We frequently have people contacting us looking for advice after they have been in contact with the web security company SiteLock. A lot of the claims made by SiteLock that are relayed to us are untrue, which isn’t surprising considering everything we have seen and heard about that company. One of these claims that was passed along to us recently seems like something worth making a note of because it deals with how SiteLock sells people on the need for their protection services, while actually leaving websites vulnerable.
The owner of a website was told that while the hack of their website didn’t have much impact, the website would now be on a list of hackable websites and the original hackers or “worse” would return to more damage than the simple defacement that was done. The SiteLock representative was suggesting purchasing a $50 a month protection plan to protect against those future hackers.
We have never heard of a list of hackable websites and it doesn’t really make sense that a hacker would do a visible hack, which is what a defacement hack involves, and then come back and do something worse in the future. This would be like a bank robber breaking in to a bank vault and spray painting that they broke in, but not taking any money, but planning to come back and do that at a later date. That analogy sounds more like something a villain in a comic, movie, or TV show might do.
The reality though is that for a website to be hacked something has to have gone wrong. If you don’t fix that vulnerability then the hacker or another hacker could exploit the vulnerability again in the future. The solution to that is to figure out what that was and fix it as part of a proper hack cleanup. As we were just mentioning the other day though, SiteLock touts that they don’t do that, instead simply using automated tools to try to remove malicious code on the website, leaving the website vulnerable to being hacked again and again.
It also follows that SiteLock protection service wouldn’t provide good protection since they don’t know how websites are being hacked. Not surprisingly SiteLock doesn’t present evidence, much less evidence from independent testing, that their services are actually effective at protecting websites.
What seems to be the explanation for this is that SiteLock’s business model is built around getting reoccurring fees from people without having to do much for it. Properly cleaning up hacked websites would require having skilled people, which would cost serious money, and would only bring in money once. While selling people security services that are not expected to work that well, since there isn’t an expectation that websites can actually be secure, doesn’t require competent people. If you can get people to believe that websites just get hacked, as opposed to something going wrong that can be prevented, then it makes it easier to sell them a nebulous protection service.
If your website has been hacked you want to make sure to get it properly cleaned up, which involves removing anything the hacker added to the website, securing the website (which usually involves upgrading the software on it), and trying to determine how the website was hacked and fixing that. Many companies, including SiteLock, cut corners. So simply going with a well known company doesn’t mean that you are going to get a good result, in fact what we have seen is that the biggest names are usually very bad at security (lying about things has been effective method to make security companies popular, but it doesn’t help to make them good at security).
A Better Alternative to SiteLock For Cleaning Up a Hacked Website
If your web host is pushing you to hire SiteLock to clean up a hacked website, we provide a better alternative, where we actually properly clean up the website.