to it.
I was wrong though! So two months went by and I forgot to cancel my account with SiteLock. I was charged $19.99 for the first month of service. Then about 1 week into their protection Hostgator sent me an email that said our website was infected with malware.
Then, our website was completely taken offline. SiteLock wanted $500 to fix it. There was a problem with a file which had a lot of extra PHP code installed on it. We paid this $19.99/month so we wouldn’t have to worry about being hacked. Or shall I say was pushed into the service by their sales staff.
I asked Hostgator for all my data and moved to SiteGround. From their I hired someone on Upwork to help me fix the problem. It was a simple fix and it only cost me $35 to fix. Why did SiteLock want me to pay them $500 to fix the problem? This seems like extortion. I just can’t get over the $500 they wanted to fix this. Why did someone at Upwork fix it for $35 and they wanted almost 15X more money to fix it?
Anyone that is looking into them needs to be warned that they charge you monthly and then once something does happen they tack on a much bigger bill. It’s sad the business ethics that they have. I lost a lot of respect for Hostgator for even partnering which such a backwards company. Shame on Hostgator and SiteLock!
Garen says
A number of years ago I had a problem with an exploit on a website I ran. I went to oDesk (now Upwork) and found someone that could fix the problem for $40. That is more practical than paying SiteLock $500 to fix something and then a monthly fee to help prevent the problem.
Happy SiteLock Customer says
I have been using SiteLock for about 6 months and I am pretty pleased with the service. We use TrueSpeed CDN which is great for speeding up the speed of our website. It used to take 3 seconds to load but now takes 1.5. SiteLock’s customer support has always been helpful. We haven’t been hacked or anything in 6 months. I have heard that a lot of websites go months on end without being fixed because a lot of webmasters are unaware of it.
Overall, I really feel we are in great hands with SiteLock.
Garen says
Glad you’re happy with them.
Sister Wolf says
Sitelock is just a scam run by a bunch of thieves. If you read the customer agreement to the end, they accept NO LIABILITY at all for anything they do to your website.
I was urged to get their services by Bluehost and stupidly paid $500 for a year of high level security. Now they “found” three pieces of “malware” and demand a fee of $300 to remove them.
A guy named “Sean” yelled at me when I asked what the $500 was for.
If there is a way I can expose them to a larger group, I will find it.
Complete waste.
Garen says
$800 in total for something that is supposed to give you a piece of mind. Then something happens. What a waste! Many people have already pointed out this problem and it looks like SiteLock has done the same to you.
Eligho says
I think the con goes even further. Please read and see if you agree with this scenario…..which in fact has happened to me: Sitelock has relationships with ISPs (Internet Service Providers) and Hosting Centers……like StartLogic. Every so often, they launch a client attack campaign that brings down WordPress and then…..wala! They have just the solution to get the clients back up and running. For a monthly subscription that is very difficult to terminate…….what a great revenue model!
Garen says
Yes, I have heard rumors of this before. It’s sad that they have these types of partnerships. Wouldn’t surprise me one bit if that is what they are doing. They get really bad feedback with a lot of webmasters.
Divo says
Recently, IPage has suspended my website that it has malwares. SiteLock was in my initial plan so I was kind of surprise when I heard the notice. Contacted SiteLock and they’re pushing for me to sign up to a plan so that they can scan the website, clean the malware and put up a firewall to prevent further vulnerabiliy. This plan would have to go for 6 months. My site is just a simple blog. No user registration except for subscription to newsletter. What can I do to get my site back up without throwing away $$. Google webmaster tool shows that my site is malware free. Appreciate help.
Garen says
You could transfer to Inmotion for free. They do free scans on your website/websites and don’t sell you this SiteLock service, either.
Stefan says
I was recently scammed by this guys. I was hacked, one of my websites. I call hostgator, they send me to talk with Sitelock. have no idea when they do that. Next, they ask me to pay 99$ for one website, each month. And ask me to gave to them my credit card details on the phone!! I was scared, and i gave them they want. So, 99$/month, two websites, 198$/month.
Then, one of my websites stop working because Sitelock install a firewall and i was having issues with my customers. They all open cases in paypal, and next was that paypal restricted my account. Next, my bank account, zero. Paypal not let me to withdraw money. Next, Sitelock want to charge my credit card…Surprise, they do not finding any money in my account. Because of Sitelock, of course!
Then, they start calling me, i get a phone call to 3.00 am!! My little boy, 3 months old, was in shock.
And still pretend money from me. They do not want to let me to go!! After all they are doing to me!
I just want to be free of these scammers. Maybe i am paranoic, but, if i have right, i am sure that in few days, my websites will be on target for hackers. I want to tell you guys that i never have a problem before, this is the first time in 6 years. I am just curious about. i will come back here and tell you if i have right.
i have no time to read their terms&conditions, read the contract, nothing They push me to gave my credit card details, and they made all they want, but first, they charge my ccredit card. I do not have time to read about their services, nothing!
I am not a good english speaker and i do understand many things they tell me on the phone. But, the fact is they take from me many money.. And still want to charge me. Extortion?? 100%.
Horror story? What you need more, guys? Stay away!!!
Garen says
Thanks for letting us know your story. Let me know what happens. Lots of people have reported the same thing about SiteLock.
Ankit Vats says
Hey, It happens with me also, hostgator forcing sitelock services to me, I pay them $117 each month for VPS hosting & now they forcing me to pay $500 for yearly contract to sitelock for securing my site, not to mention they suspend my server for several days & I was struggling to get my site up & their support is worst now, it was very good a few years ago but from past year I am having huge trouble with them, I also have a doubt they are messing up with my server to sell their partner’s sitelock services. I am migrating to other good server. I am assuming the company must be in huge loss so they are trying to fool their big customers, obviously reason is competition. I have not enough time to post my whole story, so in a short story- Do not opt for hostgator & neither sitelock.
BookMyIdentity says
Nice analysis! This post rightly sheds vital inputs whether SiteLock is a credible tool in today’s hackers’ era or not!
Divo says
My host is iPage and i’m just incredibly sad with the experience. Is as though they put the malware on your site themselves. They told me my site had malware and that I should clean it or preferably contact SiteLock. I contacted SiteLock and they told me to sign a six months contract which I hesitated because I felt I could do it myself. Once I successfully removed the files and malwares, and updated the ticket, SITELOCK immediately send me a reminder email consisting of the clean up contract. After scanning my website again, I was told that I had malwares again. I had to write IPage this time around expressing my dissatifaction in their service and how I just deleted a file and after a scan thesame files reappear as if someone just put it back they. The final scan appeared cleaned and my website enabled. This is just unbelievable.
MGant says
I just had something similar happen with Hostgator. I was hacked and wanted to start out fresh so I deleted all my website files including an empty folder I used for a project. Couple days later the folder is back. I deleted it again and emptied trash. Couple days later, it reappears. Was forced to use Chat to contact support. Told the guy what happened and he said it was a sympton of malware and started a sales pitch. I told him I didn’t want sitelock. I only wanted to know if there was any reason besides malware a deleted folder would be restored. The guy kept on with the sales pitch. It was as if he wasn’t reading my responses.
Garen says
Yeah, iPage is another company that is owned by EIG. They seem to be a big partner with EIG owned companies. Most of the EIG owned companies I have tried I would prefer avoiding, though.
J Morgan says
I was contacted by a sitelock email stating I had a malware injection on a new site I was developing. My response was fear based so I immediately contacted them. We have been attacked on a different site a couple years ago, which we fixed so I was familiar with the headaches involved. The salesperson was very good, tried to upsell me for a small fortune to “protect” all my sites which would have been a huge monthly expense. I figured I’d test them on this site first. In hindsight, my biggest regret was not thoroughly researching sitelock before handing over the cc & signing up. Sitelock prevented my programmer from accessing the sourcecode to fix ” so called problem”, I could not change my password and the sitelock scans showed a false positive after a lot of WASTED time on my part and my programmers part. Google webmaster tools showed zero problems.
I had no choice but to cancel because they were seriously a bigger problem than an actual service that makes life easier. Cancelling was another pain, and they charged me for another month of their service because of the 30 day cancellation notice, they told me they could not re-set my servers, which my hosting company did in a matter of minutes. It does worry me that my hosting company has partnered with sitelock, as I feel their reputation will be adversely affected.
I had hoped that this company would diminish a problem we all face daily. But, in my experience, I felt seriously jerked around. I am a very busy person and when I feel my time has been completely wasted and I had to actually pay for it I am pissed at myself for being played the fool. Lesson learned, Caveat Emptor. I feel they were not honest with me, THERE WAS NO PROBLEM and the fear mongering business practice basically sucks. There is enough fear mongering as of lately.
Garen says
Thanks for leaving your experience. What web hosting company are you using?
J Morgan says
I use Hostgator and I have never had any problems with hostgator in fact I really liked them and they have been outstanding solving any technical issues. Customer service was excellent over the last 6 years. My concern is the conglomerate EIG and potential decline of what I knew as a good company.
Garen says
I actually used to use Hostgator years ago. As soon as EIG bought them out in 2012 I noticed that the quality of service really started to go downhill. Hopefully, they are better than they were in the past. They even billed me twice a month for 2 years. I believe I still have credit with them. They won’t release the money to me, but instead tell me if I want to host with them I can use the credit. I told them “really we are going to fuss and fight about $50”?
Not to mention that I have suspicions of them cheating their affiliates.
J Morgan says
So disappointing to hear and I am so sorry for your experience. It’s sad really and pathetic. I struggle to understand that type of business ethic. Keep sending them a bill with compounded interest….! That is just wrong on so many levels.
Reputation management is so important these days with social ambassadors who could work for
them for free right? Apparently they don’t get it. You treat people right and they
do the same in return. Your right if they continue this type of service it will hurt them and has already.
Quik question for you Tbwhs… looks like you have done your due dilligence and
research on hosting companies, can you refer any solid companies ? Thanks for your time.
Garen says
Yeah, you would think people would understand business ethics, but sadly some hosting companies don’t.
Sure, I can recommend hosting companies. Send me an email through my contact form.
anti_sharia says
I totally agree. I use one dot com as my host, and they too try heavily to upsell to SiteLock, and I am seriously unwilling. To me, the service seems to be scam-like-level of customer interface, and I am not willing to dance along…
Garen says
Thanks for letting us know. You could always switch to a host that isn’t affiliated with SiteLock.
June says
I was with iPower for years with one of my sites… but no longer because of SiteLock. I was so angry that I had a rant on social media (which is not common for me – I’m not one of those trolling types), I copied and pasted my rant below as it pretty much explains everything.
SCAM ALERT! If any of my friends run their own websites, beware if your webhost uses SiteLock as a partner. I probably wouldn’t have written this status except now they have PISSED ME OFF EXCEPTIONALLY by SUSPENDING my website under false pretenses. SiteLock uses deceptive and manipulative tactics to get you to sign up with them. I have received a
number of emails from my webhost over the last year or so saying one of my websites (not my main business one, thankfully) has been infected with malware and that I should get SiteLock to fix it for me.
Because I have an IT specialist updating and doing security scans on my websites, they warned me about this company’s aggressive tactics and a google search shows up numerous complaints about this company. However, I’ve normally just ignored all these emails in the past as the IT company I use has checked and assured me all the files are okay. A couple of days ago, they not only sent me yet another email telling me I may have malware on my site – but they actually suspended my site and took it offline. Yes SUSPENDED it!
Now I would accept this if the site genuinely had been hacked but again my IT specialist checked everything they specified and nothing is wrong – supposedly there are “non-standard” files but they have been there for years and no files have been recently changed that could have been an indicator of malicious code inserted.
They are basically pretending there is something wrong with your website and trying to scare you into signing up with them – but I have an IT background myself and know a bit about these things. Even though we deleted these supposedly problem files and the web host has unsuspended the site – I am now getting emails directly from SiteLock asking me to call them to fix up the site and how my site is in danger of being compromised. What a rort!
I am now going to be moving to another webhost because I am sick of these strong-arm tactics but I wanted everyone to know – have nothing to do with SiteLock! If your webhost starts sending you messages saying your site may have malware and that you should contact SiteLock then RUN, RUN, RUN!!!
Signed off,
A highly crapped off webhost customer.
Garen says
Hey June,
Thanks for sharing your story with me and my readers. Yeah, SiteLock has done this to a number of people over the years. Hence, the reason on why I wrote this article. Lot’s of webmasters feel like they were duped by SiteLock. They seem to suspend your account and the only way to get your account back is you have to sign up with SiteLock . It seems like an extortion tactic if you ask me. A lot of EIG owned companies are partnered with them.
Do you know which hosting company you are going to switch to?
June says
We’ve switched to Siteground because they appear not to have any association with SiteLock. I don’t know how long that will last though. When we researched new webhosts, it appeared that different hosts have different levels of partnership with SiteLock. The ones at the highest level of partnership or affiliate I assume are the ones where you get the aggressive emails that we received. I have other websites with other webhosts (I never host all sites with one company for a number of reasons) who seem to have lower level affiliation with SiteLock – eg. it’s offered as an option through the Control Panel or vdeck. However, as long as they don’t hassle us with aggressive emails or suspend our sites, we’ll keep hosting with them. I may switch one of my other sites to a company with no SiteLock affiliation at all because it’s my main business website and I don’t want that unnecessarily suspended! The problem is though that even if there’s no SiteLock affiliation now, that’s not to say there won’t be one in future. I must say however, that quite a few webhosting companies missed out on us as new customers because we could see they were SiteLock partners.
Garen says
Hey June,
That was a smart move to host with SiteGround. They are one of my recommended web hosting companies. They are not affiliated with SiteLock either. I really believe it’s unethical to ban accounts and require you to sign up with SiteLock in order to restore your account.
Hopefully, everything works out for you and you have a hassle free experience.
Eric Pasquel says
“The Service Plan will automatically renew at the end of the Term for the same term length of the Term unless Customer cancels the Service Plan thirty (30) days prior to the end of the current service term by calling SiteLock pursuant to the Terms and Conditions (defined below), and each and any renewal term will be considered part of the “Term.”
But they won’t take a cancellation until 30 days prior, effectively forcing an auto-renew. Won’t take cancellation via support ticket only the phone call. Won’t get a manager. I finally got somewhere when I expected I would be putting a stop payment on the credit card for them and they were welcome to show up here in small claims court.
Their security seems to confuse DNS redirects with actual security, which was the biggest reason I had to find a way to leave them. Couldn’t pass audits with SiteLock hosted on BlueHost.
Krishna van den Brule says
Sitelock look like a scam. Rude service. Not helping only selling. Do not use it.
Mike says
Hi, Garen 🙂
I really appreciate your page/blog post. You did all the homework I didn’t have time to do, and you make all the points necessary. My church’s other IT volunteer signed up for SiteLock, and I was against it but didn’t have the time to argue “why.”
Again, thanks for this post about SiteLock. Our host was pushing for them, and I was discouraging paying for another product we didn’t need…. but I lost to time. Good info for future reference, though. Take care, be well!
Mike
Garen says
Thanks for your kind words. I would just email this article to them. That should prevent them from wanting to go ahead and use SiteLock. It’s a service you don’t really need. There are free plugins that can do the same thing SiteLock can do. Save your money for things you actually need 🙂
Holly says
I wish I would have read this. I’m in a world of pain because I signed up with iPower. Also, I figured I would sign up with SiteLock. It only cost $1.66/month. This was $19.95 for a year of service. However, after three months of service, my site got hacked. I was annoyed. But, SiteLock wanted me to pay $150 to restore it? I told them no and cancel my service. They did but didn’t give me a refund. I moved to NameCheap. They fixed the malware for free.
So, I would have to say avoid iPower and SiteLock both. Not worth it at all.
Garen says
Yes, SiteLock has done this to many others in the past years. Really can’t understand why so many people sign up with them.
Good to see you got away from iPower and SiteLock. They both get horrible reviews on tbwhs.com
Ray Hall says
The company SITELOCK.com is a company nobody should be doing business with. My website was compromised and was nervous about getting something like this to begin with. They protect your site from themselves. They charge a ridiculous amount of money to give you the service and are laughing all the way to the bank.
I just tried cancelling my service and had a very hard time finding the actual credit/debit card I used and said they only way to cancel is if you verify the cc. Well I have 13 business account and 22 different cards and once I gave them all the info… they said it needs to be within 30 days prior to cancelling so that they dont charge my card again. That took the cake. It took me a couple days and that was less than 30 days before it got cleared up.. so they charged me again. HORRIBLE, simply horrible. SCAM, Scammers, Hoax.
david breslow says
Hi,
My host is hostgator and someone hacked my cpanel and ALL 4 SITES in my account. I cannot login and all 4 are blacklisted–basically unreachable online–always get the red “warning” page telling everyone to “go back” to avoid malware!!!
Garen says
You should have a notice from GMT (Google Webmaster Tools), too. I have had to hire someone to fix site hacks and get that message off my site in the past. I am guessing SiteLock wants to charge you for the fix, too.
Paul D. says
Disclaimer: I am the founder of WPHackedHelp. We feel SiteLock is expensive, and their relationship with hosting companies makes them a bit..not sure the word.
We cleaned up a BlueHost website within 2 hours, and then it has been 24 hours, and Bluehost is still pushing our clients and us to buy SiteLock. They are a bit of a ripoff in that sense.
I know people who paid few hundred dollars with SiteLock, and they are happy, I think. However, it’s not a nice thing to just push people to send them that much money when there are cheaper and more focused alternatives.
Eliza says
SiteLock is still on the hunt for new potential prospects. Some of my sites are with iPage. SiteLock called me to say some pages of my sites had been infected and I needed to pay them a monthly fee to protect them. They referred me to a document under the Stats folder that showed 3 files being infected. They were plugins that were reported in the text document from last month, and those plugins had already been removed. I received an email from another security plugin I have that alerted me to the infected files, and had already removed them.
Now it sounds like iPage will blacklist my site if I don’t sign up with SiteLock. That is absolutely unethical. The sales guy wanted me to commit to something right away, monthly payment plan. He was also asking me questions that were none of his business. Like, what are my sites for? Are they client sites that are paying me money? Etc… So I managed to push him off til next week to call me back and give him a decision.
Meanwhile, I have three other servers, I’m moving all those websites off of iPage and over to my other servers. Cancelling my iPage account. BTW, I can’t even delete any of my files on iPage, because guess what: SiteLock is true to their name: they locked my files. I can view the site, but not remove the files.
Thank goodness I did my research before paying for their scam service.
Anda says
I have both WordFence and SiteLock (the cheap version for which I pay something like under $50/year). Even with all this protection, my website was hacked and infested with a lot of malware. When I complained to SiteLock about it and asked where were they when this happened, they explained to me that for the little that I pay I can’t expect more. Granted. But then why bother paying them at all? After that conversation, they kept bombarding me with phone calls to upgrade to a monthly plan. For WordFence I used the free version, like you. When I called them about the problem they offered me a cleanup package for $149 that also includes a 1-year free Premium version for the plugin. However, it’s been over 5 days since I purchased the package and the only thing that changed is that they upgraded me to the premium version. So far my website is still affected by malware and collapses every few hours, but they don’t seem to have any urge in fixing the issues. Truth be told, almost all the companies out there are great at making promises but when you really need them, well, good luck!
Lisa L. says
Hello,
Good article. My personal site was hacked and the company I freelance for their site was hacked around the same time. We both host through GoDaddy and on two separate phone calls GD pushed for SiteLock. I decided to install WordFence (the free version) on my WordPress site and it has been wonderful. I ended up using WordFence as a tool to tell me the pages that were malicious, viewed them and deleted them right there in the plug-in’s page. Given it took me 2-3 hours to clean up but I didn’t have to pay any monthly fees. WordFence also alerts you any suspicious or malicious files as well as any updates that are needed, it has worked well for me for the past 8 months.
The company bought into SiteLock’s monthly subscription. Recently on a totally separate issue, SiteLock DID NOT alert the company to an issues with the site which was totally SHUT DOWN because of a plug-in issue. I called GoDaddy and all they said was to uninstall and reinstall the plug-ins but would not or could not tell me which plug-in was the issue. Guess who did tell me which plug-in was the issue? WordFence! I deleted the plug-in, activated the others and all was well. So SiteLock didn’t do a thing for $19.99/mo, not even a warning.
FYI, WordFence has a premium version in which they will monitor your site for no more than $8.25/mo., if I didn’t know how to clean this up myself, I would definitely use this option.
Also, is it the norm to be responsible for cleaning up your site that is hosted on a companies server? Seems deceitful that said company (GoDaddy) pushes a third party service (SiteLock) on you to clean up your website after THEIR server get hacked! It’s like going to eat at a restaurant then having to wash your dishes after.
Nicole says
Our site got hacked with viagra links, and Hostgater referred us to Sitelock. I bought the $25/month subscription. Our site got hacked again a month later. I called Sitelock to see how this could happen. They said their software doesn’t protect against the type of hack we have, and we would have to upgrade to the $99/month plan (WTF?!). I canceled Sitelock(after having to call in and stay on hold for 20 mins) and got SECURI instead for $200/year. Our site is fine and healthy now. BEWARE OF SITELOCK! THEY ARE A RIPOFF!
Garen says
Yep, it’s a common problem. Just don’t use SiteLock. They tell you they will help keep hackers out of your site. However, when you do get hacked they want money or play the blame game.
Harry says
Many of my sites were hacked all of a sudden after many years with Host Gator. They recommended Site Lock. Those were terrible moments and I found myself in a 6-month agreement with SiteLock which costs a bomb. They send messages regularly that other sites have malicious malware on them, or I need an extra robust fire wall, or this or that which cost a fortune. And the sites they are safeguarding are flagged in red as security hazard sites. And all on 6-month agreements. They are persistent. Anyone knows how to get out of an agreement with them?
Garen says
Make sure you cancel if you haven’t already. I think you are locked into a 6 month contract with them. From what I have read there isn’t a way to get around it.
Harry says
Can they still charge after the 6 months contract is over?
Garen says
It appears they have done it before. One of the reasons I warn people to stay away from SiteLock!
Some reader says
There’s a thing that really bother me here.
You pay them for to scan your site, alright. If they found a compromised file, they remove it and replace it with a safe version, alright.
But let’s things be clear, you can do a scan by yourself, there’s a lot of tools (some even are free) for to help you do it. You can even found some that will do it automatically for you. Same, you can replace the compromised files yourself without the help of anyone.
No, unless you’ve at least some knowledge in network security, the one and only thing you can’t do by yourself is understanding how your file have been compromised. And it’s the most important part, right ? I mean, removing a compromised file is useless if the security breach is still here. Your site will not be more secure because of this, it will just stop to be a possible threat for your visitors ; which isn’t a bad thing but not all what you want.
Take some of the most viral worm spreading in the net history. Yeah, take Sasser by example. At this time my own IDS was like a christmas tree, turning orange each two/three minutes because my network was hit by a compromised host trying to spread its threat. In case like this, removing the compromised file from your site will just lead to another corruption few minutes later (I don’t want to imagine the sitelock bill at the end of the day). In more basic case, it can be a day later like it can took months, but it will happen again since the breach is still here.
So, like I said, removing the compromised file isn’t enough, you also need to remove the security breach, and that’s why you pay an external society for to secure your site. They’ll do a pentest, fill the breach and explain you why it was here and how to avoid it in the future.
I must have misread both your article and the comments (to be fair I haven’t read them all), because I don’t remember someone talking about sitelock doing this part… even if it’s the first thing anyone should expect from the society in charge of the security of their site(s).
So, basically the business plan of sitelock is to let people pay for to put sitelock ads on their own sites, and have major hosting companies force you to sign with them for to discharge the said hosting companies in case of compromission of your sites. They do what you can do, and they don’t do what you pay them for… It’s not a security company, it’s a scam company.
sam johnson says
Nov 2016 I hired SiteLock (via BlueHost web hosting company) for 6 months at $99/month to protect my high school memorabilia web site.It was a 6 month commitment and paid with my AMEX card.
Each month Sitelock billed and AMEX paid. After 7 payments/months I called AND emailed numerous times to cancel my account. No response from Sitelock except one rep who emailed me to ” call back at regular business hours (M-F)”. Well, after 4 calls (over 2 weeks) to billing (always got VOICE MAIL and no call backs), I finally called main # and argued my way into finally talking to billing (main # also got billing voice mail and I insisted they try again).
BILLING REFUSED TO CANCEL, putting me on hold 3 times (total of over 31 minutes!!!!), and stating (1) I hadn’t fulfilled my contract (I had), and, that (2) I needed to call back exactly at the billing anniversary DAY because that’s what I had agreed to in order to cancel at the required 30 day window. !!!!!! MY CURRENT CALL WAS NOT GOOD ENOUGH TO CANCEL in the future even though I had paid 7 months (they said 5) already. AMEX verified the 7 payments.
And so I asked AMEX to stop all bills from the SiteLock people as I have proof from AMEX that I paid as required. SiteLock treated me VERY badly… and looking for on-line reviews (including youtube) verifies that I’m not the only one.
It seems that the only good reviews are from co-marketers of their product.NEVER AGAIN!!!
Review about: Sitelock Website Security.
I didn’t like: Fraud with contract, Poor service.
Victoria says
Yikes!! I’m with Hostgator, another commenter was as well. I received an email from Sitelock stating that my site was infected with malware. I was a bit panicked and felt very vulnerable. I spoke with someone at Sitelock and felt so overwhelmed. I signed up two of my sites for their service and now pay $40 a month for each. I also had to pay an extra $100 to get the malware removed. She made it sound like it was VITAL to get their service. I felt like my hands were tied. She said that I would rank better in Google once everything was cleaned up and protected. Now I feel a bit swindled 🙁
What are non-techie people supposed to do to protect our sites without spending an arm and a leg? Seriously, what should we do?
Sharon says
Agreed. I feel the same way. I feel that I was taken advantage of at a vulnerable moment, and now they won’t work with you at all. They were super nice to get you to sign the papers, and now they stonewall you. Most companies do not act like this.
Lawrence Carnegie says
Stay away from Sitelock. I experienced what appears to be a scam. Sitelock offered me a three-month website protection plan for $50 per month and said that a 30-day advance notification would easily cancel the service at any time. When I tried to cancel the service early, Sitelock informed me that I had signed a 6-month service agreement and would have to pay $150 cancellation fee. Ultimately, Sitelock misrepresented the original, stating that they do not write three-month agreements. I cannot prove it, but Sitelock knowingly offered me a three-month agreement but enrolled me into a six-month agreement. This practice appears to be a scam to me!
Ricko says
Well, there’s a reason why their price isn’t transparent, mostly company like this charges tons of money just to do a simple thing. They service is weird, malware removal need 3 months? are you kidding me?
Another security company only need an hour to fix a malware.
And I got hacked and the hacker put tons of malware, I just download all files and scan it using Avast, in just a minute all files cleaned and the malware deleted. Reupload via FTP and it works like a charm.
And I locked xmlrpc, and all restricted page in the system, hide admin user, move login page. And my wordpress never got hacked anymore since 2013.
When I searched services to remove malware, the cheapest price that I got is $300, some of them charged $1000, which is ridiculously unbelievable.
So before I got tricked, I tried to do it by my self, it’s not that hard even for a beginner in wordpress like me.
I’m so sad many greedy company tricked a newbie with expensive price just to remove malware. This is unprofessional etiquette, looks like a scammer.
For any beginner, do it your self before hire a developer or IT guy, so you can prevent a fraud.
Hedgerow Bustle says
I have had a very different experience with SiteLock. I’ve used them for three, maybe four years. I can’t remember.
First, I pay $18.00/mo for three websites. Second, I use other scan tools in addition to SiteLock. Third, I never pay SiteLock to fix anything. They do scan the sites with multiple levels of scan at differing intervals, and I have received notices of both vulnerabilities and, very rarely, some malware infestation.
My sites run on a managed VPS that isn’t in anyway affiliated with EIG. The host does a good job securing the server. I have multiple scan tools running on my sites. I have automated server and site backups running frequently.
If there is a problem I usually get a prompt notification (sometimes from SiteLock, sometimes from one of the other tools) and just restore from something recent and clean. This usually takes about 10 minutes.
I do think it’s true that they make a lot of money off people who don’t have any technical expertise and have no idea how to protect themselves. I also think it’s true they make a lot of money offering cheap lead-in services through crappy EIG web hosts. But web security is a multi-tiered problem and you need a multi-tiered solution.
For me, SiteLock has been a satisfactory tool in that solution. I wouldn’t pay any more than the $6/site/mo that I pay now, but for what I pay it’s fine.
Linda says
My hosting service uses SiteLock. I received an email from SiteLock telling me that one of my sites was infected with malware. I continued to receive emails and by the end of the week SiteLock said all 21 of my sites were infected.
NOTE – THE MAJORITY OF MY DOMAINS ARE EITHER REDIRECTS OR USED FOR EMAIL PURPOSES ONLY – THERE ARE NO ACTUAL FILES ON ANY SERVER ANYWHERE IN THE WORLD! IT’S LIKE YOUR DOCTOR TELLING YOU THAT YOU HAVE GALL STONES WHEN YOU DON’T EVEN HAVE A GALLBLADDER.
On day one I called my host and told them what was going on. They transferred me to their sitelock rep. He told me I was infected and they could take care of it. I asked him to email the information and I would review it. It felt more like SiteLock Marketing $300 to clean and $20 a month per site to keep me protected. I downloaded all of my site files from the host to an external drive. I scanned that drive – clean. I took the drive to a nearby company that deals with corporate security and they scanned it – clean. I called my host back and told them what was going on and they said they would scan my sites themselves – clean.
I wrote a couple of reviews and that resulted in a call from SiteLock. I explained the situation and she proceeded to tell me that my sites were infected and sent me an email confirming their findings. I sent an email back and told her that if I ever hear from SiteLock again, I will contact my host, cancel my service and contact my attorney.
Michael says
I have an apparel retail website, and Sitelock got me for $1800. My site was hacked by Moroccan extremists who were kind enough to leave their hacker signature in my site’s code and who had found my website information on a Jewish-related website. Not only did I lose thousands of dollars in sales while my site was down, several times, they consistently didn’t answer my emails or calls. They did fix issues, but failed to get me off of Google’s blacklist- which as I’m sure every knows can be a death sentence for a retailer. My emails to customers wouldn’t work, and afterwards I lost a ton of sales because customers were very leery about using a site that had been hacked (even while we had sitelock). I ended up having to get an entirely new bank account because they make you sign a 12 month agreement under duress. They knew very well what they were doing, and claimed you can’t even cancel unless you call them in person- which is against the law.
scott says
this is freaking bs. hostgator just shut down my accounts after i JUST renewed my subscription, flagging some files for malware, files some of which were as old as 2013 =.= are there any honest hosting companies that are not partnered with sitelock?
Brian says
Sitelock.com is a scam. They lead you to believe their service will protect your site from a DoS and it still happens. They lock you into a long term contract and when there is a disruption, there is no consideration of a credit for the service they did not deliver. We had a DoS and their security layer was supposed to work and it didn’t. They explained that there system did not work the way it was supposed to. So today they call me after 12 months to ask me for my last payment and what they can do for me. I said, well at this point ‘absolutely’ nothing because that is exactly the way you treated my company with your service. The customer service agent Elantria takes my CC, then keeps saying she is sorry for what happened then after processing my card, asks me what they could do for me. Well nothing actually because they took my money and did not offer me the credit that I wanted for that month we had the DoS and they did nothing about it, . Please do your research before you pay for this service or work with sitelock, it is not worth it!
Linda Tang says
My 15 years business experience told me: Do not lie to your customers because you will not last. Obviously Hostgator and sitelock does NOT believe so. I don’t know if my website has been hacked, but hostgator and sitelock are telling different stories, and Sitelock told me that hostgator has lied to me about my site is not hacked? who should i listen to? I recorded my conversation with one of the sitelock rep, you can check it on https://www.youtube.com/watch?v=H5frsKdQNE0 … . I couldn’t calm down because my husband was about to pay and he told me they need to charge total about $1000+ so i came out of the shower talked to the sitelock rep. We talked to this sitelock rep. a day before, he told me that we could pay for $45 per month and then can bring our site back, now he needs to charge both the clean fee $399 times two sites, and plus $70 per month, that’s more than $1000 total. TOTALLY SCAM! DO NOT FALL FOR THIS CHEAP SCAMMER! Before you pay, make sure you listen and read all the scam stories about Sitelock Hostgator scam on GOOGLE, YOUTUBE (search keywords hostgator sitelock scam), TWITTER (#sitelock scam), there are tons of real people that have reviews and complaints on this.
Robert Gass says
I spent years of sweat labor constructing two websites based on a desktop software package, which could potentially earn millions and yesterday my boss decided to take Host Gator’s advice to use SiteLock and give them passwords to our cPanel in exchange for over $240 a month, even though these two sites are on siteground, which is a much better hosting service. The last email I received from one of our two sites was yesterday and today when I tried to set up an account for an alpha tester the email plugin for the wordpress site and the email class for the php framework site both stopped working and gave authentication errors. It’s ruined my entire day. I’ve tried to warn my boss about allowing some third party access to our cPanel while paying them a monthly fee, but he yells at me. I scoffed when he asked the SiteLock people if there was a problem with PHPMailer and WP Mail SMTP. The problem is obvious to me and I’m afraid all those years of hard work will be for not. The current problem probably will be resolved one way or another, but we only need a problem like this once after we go into production to completely ruin us. It’s very nerve wracking and I wish it was my decision. I would have kept our sites more secure by not giving access to our cPanel to a web security company pushed on us by a sub rate web hosting company.
Jackie Glinkie says
I wish I had found your review a half an hour ago before I signed up for this BS.
They called me a few days in a row about a security issue on one of my domains that I have the “free scanning” for through my host. They had all of my hosting info and all of my domains available when I returned the call. I chose to do the 6-month billing since I was leary of them anyway but don’t have the time or knowledge anymore to look into security issues myself. The rep who took my credit card info claimed there were not bots on one domain that she said there were a few minutes before but then changed her story when I called her out on it. My BS-o-meter was going off the whole time, but I didn’t listen to it.
About 5 minutes after I signed up I received an email that they caught and removed malware that the other woman said was not there. Ugh! I can’t wait to deal with canceling the service.
Tariq Alwahedi says
I had sitelock over three domains for few months now. in the first attack the whole system collapsed. I got simple DDOs attack on my server and the whole website went down. I lost 2 days of business. reporters were calling to ask me what happened to the website.
I called sitelock to help they assured me all was ok. However, website was down. My team checked logs and we were under DDos attack from China. Firewall couldn’t even stop it although i am paying for premium firewall.
I called sitelock for a refund cuz their system didn’t work and i was nice didnt claim any damages for lost business. The representative was so rude to me and said at the end the service doesn’t cover DDOs. I told her i didn’t know attacks come on a la cart that i get to chose from. Save your money. They are the worst company u could deal with.
J. Hawlsey says
I’m a Bluehost user, and had a basic tech support question about the cpanel. I called them got connected to someone in their security-malware department, which it turned out was a SiteLock salesperson.
The basic spiel was that Bluehost did not protect your domains, and my anti-virus and firewall program only protected my computer. In other words, as he explained, the domains were like unlocked doors in the Bluehost hotel. And there were countless ways a hacker could get into the hotel and bypass the guard at the hotel entrance.
I didn’t sign up, but they were very sales-oriented, very friendly, as most salespeople need to be, and he said he’d call me again next week. I’m wondering if my analogy is right, and if so, which are the most secure web hosts?
So reading this page has save me a lot of potential grief. Thanks.
Geraldine Evans says
I’m glad I checked out Sitelock BEFORE I was scared into signing with them. Thank you all for the very helpful information. I’m with Hostgator: I’m seriously considering changing my host if they partner with such an outfit. Thanks again. Very grateful.
Kevin Wood says
What do I need to do to get my websites back?
I contacted Hostgator to find out why most of my sites were hacked.
On getting through to them, they didn’t know they had been hacked. It took awhile to talk to them, but it was not Hostgator it was Sitelock. I had to send the name of the said website before they saw that they ‘Defaced’ as they said.
What I did ask if they would give me the password for the cpanel to see my websites. Which they would not give me.
Then they asked me how many sites I had. I told them about 14/15, I didn’t know the real number. They said that the job could be done.
As I was expecting a large bill to pay I did not know it would be so big!!
Below is their costs:
Secure Site
1 Site = $160
2-4 Sites = $80 Per Site
5-10 Sites = $65 Per Site
Total Price per month for 6 Secure Site: $390
Total Price per month for 4 Secure Site: $320
Secure Speed
1 Site = $75 Per Site
2-4 Sites = $60 Per Site
5-10 Sites = $45 Per Site
Total Price per month for 6 Secure Speed: $270
Total Price per month for 4 Secure Speed: $240
Which is no way I can pay.
So the plan was to just have four sites because of the price. This is too dear, so what can I do next to get back into working order?
Any ideas are most helpful.
Kevin
Paulo says
Don’t buy SiteLock. We have had nothing but issues with them. Their customer support is very poor. We emailed them on several occasions to get an issue fixed. Several times, they did not respond back. We had to email again so someone would get back to us. On top of everything else, the company never fixed the issue! We were so frustrated that we cancelled our subscription with them early and moved on to another website security company. And they actually reply back to every email we send them. In fact they have emailed us back each time in less than 4 hours! I would think very carefully before signing anything with SiteLock. I feel ripped off that because I am cancelling the subscription with them early I will lose money. However, I feel they are not worth all the hassles. STAY AWAY!
John Andres says
I use Siteground for my hosting account. I got hacked last year and they recommended Sitelock to clean my site and provide ongoing protection. I am not an experienced web developer and I know very little about hacking, “bots” etc. Of course I panicked when the site was getting hit and got sucked in to buying Sitelock. I recently had a billing issue with them and disputed the payments on the credit card and that prompted someone to call me. However, it seems impossible to cancel their service. I don’t want to resort to cancelling the credit card because I use it for many recurring monthly expenses.
I would appreciate advice on who best to use for protection or simply buy Wordfence premium or an other WordPress plugin and how to cancel Sitelock permanently.
pablo says
they are scammers, DO NOT USE SITELOCK!!!
waste of money and time.
Sharon says
RUN, RUN, RUN! I am dealing with Sitelock now as my host told me there was malware on my site. It was a simple fix by a webmaster I was working with, BEFORE they even did anything! He told me it was a simple theme bug, and I didn’t need Sitelock, but I had panicked and signed paperwork before thinking it through.
Now you can’t cancel, they want to charge you an early $540 termination fee, it is in dispute with the CC company. It is just a mess. These people are pushy, rude, and will not work with you whatsoever.
Don’t get yourself into the mess I’m in right now.
David says
Recently, somebody from SiteLock contacted me in order to get through the GDPR requirements and how SL could help me to comly with all those new regulations.. Of course; all of this was just an opening show to sell some of their security services.
Honestly, I’m glad I have done some research and landed on this page. Everything mentioned here is the same feeling I’ve got right now:
– a sales guy calling for closing a deal (even pushing because my website is under construction)
– asking credit card credentials by phone
– 1-year plan for 20$/month
This is only a fact; up to you if you want to work with them.
Cheers,
jeroen de wit says
this is such a SCAM company, when you want to quit they charge you with 6 Months fee…. 6 months ,, for what ? i my case this was over $3000 to stop using a useless service . feel very scammed ,
funny part is that they call you are polite and show complete ignorance , offer no solution besides assuring you that they will not continue charging you after the contract expires ( like they should try !!) and then thank you for being a loyal customer ….. like talking to drone STAY AWAY
Mark W says
I had my site built on wordpress, and despite having had about 5 people visit the site (other than family and friends) I was hacked. My hosting company suggested Sitelock, which seemed expensive, but with a virgin business I went for it. Everything was fine for three or four years then I was hacked again, so (having paid for daily backups I restored the site in full to a three day old version, (no big problem) I was fine again. Then Sitelock brought out some “New” products, although as far as I could see they had just taken the functionality out of my package and revamped it, (at an extra cost to me). Then I was hit by malware, and got an email from Sitelock, recommending this and that product. The malware had infected the footer on my sites pages. So I simply deleted the file and rewrote it (10 lines of simple code) Hay presto site is scanned and its fine back up and running. The another email with recommendations, and when I ignored it, two weeks later more malware, again the file infected was the footer, which “they were working hard to clean”. It took all day and again no footer. I re wrote it and fine for a couple of weeks.Then I was contacted out of the blue by a “security consultant” wanting to “reach out to me”. Due to time differences this didn’t happen. Then more malware, this time on the header, and they are again busy cleaning it. As all I had was a blank white page (post cleaning) and checking the header file no code, I had the site restored re wrote the file, and the had another email with them wanting to reach out to me. I spoke to the “Consultant”, 3 hours after the time window, and all he could do was ask his tech manager, or supervisor with regards to any questions I had. One thing he could do was offer my site protection for an uplift in my payments by £600 PA. I have now installed Wordfence, and told them I will monitor the situation and I do not expect to have anymore Issues in the near or distant future! I am awaiting a reply!
Debbie Pulley says
So I guess I have suckered into SiteLock for too many years. I had quite a few simple sites that were parked on my main domain, ie neighborhood, high school alumni, etc. I was encouraged by iPower to sign up to SiteLock for a firewall. I think I was paying about $65 for all the sites. They “gave” me a deal. One of the sites got hacked and my main site was shut down. I ended up pulling all of them except the main page. It happened again.. I was out of the country and panicking! From there it cost me $1000 for a year to keep it safe. They waived the cleanup fee. Oh, and I am paying for a firewall on a forward address. No files at all but they said it was as vulnerable as my main site.
It is time to renew and there is no way. They have always been gracious and they have offered to only charge $300 for the firewall. I said I was going to use Wordfence. They told me that was just a plugin and gets compromised all the time. I said it is a firewall and they same thing you want to charge me for. Long discussion which I was never going to win. I did get him to agree I would still be paying to get the site cleaned no matter who I use.
So I will not be renewing but need to know if there is anything I should do on my site so they don’t lock it or whatever once cancelled. Somehow they have access to my files which was fine it the past but now I need to figure out how to block that. Is there a way pull them off?
Bill Patterson says
I had all my sites on Bluehost blocked because of malware and had to get sitelock to remove the malware but actually what I had to do was have Bluehost show me what files and then I replaced them etc.. Lot of work. I then installed Wordfence plugin and a more secure login tool which asks for a security question. I did sign up for sitelock on all my sites but it is expensive and I am going to cancel. Wordfence does a great job of finding hacked files and then you can go and have the files replaced using the Bluehost backups. You just have to do a daily review of the wordfence messages that come in your email. “Works pretty well.
LeRoy Grubbs says
Dido here with Bluehost and Sitelock. All sites were disabled at the end of August because of Malware. Had Sitelock enabled at the time of the Malware on 30 sites. Moved all my sites off of Bluehost to 1and1.com They have a better approach to security. An ounce of prevention is better then a pound of the cure. Now sitelock will not honor the 30 day trail to cancel the account even with no sites on Bluehost unless I pay for the “Free Scan”. Sitelock is a scam.
LeRoy Grubbs says
Bluehost.com let my site get hacked with malware with sitelock enabled. Then Sitelock comes in with a free scan and 30 day trial. Now the trial is up and Sitelock will not honor the 30 day trail. Stating that I have to pay for the scan or stay on the contract for 12 months. Sitelock is a scam.
Kevin says
Sitelock have billed us 2 years and their service isnt working on our site. They do not allow you control over your account and also do not allow you to cancel the subscription.
We are having to resort to cancelling our credit card
Be careful !!
Flavia Andrews says
I called Sitelock today to cancel my contract. After 10 months using their service, it feels like paying for Health Insurance but never using it, if that analogy makes sense.
I have paid $100/month for 10 months and if I wished to cancel today, I’d have to pay them $600 !!! (50% of the annual fee). I think it’s outrageous and scammy.
The rep, in fact, (as stated in many comments) was pushy and she started by saying: well you do have great human traffic, but also a lot of bots traffic, so I don’t think is a good idea to cancel.
Then she goes and says I had 1400 human visitirs so far today, something I have NEVER seen in 4 years running a blog and reading my Google Analytics.
I never cared for visiting my Sitelock dashboard to be honest, but according to them my Google Analytics (because it’s a free service) has been lying to me and my traffic is doubled of what it actually reports.
I was very skeptic when she said that, and I asked her then, why every single company bloggers work with, relies on GA reports if they’re not accurate? I think their reports are the inaccurate ones and those numbers are purposefully being spiked to justify their service.
She kept saying that I shouldn’t cancel the service, that my site could be hacked again (That’s why I got their service in the first place) Last year, on December 21, my site went blank and I received a notification from Google stating that they had removed it due to malware.
I called BlueHost and they practically washed their hands clean as in it wasn’t their problem, and that I should get in touch with Site Lock to clean up the mess and sign up for the service.
I’m glad I’ve read this thread, and I’m definitely shopping for a better option to keep my site secure.
Just curious to know if anyone has any insight on the GA vs Sitelock stats.
Thanks for this informative post!
Viral Rang says
Thanks Garen for this Awesome review, I found your article from google search, I was searching about Sitelock, is it good for my website, is it good for SEO and website speed?
But after I read your article and read the comments, I think Sitelock is peace of shit.
J. McCarthy says
Several of the SQL databases on my iPage hosting plan had Sleep() commands injected into them, causing my site to go down for several minutes every hour or so. I called iPage support and was immediately connected to a SiteLock rep who tried to hard-sell me a $50/month plan. The whole thing sticks of a scam. I’m switching to a different host and will avoid iPage and SiteLock forever.
ANTHONY Morinelli says
Major collusion. I have several currnet sites with Ipage I also had a few sites that are now closed. Ipage closed my current sites because of “malware.” They sent me to Sitelock. Sitelock wants $100 to clear the sites. I refused and demanded to be returned to Ipage. Upon my continued insistence a supervisor finally showed me how to open the files to find the malware. The malware was on the closed sites. I then had him show me how to clear the malware. He said that they would rescan. Two days later. I’m on the phone again. The case history does not show that the rescan was requested. They try to bounce you back to Sitelock. There is certainly something irregular here. This practice is like mafia patronage. You want to have a malware free site ? Pay our boys!
Tom Simon says
My first experience with Sitelock was in December, 2016. My WordPress site was hacked and they said my webmaster would have to fix it but that I should purchase SiteLock to protect this from happening again I purchased “SIteLock Deluxe” for $719.64 for 5 Year Plan. I felt ripped off in the way you do when you have to buy something that you had gotten along fine without, that you didn’t know that you need and don’t understand it.
Fast forward today, 2/11/2019. My customers could not reach my website. I contacted GoDaddy, said that I needed to speak to SiteLoc to correct a DNS issue. I contacted Site Lock and they said that there was an error code indicating that I hadn’t paid a bill. I emailed them the bill I paid in 12/2016. They said that didn’t cover what the current issue is. That only handled malware, I need something ore robust and it costs $40 per month. I said why don’t you have your tech people fix the problem and then I’ll talk to you about purchasing something more robust. After keeping me on hold for a long time, the salesperson came back and said that they can’t fix the problem without me agreeing to pay the $40 per month and they would throw in the clean up of the site at no charge. I said so you’re holding my website hostage until I pay? They said no, not at all, and explained again what I needed and how much it would cost. Not knowing any better, I paid and now I hope they fix my web site. We’ll see. I’m not a tech guy; I’m just trying to run a business.
Steve says
My website hosted by JustHost was reported as having been hacked with malware and taken off line. Sitelock contacted me and tried to push package to correct. I stated that I would have expected the host server provider to have “protected” my website and why is this cost being pushed towards me. They stated that they have this discussion with many people ever day ” who don’t know better”. Quite insulting.
The sitelock solution was to promote a $300 cleanup fee and $50 a month to protect the site! Not viable at all !
I am now looking to find another hosting company for my site and well Sitelock….very hard sell tactics at extreme prices. It felt like I had been hacked by them and then they wanted protection money……very poor .
Susan says
I paid 10.95 a month to HostGator and have for years. I thought this bought me protection. It said it did when I signed up but now they’ve changed all the write-ups on their website since I originally signed up about 8 years ago. Then my website was hacked and has malware on it and Flagged by Google. I called HostGator for help and they sent me to sitelock who told me it was going to cost over $300 to fix my site. I immediately realized that once I fixed it they could hack it again and then want me to pay again and it would be a vicious cycle. I’m going to try to download all of my accumulated information and just have a WordPress account. I’m hoping the downloads they’ve always promised at HostGator are available so I can still retrieve my eight years of information. The internet is becoming unusable and just a big moneymaker for anybody who wants to try to screw you over. Or silence you. It seems like as with everything else these days they are just making things harder and charging money for the problems they are creating.
Pawww says
My negative review about SiteLock
The backstory:
I use HostGator hosting. I had an additional service connected, the SiteLock addon, which monitors the security of the website.
Yesterday morning I received a message from SiteLock that malware was detected on my site. The day before, I had inserted the advertising network code, which is often scolded by antivirus because of its specifics. This code is not actually malware, but to experiment, I decided to remove the code from the site and restart SiteLock scanning. I also enabled the “SiteLock CDN/Firewall” feature in my personal account at HostGator.
The same evening, I discovered that my site had become unavailable. Chrome was showing an error:
“This site can’t be reached.
The webpage at https://******/ might be temporarily down or it may have moved permanently to a new web address.
ERR_SSL_UNRECOGNIZED_NAME_ALERT”
It also turned out that the site is successfully opened via VPN and mobile network.
I googled the problem, found some ideas, tried to apply them (in particular, to clear the DNS cache, reboot the router, etc.). Nothing helped.
I decided to write to HostGator support. It is noteworthy, that I like their technical support: always friendly consultants, available 24/7, solve problems quickly.
I wrote to “Malware/Security” section. I explained the situation (that SiteLock was scolding at the advertising script, that it wasn’t malware, but I removed the script anyway; I specified that the site is not available only on my network and that I recently enabled SiteLock’s CDN/Firewall).
A SiteLock representative Brandon Becke joined the chat room, requested my website name, and then started asking me absolutely unconstructive questions:
– Do I feel that the malware has been removed?
– Do I know how malware works?
– Do I understand what he says?
Then he started talking that the viruses will come back unless I protect my site “for just 40 bucks a month”. At this point, I probably should have become really scared and gave Brandon money immediately (LOL ).
I had a strong feeling that Brandon thought he might intimidate me and hit me up for money. But the trick is that I am aware of what kind of scripts I placed on my site. I also think I can tell the difference between malicious code and other problems with access to the site. If the malware had crashed my site, the site would have been unavailable from any network, not only from my home network.
So I silently closed the chat with Brandon. And after 30 seconds I received a catch-up email from him :
“Here are the details of the services to remove and prevent malware:
Website Scanning
TrueSpeed CDN
TrueShield WAF
I look forward to your feedback on this service for $25 per month.”
After that, I decided I no longer want to use SiteLock services and disabled their add-on (which costs $3 a month) on my hosting ❌.
The problem with the site has not disappeared and I decided to write again to HostGator technical support, but in another section – Tech Support/SSL.
This time I was answered directly by a consultant from HostGator. He asked permission to access my cPanel, and found a problem with the A record there. The record was changed from my domain name to ***.sitelockcdn.net ❗. Because of this, SSL did not work properly. We changed the record to the original one and the site soon started working.
Conclusion: As I understand it, the A record changed because I clicked the “SiteLock CDN/Firewall enable” button. While the update came into effect, my site was unavailable.
Maybe the next day everything would have been fine, but my experience with Brandon Becke convinced me to say goodbye to SiteLock forever, because nothing annoys me more than trying to hit me up for money and make me look like an idiot without even bothering to figure out the situation .
Ironically, the problem was caused precisely because of SiteLock’s actions, which did not warn me that my site might be unavailable for a few hours after the firewall enabling.
Seepi says
Worst company ever sitelock… Use wordfence plugin instead. Under sitelock i had my site taken down because of malware it didn’t catch. not once but 3 times. They should never do business and shut down there services.
Goya says
Thank you very much for your great article about SiteLock!
Honestly, I got scammed by them through HostGator hosting plan even though I had NOT signed up with them, somehow they pretended as if SiteLock is included to my hosting plan (I thought it was at first due to the way hostgator shows you on your hosting plan).
Here’s what happened to me.
About 8,9 months after hosting at HostGator, I got an email from SiteLock saying “Your website got malware but do not worry! we scanned and removed it for you”. (strange…. did I sign up for their service? oh maybe hostgator is cool that they included it to my plan. thanks!)
Then I went to cPanel file manager to check all files are fine.
I found a strange file called “Kill” something, so I deleted it from my site. then Bam!! that kicks in!
Now my site is “really” hacked and got another email from SiteLock saying you got malware and need to remove from your site blah blah blah for $249 or $399 or something for repair.
then I went to talk with HostGator customer service asking “What is this junk?”
HostGator said “Ok, we will investigate blah blah..” I asked “Can I get the website backup?”
Long story short, they did give me the clean back up files before “the hack” (or setup), but they also claimed a lot of money like SiteLock did to repair my site completely, I did not go for it since I smelled some setup is going on.
After some time without any action by HG that I got an email from “a senior manager” from HG saying “. Sorry for taking a long time to respond, for that reason, we cleaned and fixed your site and you do not need to pay for it”
then in the same email, “but instead Give us feedback how the manager is doing great job”
I found other hosting company and canceled altogether which does unethical practice for money.
So I suggest to even not use HG and Bluehost which I hear, does the similar stuff.
Stay away.
Seth says
These other experiences are sounding similar to my own. They hooked me when I was with Powweb. My low traffic site that only friends and family know exists was somehow mysteriously the target of a malware attack. I identified the infected files, removed them, and they were back the next day like whack-a-mole. As long as these infected files appeared on my site, it was blacklisted and inaccessible, and to get it up and running again I had to pay for Sitelock to “fix” it and then monitor it for $9.99/mo indefinitely To this day, I’m not convinced they didn’t plant the malware there to force me to use their product. I switched my hosting services over to Bluehost only to find out they were also owned by EIG and pushing Sitelock, but at least they only charged my $3.99/mo so I did save some money making the switch. Total scam though. I’m sure of it.
Pablo says
I know someone who worked at SiteLock briefly. This shouldn’t come as a surprise, but the “technicians” as they call themselves are paid a commission when a customer is referred back to the hosting company and signs up for whatever service they’re offered. From the description I heard about how this place operates, it sounds like a typical tech support scam, i.e., pay for services you don’t need and receive support that does nothing. It’s definitely an interesting “partnership” that SiteLock and EIG have.
The insider I knew summed up SiteLock very well. It’s like one of those add-ons you see when installing a program on your computer that is selected by default and is usually just some adware trash. SiteLock is the website equivalent of this.
Nigel says
We were using SiteLock Essentials – came as part of the Hostgator package for $70 odd a year.
Then suddenly recently it would not load in Hostgator Dashboard. I got in touch with HG support, end they told me it was no longer “compatible” and actually refunded us the yearly fee which we had just been charged.
HostGator still provide it as an option – which you’d think they wouldn’t if it wasn’t compatible!
We are using Jetpack in WordPress – so hopefully that will be sufficient for now, but I wonder…