My Experience With SiteLock

I Had An Experience With SiteLock – Hint, It Wasn’t Good

You might have heard of SiteLock. This is a service that protects your site from malware.  I got it as a $14.99 add on per year with my web host.  I have had it for about 8 months now and got my first malware alert today. The notice stated that I had a critical problem.  Very serious! So I looked at the SiteLock dashboard and sure enough, it said the same thing.  I put in a ticket with SiteLock and got a call relatively quickly in response.

Quite A Sales Call

The result was a sales call in which the woman did everything possible to upsell me on all sorts of services. A $500 fire wall, another x amount for this service, or x amount for that service.  And to clean my site? $199.  Damn, I thought, that is a lot of money to clean such a small site.  I was also surprised, because other services include cleaning as part of their fee.  Sucuri, about which I have written before, charges about $90 per year, and includes the cleaning.  There are other services that charge about the same.  But I wanted my site cleaned, so I shrugged and said ok.

I Have Second Thoughts

As I thought about it though, I became more concerned about the up-sell efforts as well as the price, so I got online and did some research. I found some not so flattering articles, and decided that I should listen to my second thoughts. I immediately called SiteLock back and left a message to cancel the cleaning. I also emailed SiteLock, stating the same thing, and changed the password on my site so they couldn’t access it to do any work.

I got a call back a bit later from the saleswoman who informed me someone would call me tomorrow to refund my credit card.  I said if  this is going to be an issue, I will just challenge it with my credit card company. She said no, that was just their process. I told her I thought that was absurd. Why does someone need to call me to refund my credit card? You have the data? She insisted that is what they do.

No doubt they will attempt to convince me to let them clean my site.  The saleswoman said, “well the problem with cleaning it yourself is it is a small site so we might not have scanned the whole thing.”  What?  Why am I paying for scanning if you aren’t actually scanning the whole site? It also makes me more convinced I made the right choice.  Hopefully I won’t have any problems getting a refund on my card. – Update, I was told today that the transaction was voided.

My Real Issue With SiteLock Is What Was Wrong With My Site

Once I got over my panic and took a closer look at my site, do you know what I found? The terrible, critical, scary alerts involved the fact that my site has a blog post.  On that blog post I linked to a company’s website.  Apparently, that site is blacklisted on Google at the moment. That site must be infected.  That problem requires the following steps:

  1. Go to the blog post
  2. Remove the link
  3. Update the blog post

Yup. SiteLock wanted to charge me $199 to remove a link from a blog post. My site didn’t actually need any cleaning. There was nothing wrong with it.



  1. Thank you for your sharing, currently i’m looking a website scanner company for protect my website, and found that sitelock is one of it. but after seeing your post, I will consider again. anyway do u have any idea which one is better than sitelock ?


  2. Sitelock employee says:

    Yeah, I used to work for sitelock but quit because I felt bad about stealing soooo much money from honest people. Completely a scam. The scanner reports so many false positives it is not even funny.

    • tashmoo711 says:

      That must be why Web hoster iPage offers their services: They’re both crooks. I just now went to my bank to cancel two charges for $19.95 that I authorized when I was SOooo grateful to iPage for “rescuing” my site. Bottom line: This morning there is on evidence that they rescued my site or even performed the backup they pretended they were going to send me. I further never got the e-mail explaining how I could call SiteLock this morning and verify their cleanup was complete before asking iPage to “republish” the site. It’s all a scam. Classic Mafia racket. I’m looking up the principals of these companies and their criminal records, as soon as I can.

  3. Thanks Jennifer! I signed up for Sitelock with the understanding that it would protect my site. I paid some nominal fee through Bluehost and thought it was protecting my site. I got charged yearly without knowing that it was happening, then called Sitelock to have them refund me. They have great sales people there and somehow I was talked into paying more!

    This morning I logged into my Sitelock account and found NO WAY TO CANCEL my account! I have submitted a ticket and I will ask for a refund when I finally talk to someone.

    Those sales people must get paid scads of money because they sure know how to lay it on!

    – Jennifer G.

    • They are impressive sales people.

    • Good luck trying to cancel your account. They do everything verbally and will continue to bill your card no matter how many people you talk to or how many times you tell them you don’t want their “services.” They are complete scammers!!!! I finally cancelled my card to get rid of them.

  4. I had the very same experience. Then I saw the bad reviews on Sitelock and cancelled all my accounts with them.
    Does anyone know of a good, honest service that will protect our sites ?

  5. My Hosting came with Sitelock. $14.95..I have one tiny website. Back in Sept 2013 Sitelock didn’t like the page I made on my website, nor did they like me linking wordpress with Ten Minute Pages.
    They said- “We have detected a critical cross-site scripting vulnerability at your site. From your dashboard, you can also take advantage of our Expert Services team to help you correct this issue and get your SiteLock certification back in good standing.”
    What I was told from SiteLock was it would cost me hundreds$$$ to fix. What I was told and what was really the issue was two different things. After speaking with Sitelock, I realized they wanted an enormous amount of $$ and there was no security breach. I called my hosting and spoke to the manager and he agreed with me, sounded surprised and would speak to Site lock and I wouldn’t have to worry about it. Come- Jan 2014-they sent the same email again I called my hosting mgr again and he said he would take care of it.
    Sitelock sent another email and I responded- This email is now considered harassment. You are on notice.
    Today my host sent me an email and shut my website down within 1/2 hour of the email. The email read- “There has been new activity on the iP…. support ticket for your account.” Nothing was said about shutting it down. I called and they said it was infected.

    The mgr I had been speaking to about this issue in January and September is, of course, no longer working for the company.
    I had 3 malware checks done today from 3 different companies and they all said it was free of malware and there was no hacking. The whole thing sounds just wrong.

  6. Colleen says:

    Okay — I am right in everyone’s boat here. I had already located Sucuri and was about to switch, this thread says indeed I must do so. The upsell is horrific from Sitelock, the scare tactics are pretty awful too. It was a tense phone call the first time Sitelock sent the security alert and called (I auto signed up for scans from Hostgator). We were yelling back and forth because one cannot ignore the EXTREME upsell. “If you don’t do it, Google will delist you!” 99.9% of the malicious alerts were BOGUS. On a website 2,200 pages, I had ONE link pointing to a U.S. city website that appeared to be having some problems. That was the big killer malicious cross link. Be really careful, these guys will put you through a $$$ hose. I have my own business and web site clients to consider. No way, would I ever recommend.

  7. The best way to detect malware is to simply start using Google Webmaster Tools. It’s free and legit.

  8. Does sitelock have access to your password? Sounds worrying to me since all they have to do is read your site, not write anything.

    • If something goes wrong, you give your password, if necessary. Then you change it. Otherwise, no, they don’t have access to your site password. But you do have to give access at the server level. Yes, there is a certain amount of trust required.

    • If you don’t want to give anyone access to your site, how can they clean it? You can’t see everything from the front end. Sucuri has a remote scanner that you can use, for free, it’s called SiteCheck.

      But if you want your whole website scanned, you need to grant access to the server files (SFTP/FTP/SSH) – however they will accept a ZIP of your site files and DB. They can clean it locally and send back the files, but why would you want to do that?

      As Jennifer said, you should be changing your FTP password after a hack anyway. 😛

      • A web host does not need a password to access your site as they can see it all from the backend. Your ‘Root’ access is for your part of the server but, unless it is a dedicated server (which is not what we are talking about) then their root access trumps yours. The host’s root access is what creates your partition, so it can access all files.

        WordPress scanners are trying to work from ‘the bottom’ upwards whereas sitelock and the host work from the server down to the site and are therefore more powerful.

        How do I know? been in IT 40+ years, run my own secure vps’s and manage 50+ sites for clients and myself.

        PhP is full of security holes, WordPress and it’s plugins are full of holes. Joomla etc. are hit less often because they are less popular.

        Best option? Run Wordfence (tightened up parameters) or All in one security as a first line of defence.

        Second line – move to a vps, use nginx, MariaDB (can work with WordPress), harden PhP with Suhosin and use country blocking.

        Just written a book on it.

  9. Thanks for writing this. I was wondering if there was anything truly useful about this service or if it was just an add-on with a big pitch and small value (which it seems to be). They had called me at one point warning me that I’d been infected with the “sneezing panda”. They had looked at the homepage of a website I use for testing things and saw a YouTube video of a sneezing panda (which I had put there myself), and wanted to pitch me on their service. Sitelock is bundled with Hostgator, and it’s not a scam exactly, but it does appear to be a low-value service. If you need real security for a WordPress site, consider Vaultpress.

  10. Thanks. I just got the Sitelock scam routine now you described above. I will henceforward ask my host, Bluehost, to consider elminating them from the bundled package that linked one of my web sites to theirs. This was very helpful.

  11. Appreciate it… I too am in a mess.. but many of my sites were hacked and malware was planted on them… the thing is.. clearly there is a major effort to sell sitelock.. VERY annoying.. even from my host..

  12. Sitelock is an ass hole. My site is down and the hosting site asked me to resort to SITELOCK. I paid them USD150 for one month, and 20 days past, they did nothing, nobody contacts me and solve my problem. I went to their site to complain with their live talk section and nobody even type one word after I saying out my problem. SITELOCK is totally a cheat. They are very sweet and kind before charging your money, but after that they did nothing and only your money will be locked, I think they should be called “MONEYlock”. kEEP AWAY FROM THIS CHEAT.!

  13. A free account from could be an option for some. It gives some basic protection, not too much. Cloudflare paid accounts might be expensive, but I think they have an ok reputation, unlike SiteLocki

    • Yes, they have a decent reputation. I think they are good for speeding up your site more so than anything else. These days, I encourage people to avoid free services. You normally give up a lot for that supposedly “free” in terms of privacy. I am not saying this is the case with Cloudflare, I haven’t read their terms of service.

      • CloudFlare stops some malicious attacks because it serves up a cached copy of your site rather than ‘the real thing’ At paid levels you can country block which IS valuable because the attacks rarely come from your customer countries. VPN’s and proxies are still able to defeat this but it certainly reduces the quantity. I country block at server level so it’s free apart from my time.

      • Just GOT to share this laugh :

        Got two ‘Your site….’ emails
        Scanned and checked clean by Wordfence and Malware scanner
        Asked for more details
        Got the vague and generic reply

        I replied :

        So, let me get this straight

        I have not subscribed to SiteLock
        You have scanned my sites without my permission – Illegally
        You claim I have malware when 2 of the most respected security plugins say I am free from malware
        Your ‘sample malware’ included in your last email is a blank line
        You can’t point to any infected files despite my requests
        The latest site ( you claim ‘Has malware’ is an empty folder.

        So, kindly explain yourself, or is this just a scam to frighten me into buying your alleged services?


  14. IPage hosts my websites; twice they have taken down my sites due to “malicious” files. It is nothing but a tactic to get you to purchase additional “protection” from Site Lock who they partner with.

    I have a WordPress account and a FREE plugin which detects and removes suspicious looking files. The problem is, I can’t sign into WordPress to run the plugin because IPage suspended my accounts. So I called IPage and they supposedly un-suspended them but they aren’t up yet.

    I’m a small business and can’t afford Sucuri. Does anyone have any other ideas for me?

    • My suggestion is that once you can get to your site, move it to another host which isn’t so reliant on site lock.

      • Yes, I will definitely leave IPage … but what affordable provider can I trust? There are so many out there. IPage gets good ratings based on the way they USED to run their business.

        • Bluehost maybe. Or Hostgator.

          • Apparently BlueHost, Hostgator, and wait for it…. SiteLock, are all owned by the same parent company – sheds a whole lot of light, and seems more and more like a scam. Just moved my hacked sites at Hostgator to SiteGround for exactly the same reasons as stated in your article and the comments that follow.

          • That would explain quite a bit.

        • Look in Wikipedia for Endurance International Group (EIG) and their list of brands. Avoid every one.

          I’ve gone for a VPS instead of shared as the performance of shared is simply too slow for a real business. 8-12 second load times! Google will penalise you as their target is 2 seconds load time. Customers will not wait. Now I get 0.5 – 3 seconds (for a 900 page site). Make sure you add CloudFlare CDN (Free – go direct, not through the web host).

    • You can also get *just* the Sucuri Firewall (protection only) for $9/month ($19 if you need SSL support). That will prevent vulnerability exploitations and virtually patch your website:

      If you need malware cleanup too, then the full AntiVirus (which includes the Firewall) is what you would need, and it covers you for a full year.

  15. sponderelli says:

    Had the same TERRIBLE experience with SITELOCK trying to twist my arm to spend over $1,000 to protect my site from what they originally said their service would protect my site from. They should be called SITESCAM! GoDaddy should be ashamed to recommend SiteLock to their customers and be affiliated with them.

    • Join the party! I had a very long email conversation with Hostgator customer service (partner affiliations) after my similar experience. I detailed every aspect of the “heated” scam phone call by Sitelock. Hostgator initiated the detailed email conversation after I complained. The gist of my complaint of course was, “Why are you recommending any of your clients to this group?” Admittedly, there is a fine line between security outfits, who really are just doing their job and being overprotective, and a full on scam like Sitelock. The crap they told me on the phone to get me to shell out $1000, it was unbelievable. “You’ll get pulled from Google!” and “Your site has more bot traffic than human web traffic, you are in trouble!” But the whole web has more bot traffic than human traffic… At every turn it was a scam upsell designed to scare the living daylights out of a conscientious webmaster. I quickly moved to Happy as a clam!

  16. I already had lots of sites managed (especially WordPress) and published by the time I heard of Sucuri. It was on a late night, working on my charity website, when I noticed all hell broke lose.

    Long story short: I loved their services so much, that I finally started working for them, helping to spread the news about the great services Sucuri provides, all over the internet.

    This is the full story:

  17. Michelle Gill says:

    I have only just started my website and I too added the Site Lock Security – Find to my hosting package with BlueHost. After reading several bad reviews I decided I wanted to cancel the Site Lock service. Blue Host advised me that If I cancel the Site Lock Security, then the Global CDN provided will also be cancelled. I am very new at all this and don’t fully understand the terminologies of CDN and DNS etc.

    If I did cancel and the CDN went too, is that something I can just pick up from another provider or plugin and would you have any suggestions on CDN providers? I am mainly just checking that it won’t be too big a deal if the CDN with Site Lock gets cancelled too.

    I was also wondering whether regular Internet Security providers like Norton would have the same effect in picking up Malware etc or that is just a general computer scan and not a website specific scan like Sucuri Site.

    Thanks in advance

    • You can get Global CDN providers all over the place. But unless SiteLock is providing the CDN, I’m not sure what one has to do with the other. I cannot recommend one in particular, no. I would suggest you do some research first. You need a website specific service to do the scanning.

      • Thanks very much Jennifer, it seems once you get Site Lock then it is very hard to try and cancel it. Definitely a red flag there!

  18. Paid for a month, charged for a year. No possibility to cancel my account or anything, no invoice, no nothing. I blocked my credit card and then changed it for good to get right of them. Typical scam. Stay away, people!

  19. Wow – I had some issues with my blueHost this morning and asked them to move my site to another server. Now I don’t know if this is a coincidence but I got a call that afternoon from SiteLock saying that my site was not coming up and blueHost had contacted them. I put the caller on hold and then I tested it on 3 computers and various browsers. My site comes up, no malicious file messages which is what he said he got on their internal computers. Then I googled SiteLock and saw ALL of the complaints. When I took the guy off hold and spoke to the guy – I mentioned that his company SiteLock wan’t coming up smelling like roses on the web. I told him I didn’t see a problem and would just keep things as is. He quickly thanked me and hung up. No hard sell – I guess he realized i had seen what they were all about. Scam artists. Phu Yuk – SiteLock.

  20. Just install Limit Login Attempts WordPress plugin, create a strong password and be sensible and you’ll be good to go.

  21. Just had an extremely unpleasant shouting match with a RABID up-selling salesman on Sitelock….stay away from them at ALL COSTS!

    • Shouting match? Now you’re talking! I had two of them. I was not ready for the first one (the rabid up-sell and bogus Google removal threat), but I was ready for the second. The second shouting match occurred when I called to cancel. Parts grew comical, as he was trying to keep me on the phone (as if I was going to reconsider?). We were even shouting about my “new” security company. I had already transferred services to a different company when I made the 2nd call — to ensure that billing was closed!

  22. Jim Dembowski says:

    Are you concerning a class action suit?

  23. their terms state a 30 day refund policy here:, but i was told on the phone its only 3 days. i had to file dispute with my credit card company to get my money back for a $26/month scanner that didn’t prevent a malware attack on my site.

  24. I have also had a similar bad experience… They reported that they have removed so many fake malwares but never removed the actual malware… My website was also down but they didnt even look into it…

    Its a complete scam…

    • I moved my website from IPage to Hostgator for a year and a half now. Did not order sitelock.I have bullet proof security. This month just got email from Hostgator saying that someone was attempting to get into my website, and after 3 attempts they shut it down. They wanted me to order sitelock …Never..I found Bullet proof works:) Website back up.

      • Good deal!

        • I am waiting for an attorney with a “set” to start a class actions against sitelock

          Below is my “fun” with sitelock;
          Dear Elyse,

          Thank you for your response!

          Some background first, would be proper. I am a webmaster and host all of my
          domain’s (77 Domains)with one of Endurance International Group companies,

          After a malware attack on one of my WordPress (WP) websites on 9/22/2015, I
          contacted sales at Powweb and had WP Essentials placed on the accounts that
          contained WP website. I was told that the WP Essentials was only a shell
          and I needed to place the FIND protection on EACH of the domains that are WP
          Websites to be protected. I was told that the FIND protection would run
          Daily malware scans and Block automated bot attacks. I was told “That would
          cover me”. So I purchased eighteen (18) copies of the FIND protection at
          $14.99 per copy. Cost $269.82

          On that day I had another attack on another WP website, I was notified by
          Powweb of the attach and that my account was being suspended. I called
          POWWEB support only to be told that FIND only REPORTS and in reality it does
          not block malware. At this time I was told that I should upgrade to FIX
          which not on scans and block, it also delete malware file. Therefore I
          purchased 15 copies of this FIX protection at $89.99 per copy. Cost

          Now here where it gets really interesting. On October 16, 2015 I receive a
          SiteLock Alert email, whose content is displayed below and Attached.
          Dear W

          We have detected a critical cross-site scripting vulnerability at your
          site This must be corrected within 72 hours in order to
          maintain your certification. Please see your SiteLock dashboard for more

          From your dashboard, you can also take advantage of our Expert
          Services team to help you correct this issue.

          Should you have any questions, please give us a call anytime at
          415-390-2500. Our website security experts are here 24/7.

          Thank you,
          The SiteLock Team

          * Please note, if you purchased your SiteLock service through a
          reseller (such as your hosting provider), you will likely need to access
          your Dashboard by logging in through their website.
          ** For comprehensive security, we highly recommend our TrueShield Web
          Application Firewall as the ultimate line of defense to keep your website
          protected. Please call us at the number above or visit to learn

          You have been subscribed as If you do not want to
          receive any more advertising or promotional emails from us or if you would
          like to modify your subscription settings, just click here.

          Copyright 2015 SiteLock, LLC

          So I now called SiteLock to ask, why did not my FIX protection, which they
          call SMART remove the cross-site scripting vulnerability? I was told that
          cross-site scripting vulnerability is not considered malware and therefore
          would not be removed, I would have to do it myself. I asked how could
          they remove my certification as I have paid FIX coverage on that domain. I
          was given no answer, but told I could upgrade to have these vulnerability

          I said that this was unacceptable please escalate, create a ticket. I
          rec’ed an email confirming that Sitelock created a ticket # RYS-865348
          (Attached). I can’t seem to locate this ticket on my SiteLock account, so I
          set an email SiteLock asking where I could find the ticket. I AM STILL

          I deleted all of the cross-site scripting files and sent a email to SiteLock
          stating so and request a confirmation response. I AM STILL WAITING.

          At this point I called back POWWEB, because its them who are promoting
          SiteLock and they are the one’s taking my money.

          What I have gone through is a classic case of the old bait and switch or at
          worst, thief by deception.

          I have actual out of pocket losses of $1519.67. That does not include the
          time I have spent on this problem. I bill at $75 per hour. I have noticed
          that many people on the web are voicing the same probem and there’s even an
          attorney interested it the pratice of Powweb and SiteLock.

          I noticed at another one of Endurance International Group companies
 has SiteLock setup as a negative choice (the box is checked by
          default) when you set up an account.

          I believe if this is happening to me that it is also happening to others.

          Please review and let me know how you wish to proceed.

          W. James Dembowski
          Owner and Webmaster
          WJDesigns – Web Development and Designs Consulting Company
          Phone 412-759-2835

          —– Original Message —–
          Sent: Tuesday, October 20, 2015 1:57 PM
          Subject: [P14590175000000000] Executive Escalations

          > Hello,
          > We were made aware of your concerns regarding falsified information and
          > SiteLock. I wanted to follow up with you today to get a better
          > understanding. Please feel free to respond with more details so that I can
          > review.
          > Regards,
          > Elyse P.
          > Executive Response & Compliance Team

          • You know, I just don’t have the time. But maybe I should mention it to some of my colleagues.

          • Understand, but I think this is on the tip of the iceberg I am receiving email from powweb and ipage promoting Sitelock’s services. Like all scans follow the money.

  25. Update :

    ‘Sample code’ picture received – a .png of gibberish ‘code’ allegedly found in an empty folder.

    Complaint filed with ICCC against EIG :

    I’ll post the link to my ‘Build your own secure VPS’ book before New Year. Book is written, has ISBN but no website to buy it from, so I will complete it urgently. The book and site also include options for help, service and maintenance. Designed for people moving from shared hosting to their own VPS. The book is a ‘Copy and paste’ to build your own server, so not in ‘print’ format.

    The site (Currently empty) –

    Send email to (Not before 2016 please – I need to build the site and membership options for it to work)

    Thanks!, Graham

    • Having migrated all sites from Hostgator and deleted everything (databases, mailboxes, files etc.) 2 days ago, I got an email this morning with the 3rd attempt at scamming me. ROTFL.

      HG did try to sort of apologize and explain without saying anything meaningful, asking for examples of their emails. I sent them a detailed reply (Included here only to educate you about the truth behind their claims).

      For those on a budget, WordFence does a great job. Moving to a VPS allows you to block countries – this is a major benefit in preventing hackers).


      They also claimed that the malware could only be fixed by sending a technician to site. That is complete nonsense. All servers are accessed ‘over the network’ and no software issue requires physical access to the hardware to fix. Come on – who are they kidding?

      At this point I know this is a Nigerian scam. There’s more, but I’ve got tired.

      “As the Global Leader in site security and the security partner provider for over 150 different hosting firms worldwide (GoDaddy, BlueHost, iPage, FatCow to name a few) we that this very well.”

      Actually, Sucuri is, all hosts listed are EIG hosts, nobody else would runs this scam.

      “The one time clean is $300 — but we Do Not recommend this as it’s only one time and only secures your site for that day.”

      So – don’t clean it, just pay us a monthly is their advice.

      “If there is no SSL/ e-commerce on the site that you want to have cleaned, then we can do the Infinity Manual Cleaning Service at $99.99 per month with a Basic Firewall (not compatible with SSL’s).”

      Who, on shared hosting, is going to pay $99.99 per month for bogus ‘protection’ when WordFence is free? Why are ecommerce files not included? they are just files. Oh, I know – because we can extort even more money. As a security company, you want me to leave a door wide open and not use ssl? A firewall also does not stop WordPress getting hacked otherwise no sites would be hacked because all hosts run firewalls as a basic protection measure.

      “During a recent SiteLock security scan of your website, malware was detected that could jeopardize the safety of your website and your customers’ data. As a longtime partner of HostGator, SiteLock security was included in your hosting package to help ensure the protection of your investment.”

      This is the empty folder site that was moved to a new host 2 months ago.


      “To answer your question, the malware is located somewhere within your website’s files.”

      There are NO files in an empty folder.

      “Even though the site isn’t up, your site is still susceptible to attack.”

      How? the ‘site’ at Hostgator is not accessible on the internet (because it is hosted elsewhere), so the only malware I could ‘catch’ would come from someone infecting a different site first (Not found in your ‘scan’) or from SIteLock or Hostgator putting it there.

      “If you no longer use the site, I suggest that you communicate with HostGator to remove any remnants left of that site,”

      Hostgator do not do file maintenance on websites

      “I have sent a reset password link to your email.”

      Since I do not have an account with SiteLock and they think I do (There’s another question of credibility there) – What password? What account?

      “Within the dashboard, you can view the malware that has infected for yourself. It is malicious coding, therefore, I cannot specific exactly where it is in your website’s files because it is among thousands of lines of code.”

      The English is appalling (Alert) they do not understand that lines of code are contained in files. A website is not one large program. I know – I write websites. SiteLock can’t identify a file, only ‘code’ – another red flag : They don’t understand basic computing.

      “SMART (Secure Malware Automatic Removal Tool) – automatically detects and deletes 92% of malware”

      So Nortons claims 99% and the best that ‘The World’s leading security company’ can do is 92% ? Pathetic success rate which leaves me 8% wide open and all for $100 a month? Get real.

      “Vulnerability fixes, in any existing or new plugins, themes, and source coding itself, we find them, and patch them.”

      What? you will repair WordPress, Joomla, Magento and all extensions and plugins? Yeah right.

      “Most importantly, complete 24×7 access to our ES(Expert Services) Team, that will manually go through your site and remove ANYTHING malicious or suspicious. Or any type of hack, defacement, redirect, pharma hack, phishing, crawling, etc.”

      Experts who do not know what a firewall is, can’t protect me from 8% of malware, think that my website has no files – just code, think that malware exists in an empty folder? etc.

      “Our Firewalls Prevent malware / hacks/ attacks, etc.”

      Hostgator already run firewalls unless they just left the office door open and walked away.

      “Enterprise Firewall: (Also a per month rate) CDN (content delivery network) boosting your site’s speed for your users across the Globe.”

      Nothing to do with firewalls – Cloudflare does this for free

      “SEO (search engine optimization) – Google recognizes you have taken these precautionary measures and Boosts your sites rankings in all search engines. (Google, Bing, Yahoo, Etc..) ”

      Nothing to do with firewalls – Where is the proof of results or guarantee of ranking? How on earth are SiteLock going to seo my site? (Submitting a site to Google does not count as seo) and Google does NOT recognize SiteLock or any other security measures as one of 200 ranking factors.

      “Traffic stats. Bot vs. Human visitor traffic stats.”

      Done by Awstats already for free

      “Minification. our engineers go through your entire source code, and remove any unnecessary spacing and/or characters, making your site’s load times quicker and your code less vulnerable to penetrating attacks.”

      Minification does NOT make code less vulnerable – it optimises code by removing redundant or duplicate code. And these are the engineers who will ‘fix any malware’ in my code?

      “Blocks backdoor connections. – This is huge right now. I see more backdoor hacks than anything else out there in the cyber crime world. This is undetectable from our scanners” because they are doing anything malicious. They are able to make Administrative decisions, change anything on your site.

      So the World’s number one can’t find the biggest threat?

      “Two of your sites have serious issues. All of your sites generally speaking have insufficient security as your host does not provide security for any domains they hos.”

      All of the sites run Wordfence, Sucuri and Bulletproof security which has prevented every attack (including a ddos of 6000 hits per day) and you tell me you can do better? The only ‘Malware’ you found is non existent.

      ” SiteLock is the security partner with HostGator because we are able to find, fix and prevent malware issues.”

      Only 92% and you only found non-existent ‘malware’ on an empty folder and a clean site out of 40+ sites?
      “All that we have access to is the level that we see for your Lite Scanner.”

      So, you claim to have found malware in my code (there is no ‘lower’ level to scan than code) but can’t tell me where it is because your scan does not go into the files? How do you know a file is infected if you do not look into it? makes no sense at all.

  26. Thank you for the article. I just received an email from Sitelock and my initial thought was that it was a sales tactic, which I googled and found your article. I am a software developer and sysadmin, and the domain in question is a WordPress site that I have had for several years and have had locked down. I am pretty sure there is no malware up there, and it may be similar to your situation where there is a link on the site that might be having issues.

    Thanks again for your post–helps confirm what I suspected.

  27. I had a very similar experience, my host (Hostgator) has decided to now include free Sitelock scanning of my sites, I read through the terms and it clearly stated that I would have to pay a fee for them to remove any nasties. Within 2 weeks I get a notification of a problem, my site is at immediate risk, I may get booted off of Google and lose all my visitors.

    The notification didn’t give me any info about what or where the issue was, just a scary warning and a phone number to call.

    I assumed it would be answered by a salesperson. I smelled a rat. The whole set up looked like a fishy money making scam.

    I did over a dozen malware scans of the site, what did I find? Nothing.

    I have security software on the site that detects and then warns me about changes to key files on the site, I checked the logs – nothing.

    I manually checked some key files on the site – nothing.

    I checked my Google Dashboard for any malware warnings – nothing.

    I then checked all the comments on the site and noticed that one commenter had posted a link that was now leading a website that had been compromised. This comment was buried deep in the comments section of page that hardly gets viewed.

    For the record – one link in a comments section doesn’t get you banned from Google. It doesn’t compromise my site. larger sites have potentially millions of outgoing links to other sites and at any time one or more of those sites could get hacked.

    I removed the comment, took about 5 seconds.

    While it’s great that Sitelock found this minor issue, I think it’s deceptive of them to imply that this was a major issue that threatened my site as a whole. They obviously hold back info on the threat for a reason, they don’t want you to know how easy it is to fix!

    The fees they suggested for removal were nothing short of disgusting.

    I wonder how many site owners have paid hundreds of dollars for them to do 5 seconds work?

    This reminds me of those computer Anti Virus scams where they scan your site, tell you your computer is infected and then charge you a subscription to remove something like a harmless cookie!

  28. Yo, I want to get a hold of you. Currently blogging about what I’m labeling as a “EIG / SiteLock Conspiracy”. Here’s my story: Would love to talk with you. Cheers!

    • Yo to you too. I am not available right now, but feel free to email me and give me an idea of what you are looking for. I’ll email you back when I get a chance.

  29. Stephen Bains says:

    Site lock has fraudulently charged my credit card. They are a scam!

  30. Very poor service
    Hard to cancel Sitelock they keep making charges on my credit card

  31. Sucuri was much more scammy in my book. They use false positives to scam. I liked sitelock just for the trust badge. It may help sales but it seems like that product is gone.

  32. cPanel has a virus scanner. You click Virus Scanner to get rid of viruses. If your host doesn’t have it, get a new host. Also, make sure that your plugins and WordPress is up to date. Ask your host to update your mysql or Mariadb and php versions if you are out of date.

    • Thanks, Ralph. Excellent points. I have only encountered wordfence once. It was on a website where the person didn’t know they had it so they got locked out of their site. Assuming one uses it properly, I think it would be very helpful in preventing improper access to a site.

  33. A spam plugins and wordfence helps of course and protection on your computer so that your logins can’t be stolen.

  34. Tariq Alwahedi says:

    I had sitelock over three domains for few months now. in the first attack the whole system collapsed. I got simple DDOs attack on my server and the whole website went down. I lost 2 days of business. reporters were calling to ask me what happened to the website.

    I called sitelock to help they assured me all was ok. However, website was down. My team checked logs and we were under DDos attack from China. Firewall couldn’t even stop it although i am paying for premium firewall.

    I called sitelock for a refund cuz their system didn’t work and i was nice didnt claim any damages for lost business. The representative was so rude to me and said at the end the service doesn’t cover DDOs. I told her i didn’t know attacks come on a la cart that i get to chose from. Save your money. They are the worst company u could deal with.

  35. We used Sitelock for our company and have recently decided to pull the plug on them. We lost some money as we were on some 6 month deal but we are happy to have finished with them. Their customer support is extremely inadequate and incompetent. On several occasions they did not respond to my emails for support and never resolved an issue we had. We truly recommend everyone to stay away from them. They are not worth the hassle. The company we are now with are excellent.

  36. SITELOCK attacks my site with regularity from an 184.154.139.xx sitelock ip address. has been security blocked for reguar DDOS attacks upon my site. I have blocked the ip for “” and yet the ATTACKS BY SITELOCK continue! I RECEIVED a SITELOCK.COM attack lasting OVER 13 hours on one occasion. Site-Lock-com exhibits the behavior of a PREDATOR, NOT A PROTECTOR!!! SiteLock bots from the SITELOCK-BOTNET will barrage my site regardless of all the 403 blocking errors that Sitelock’s bots generate. SiteLock SQUANDERS my bandwith with their attacks and Sitelock’s-bot DEMANDS to recieve-an-unblock-email !!! Sitelocks attacks on my website include the repeated message ” th1s_1s_a_4o4.html “. Many of the shill reviews I’ve read about the sitelock company are “five-star”, and i suspect SITELOCK SECURITY works very hard to bury negative sitelock reviews about ACTUAL SITELOCK EXPERIENCES. How many ” th1s_1s_a_4o4.html ” error messages and “send-me-an-unblock-email ” error messages does it take for site-lock-security to back off? I called sitelock-customer-service but the sitelock-DDOS-attacks continue. SITELOCK = BAD COMPANY!


  1. […] reviews than positive. Isn’t that the way? So when someone asked me in response to my post on Sitelock if there are any good companies for keeping your website safe, I realized, this is the time to speak […]

  2. […] yes. I love the blogsphere. This was a comment left on a blog post about experience with SiteLock. Whether this was a real former SiteLock employee or an internet troll, one will never know. Given […]

  3. […] speaking to a junior administrator at HostGator, I was transferred to a company called:  SiteLock. .  The woman was very rude while explaining that I must pay them to get the sites back up and […]

  4. […] did some research and discovered that SiteLock will infect your site with malware if you don’t […]

  5. […] provider knows exactly how to deal with it also take steps to avoid its intrusion in near future. Sitelock reviews illustrate the potentiality of the service provider in solving such […]

  6. […] not an isolated case by any means, just read the comments of the blog or  look at other posts like Jennifer Ellis’s examination of how she was pushed to get Sitelock because a link on her site …. That’s concerning, corporate driven takedowns because you may be linking to an infected site […]

  7. […] of a provable third party accreditation prior providing personal data in the site. By reading the Sitelock Reviews, you can get an idea about how exactly SiteLock helps the […]

  8. […] Jennifer Ellis, had this to say “SiteLock wanted to charge me $199 to remove a link from a blog post. My […]

Speak Your Mind


This site uses Akismet to reduce spam. Learn how your comment data is processed.