(352) 397-2705

Should I Get SiteLock Security For My WordPress Website?

Oct 10, 2020 | Security, Web Hosting, WordPress

website maintenance plans with security
SiteLock is a service that I have come across many times as a website developer. People have unwittingly fallen for the “need” to have SiteLock to “secure” their websites from their hosting companies. Many hosting companies even have some licensing deals with SiteLock, so they make money by referring you to them.

SiteLock seems to be a huge partner with all EIG owned web hosting companies. Of course, we generally recommend people stay away from EIG (Endurance International Group) owned companies for various reasons. These companies include HostGator, BlueHost, HostMonster, iPage, JustHost, A Small Orange, and dozens of other names you might recognize.

A lot of web designers, website developers, and webmasters — the people who are in an out of websites and hosting accounts daily — have issues with EIG owned companies. They have monopolized the industry by buying up different hosting companies. Many companies’ services and support go in the toilet after being bought by this 2.24 billion-dollar company.

And, it looks like SiteLock is owned by UnitedWeb, who… wait for it… also own Endurance International Group (EIG). So no conflict of interest there, right?

EIG + Sitelock Companies

Several people I am aware of, who have hosted with an EIG company, ended up getting a hacked websites. Or, with their host notifying them that their website was suspended due to malware or hacking issues. They then required them to purchase SiteLock to help clean up and safeguard their files and get them back online.

SiteLock Pricing

SiteLock offers different levels of services at various price points for a monthly or yearly fee. Their pricing starts at $14.99 per site per month. Pricing can go up, depending on the level of service you are looking for and your website’s size. The prices seem decent for what you get; however, be prepared for a sales call to try to sell you on additional services.

You also have to look at the services you will be getting from them. I see no mention of them actually working on the things your site needs to stay secure. This includes things such as software updates for your WordPress files, plugins, and themes. This means you would still have to remember to do yourself on a regular basis, to keep your site as hardened from hacking as possible.

And, in all my years of being in the industry, and with all the website owners that have told me they would handle this themselves, very few — like less than 5% — actually do it on a regular basis themselves. They get busy and simply forget. These updates are something that get handled for you with a traditional Wordpress maintenance company, but not with a service like SiteLock. SiteLock leaves that task up to you, and when you forget, you can easily get hacked, which just adds to their bottom line.

Many website owners have stated that it can cost an extra $30 to $300 to repair pages on their website when there is an issue. So, let’s say that SiteLock finds some malware on your site. You will pay extra to have them clean it up, and from what I have read, they aren’t always quite so “honest” about the issues they find.

One such user states that she added SiteLock for only $14.99 from her web host. After eight months in, she got an alert about malware on her site, and it stated that the problem was “critical.” She put in a call to SiteLock; after all, they were “protecting” her site.

That call resulted in a sales pitch for all kinds of other services, including a $500 firewall. Plus, an additional $200 to clean her site up.

Don’t get me wrong, for $14.99, I don’t think it’s reasonable to expect a full site cleanup. It’s a big task. Even when you are on a reputable website maintenance plan, actually cleanup of malware is generally not included. But, this should have been made clear up front.

Deceptive Billing Practices & High-Pressure Sales Tactics

The majority of complaints with SiteLock seem to be surrounding their billing practices and high-pressure sales tactics. In fact the Better Business Bureau has a lot of them. And, it seems that unwitting customers didn’t realize the tight interconnection between SiteLock and the hosting provider they used when they were “sold” on the service.

One angry customer said:

“Before buying this service, I had SiteLock Lite, which I was told by BlueHost (after previously agreeing to sign up for the FREE service) that this would fix the problem if my website went down. I was not told of the interrelationship between SiteLock and BlueHost, one that requires the customer to use SiteLock – a connection that appears as though it should violate anti trust guidelines unless the customer is told specifically about the relationship prior. I find it overly implausible that I would be hit with heavy advertising to buy SiteLock in one week, and then have the first and only time that my website was hacked and shut down (in one decade, with BlueHost).”

Deceptive Sales Practices

A webmaster with a client on HostGator relayed a story about her dealing with HostGator and SiteLock.

Her client received an email from SiteLock, who called themselves a “security” firm, stating that “One or more of the domains you own has malware on it and the issue needs to be resolved.” So the webmaster went to HostGator, on her behalf, to find out more.

In that conversation with HostGator, she learned that SiteLock was a partner company to them. The HostGator tech person said that the site might be infected but no way to know for sure without purchasing the SiteLock malware protection package first. Once she had that package, they would look inside the files and see if there was malware there. If there was, it would cost extra to have it removed.

As she talked to them, she was adding up the amount of money they were looking at spending, and it crept upwards into four figures! In the end, she determined that the email her client received, which looked like a clear warning of a problem her website had, was nothing more than a sales pitch designed to frighten the website owner into purchasing the SiteLock service.

Hacking and Site Security is a Problem and Serious

Hacking is a serious problem in this day and age. This means that site security is something that shouldn’t be ignored.

But, keep in mind hosting can play a factor in that problem as well. That’s why we generally don’t recommend hosts within the EIG network. When you stuff many clients on one server as they do, inevitably, issues on one website account can creep into another website through backdoors and security holes. But, that’s the price you pay for going for the cheapest hosting you can find.

Sadly, many businesses don’t even know they have been hacked until Google has already blacklisted them, or someone points out that their website is redirecting them to another, unrelated page. That’s what makes doing regular security scans important.

I just personally don’t care for the deep financial connections between the network of large hosting companies and SiteLock. It seems to me like it’s in their financial interest for sites on their servers to “come down with malware” that needs to “be cleaned up” and “secured.”

The Alternative to SiteLock Services

I would highly suggest that website owners look at a WordPress maintenance plans with a provider they can trust. We offer this as a service to our clients, and there are plenty of other legitimate Wordpress maintenance and support services companies out there.

The services you would get on a SiteLock plan are already covered in many of these WordPress maintenance packages. This includes firewalls, security monitoring, uptime monitoring, security scans, and backups of your site, depending on your provider.

And, we offer even more benefits than they do on top of that with our WordPress maintenance service. We take care of updating your Wordpress files, your plugin files, and themes to keep them secure. We offer some speed optimizations and database optimizations. We also send monthly reports on the work that we do each month.

Also, you can’t discount the fact that you are dealing with real people — the same people, who know you personally, when you have issues with your site, not a nameless, faceless corporate entity.

Now, make no mistake, if your site becomes infected with malware, are we going to clean it for free? No, of course not. But, no reputable company will. It takes a lot of time and resources to clean up a hacked website. But, our pricing for cleanup services is the industry average.

The great thing about our WordPress monthly maintenance plans is that we don’t have a significant financial interest in your site getting hacked. Sure, we can make a tiny bit of money cleaning it up if it does. But, believe me, it’s a considerable pain in the rear to do, takes our people off of tasks that are much more profitable to us, and not where our time is best spent. Frankly speaking, we will do it, when the need arises, but it’s not something we enjoy doing, nor is it profitable to us. So, we do our best to try to minimize the risks of hacking happening to begin with by hardening your website as best as can be done against hackers.

We also don’t lock you into recurring plans and deceptive billing practices. You are free to discontinue your service before your next billing cycle and be done with it at any time. Honestly, we have had very few clients leave after seeing the level of service they get from us compared to other companies they have used, including SiteLock.


Nora Kramer
Follow Me

Want to work with me?

I would love to talk with you and see if we are a good fit for each other on a project! Please schedule a call to get started.

Click To Call