One of things that we had wondered for some time about SiteLock, the web security company that seems like is scamming their customers, was what explained their partnerships with so many web hosts. Before we found about the more scam level stuff going on with them, what we had see was they seemed to be quite bad at hack cleanups and the basics of website security. So we figured that the partnerships were not based on the web host believing that SiteLock was the best choice to help their customers, but about money. When we found about how SiteLock was taking advantage of people on large scale we started to wonder how much money must the web hosts being getting to continue those partnerships, considering that their partnerships with SiteLock couldn’t be good for their reputation. To a lesser degree we sometimes have had wondered why SiteLock was partnering with some web hosting companies that had some bad security practices or were making it harder to properly clean up hacked websites. We figured that they would at least be pushing these companies to improve those situations, but we saw no evidence of that occurring.
Several weeks back we ran across a couple of things that went a long way to answering those questions.
First, it turns out the majority owners of SiteLock are also the CEO and board member of a major web hosting company Endurance International Group, which does business under the brand names A Small Orange, Bluehost, FatCow, HostGator, HostMonster, iPage, IPOWER, and many more. That would seem to make it easier to get them to partner with SiteLock. From this we also know that at least at those web hosts, the web hosts are not in the dark about what SiteLock is actually doing and if they had a problem with it they could make a change directly at SiteLock. It also goes a long way to explaining why SiteLock wasn’t insisting on better security practices at web hosts, since their owners are also running a web hosting company that doesn’t have the best handle on security.
It important to note that neither SiteLock or the Endurance International Group is upfront about this connection between the two. The only place you will find out about the connection is in Endurance International Group financial reports, where they are legally required to disclose it. Even in those it hidden away, as SiteLock is not mentioned in them, instead they are referred to by the entity that owns them, Innovative Business Services. At the point where you legal are required to disclose something, it seems to us that would be a good indication that you should be upfront with your customers about what is going on, but clearly they don’t fell the same way.
Second, it turns out that web hosting partners are getting a lot of money, if the deal that SiteLock has with Endurance International Group is any indication. As of fiscal year 2014 the Endurance got 55% of the revenue coming from sales through the partnership with SiteLock. We wonder how people that have been strongly pushed to SiteLock by their web hosts would feel when they found how much money the web host is getting by doing that, especially in situation where they are dealing with a hacked websites. It also appears to create an incentive for them to not make sure their clients are secure, since they can make a lot of money off of those websites being hacked.
That brings up to the latest piece of information we ran across about their partnerships, which is that SiteLock is apparently blaming their web hosting partners for how the services are sold. Here is a tweet from one of the writers at WP Tavern:
@matthew_zak SiteLock is aware of what you're going through but they don't control how the hosts sell their services to customers.
— Jeff (@jeffr0) September 28, 2016
Assuming that is true and we don’t have a reason to believe that it isn’t (the same person did a podcast interview with a SiteLock representative in June, in which their response to a question of SiteLock’s unsavory practices was that you should trust that person that it isn’t happening (despite it actually happening)), it is a rather outlandish claim. Even if you didn’t know what we just discussed, what kind of partnership would it be where one party has no control of how their services are being sold.
In reality from everything we have read and heard, SiteLock employees are the ones doing much of what is being complained about. Even if they were not, considering how much the web host is getting paid, it doesn’t seem believable that Sitelock wouldn’t have the leverage to stop bad practices.
More importantly in the case of Bluehost, that was mentioned in the previous tweet there, seeing as SiteLock’s owner also control Bluehost, they wouldn’t’ have a problem controlling how the web host sells SiteLock’s services.
We get the feeling that the idea here is that SiteLock and the web hosts each point the figure at the other and hope that more people don’t become aware that they are dealing with two parties so closely connected.
A Better Alternative to SiteLock For Cleaning Up a Hacked Website
If your web host is pushing you to hire SiteLock to clean up a hacked website, we provide a better alternative, where we actually properly clean up the website.
Yes, I found it interesting today that when chatting with Hostmonster support about virus/malware in my account, after escalating my chat to a supervisor, the supervisor said he was transferring the chat to Sitelock. Same chat window. Hmmmmm. In the meantime, I am FAR out of my wheelhouse and have a bunch of malware to get rid of on my sites. I don’t have deep pockets and don’t know where to turn.
You can find the details of what we offer as an alternative to SiteLock here.
Well, Hostgator did the exact same to me, they found malware and they basically pushed Sitelock down my throat to clean up my files, otherwise my website would remain suspended.
These companies are more interested in higher incomes than real support, I wonder if they are the ones infesting us with malware so they can take more money from us.
HostGator only requires that the website be cleaned up for them to unsuspend it, not that you hire SiteLock to clean it up. They usually clearly state that in the emails they send out when suspending websites and we have never had any issue with them unsuspending a website after we have done a cleanup for someone.
As for the claim that they might be infecting websites malware, we have never seen any evidence to support that and plenty to the contrary. On the other hand, we have recently in cleaning up websites hosted with HostGator and other Endurance International Group (EIG) brands where it looks like a security with the web host may have been the cause of the websites being hacked.