SiteLock Review: Is It Worth It?


7-layers of Security for Your WordPress Site

Your website needs the most comprehensive security to protect it from the constant attacks it faces everyday.

Several comparison articles may place it in the limelight, but does SiteLock really deliver? Is it worth parting with your hard-earned cash for? More importantly, can it be the dependable guard your WordPress site needs? 

As seasoned WordPress security experts, we understand what makes a truly reliable security plugin stand out from the crowd. We purposely infected our test site with malware and vulnerability plugins to test Sitelock and this article is our tell-all. 

TL;DR: SiteLock fails on multiple fronts, even the crucial ones like scanning, removal, and firewall. We recommend you install MalCare instead. MalCare is a complete WordPress security plugin, with a robust firewall, a comprehensive malware scanner, and a one-click malware removal tool. 


We’ve dissected SiteLock from all angles and here’s our verdict: In a nutshell, nothing works. The configuration? Tough and non-functioning. The essential security features? Dreadfully lacking. Secondary security features? They fall flat. All this has left us wondering if it really is a security plugin. We do not recommend installing it.

Critical/must-have features

Among the myriad security features available, three emerge as the absolute must-haves for any effective security plugin: malware scanner, malware removal, and firewall. These features form the foundation of a viable security plugin and serve as the pillars upon which comprehensive reviews should be built. With that in mind, let’s see how SiteLock fares in those three categories:

Malware scanner

Malware scanning is a vital component of any security plugin. It detects and flags malicious code on your website. Regular scanning helps maintain website integrity and safeguards sensitive data, making it an essential feature for effective online security. 

Now, let’s talk about SiteLock’s malware scanner, shall we? It’s a feature that is found on the dashboard and enables you to have one on-demand scan a day. We’ll also give it some brownie points for being able to configure the number of automated scans.

However, it was like having a guard dog that couldn’t even sniff out a squirrel. It gave our infected site a clean bill of health. SiteLock’s scanner didn’t even bat an eye. So, that’s not great at all. 

Malware removal

Malware removal is a critical process that focuses on eliminating malware from your WordPress site. It mitigates the need for you to scour your code and remove the malicious instances manually. 

When it comes to malware removal, SiteLock’s performance leaves something to be desired. After all, if this security plugin can’t even detect malware, one can’t expect it to effectively remove it either. 

Digging through the settings, we discovered SMART, which is supposedly SiteLock’s automatic malware removal feature. Unfortunately, due to FTP connection issues, we were unable to put it to the test.

It’s crucial to consider the effectiveness of the scanner when evaluating the reliability of SiteLock’s malware removal capabilities. How can one trust that their site is truly clean?


A firewall monitors and filters incoming and outgoing traffic to your site based on predetermined security rules. 

Unfortunately, we couldn’t test SiteLock’s firewall feature due to its absence in the basic plan. Without a firewall or bot protection, it leaves websites vulnerable to a variety of cyber threats. While other plans may offer this essential security component, it’s disappointing that it doesn’t come included in the entry-level offering. It should be one of the basic features of a security plugin to secure your site. 

Other security features

Apart from the critical ones, there are a bunch of other security features that can protect your site. Let’s take a look at how SiteLock can fight off bots, scan for vulnerabilities, and help you monitor changes. 

Vulnerability scanner

Vulnerability detection is the process of identifying and analyzing security weaknesses within the plugins and themes of a WordPress site. Hackers can exploit these vulnerabilities to gain unauthorized access, disrupt operations, or steal sensitive information. 

SiteLock claims to include vulnerability detection as part of its scanner feature, aiming to identify and alert users. However, our testing left us scratching our heads. Despite knowing that these vulnerabilities existed on our site, SiteLock’s scan results declared it clean as a whistle. 

Brute-force login protection

Brute-force protection typically involves mechanisms to detect and block repeated failed login attempts, limiting the ability of hackers to guess passwords. Unfortunately, this specific safeguard is not provided within SiteLock’s suite of security services.

Two-factor authentication

SiteLock offers two-step verification as part of its security measures. However, during our trial, we encountered issues with the functionality of this feature. When trying to test the text message option for secondary authentication, the system failed to send the test message as expected. Similar issues were faced when attempting to set up the mobile verification method.

Activity Log

Activity logs keep track of actions, highlight anomalies and in a tight situation, help you trace your steps back to normality. It’s an incredibly useful feature that SiteLock does not offer. 

Installing and configuring SiteLock

Let’s just say, setting up SiteLock wasn’t smooth sailing. With no visible settings link on the plugins menu and the need to navigate back and forth to SiteLock’s site, it felt more like a treasure hunt than an installation process.

Our next step was setting up the plugin. We found ourselves at a standstill with the “SMART setup”. It demanded FTP access, and when we tried using our SFTP, it was a no-go. Despite our best efforts, we had to admit defeat and move on. 

We explored the SiteLock dashboard and found options to toggle security alerts. But without clear information on what these alerts entail, we were left guessing. 

Other factors to consider

Server resources impact

Malware scanning is historically a feature that sucks up server resources, as security plugins—with the exception of MalCare—use client-side resources for scanning. In SiteLock’s favor, it passed the disk usage test with flying colors. So we tip our hats to that. 

Customer support

Turning our attention to help and support, SiteLock loses points. Expect a long 30-hour wait before you get a response to your ticket if you have the basic plan. If you’re wrestling with a mid-hack crisis, this could be dangerously slow. As for their support team, let’s just say it leaves much to be desired.

It is not straightforward to get a refund from SiteLock, in spite of a so-called 30-day guarantee. We purchased a premium plan for the purposes of testing the plugin, and it took us several days to get a refund. On top of this, the customer is forced to speak to customer service agents, who only work in US time zones, before they approve a refund. It is a lot of hoops to jump through for a refund, and the same process applies for a simple cancellation.


SiteLock has plans starting at $14.99 and scaling up to a whopping $34.99. That’s monthly, folks, and that’s for each site. Judging by our experience with the basic plan, it seems like a clear waste of resources. 

Top alternative to SiteLock

MalCare is a comprehensive WordPress security plugin with a range of features designed to ensure optimal protection for your website. These include:

  • One-click malware removal: MalCare’s one-click malware removal feature makes it effortless to clean up your site. No need to hire specialists or wait for technical support. But we do have a team of security experts that can help should you need it. 
  • Intelligent firewall: MalCare implements an intelligent firewall that uses advanced rules to identify and block suspicious activities. 
  • Advanced scanning: MalCare can find malware in every nook and cranny. This is because it can conduct a complete scan of the site, including the database. 
  • Login protection: To protect against brute-force attacks, MalCare limits login attempts and provides bot protection. 
  • Reporting and alerts: MalCare offers extensive reporting capabilities and real-time alerts that keep you aware of your website’s security condition at all times.

What should you consider when picking a security plugin?

Choosing the right security plugin for your WordPress site is crucial. You have to factor in a lot of features. A good security plugin is your website’s first defense against a variety of threats. These threats range from malware intrusions  to DDoS attacks that can drop your site faster than a lead balloon. Without a trusty security plugin, your site could be incredibly vulnerable. 

  • Malware scanning: This is the first line of defense. A good scanning feature will pick up any potentially harmful data before it transforms into a serious threat. A proficient malware scanner should scan not just the surface-level content, but go through the deep ends of your databases, files, and posts. It should also scour your themes, plugins, and the nitty-gritty of core files for any suspicious activity or elements, ensuring no stone, or in this case, byte, is left unturned.
  • Malware removal: A great security plugin doesn’t just find harmful code but it gets rid of them. It cleans out malware, ensuring your site stays pristine and untouched. MalCare has an automated malware removal feature and security experts that can clear the malware for you. 
  • Firewall: A robust firewall stands guard 24/7, blocking threats before they can make any dent in your security defenses. It’s continued protection that never takes a coffee break.
  • Vulnerability detection: A good vulnerability detection feature doesn’t wait for an attack. It proactively assesses your website to pinpoint weak areas, because fewer vulnerabilities mean fewer threats.
  • Brute-force protection: A brute-force attack is a trial-and-error method where a hacker attempts to crack your site’s access by repeatedly guessing login credentials. You can stop them by limiting logins and installing bot protection. This ensures your site can stand against a multitude of forceful login attempts. 
  • Two-factor authentication (2FA): A reliable 2FA includes an extra wall of security by requiring two steps of verification. This cuts the likelihood of unauthorized access by a long way. You want a plugin that offers multiple methods of authentication and offers fallback methods. 
  • Activity log: Activity logs increase transparency and accountability. By providing full visibility of all actions taken on your site, they can quickly highlight unusual activity, helping to identify potential security threats. Furthermore, in the event of an attack, they can help trace back the steps, leading to a more efficient recovery process. 
  • Server resources: Heavy-duty scanning, for example, can take up a chunk of server processing power. The closer this gets to your server’s capacity, the slower your website can become, and higher your hosting bill goes. So, while selecting your security plugin, it’s important to consider how it manages server resources. 

Final thoughts

An efficient security plugin is essential to shield your WordPress site like a knight in shining armor. Unfortunately, SiteLock stumbles on this front, unable to adequately provide this protection. 

Enter stage right, MalCare, the worthy protagonist in our tale, returning dividends in robust protection. Over time, MalCare forms an impregnable fortress against threats hell-bent on wreaking havoc. Simply put, MalCare isn’t just a security plugin—it’s the bodyguard your WordPress site deserves.


Can SiteLock detect and prevent hacking attempts and unauthorized access?

Yes, SiteLock is designed to detect and prevent hacking attempts. But the efficiency can be questionable.

Is SiteLock compatible with different types of websites and content management systems?

Yes, SiteLock can be used with various websites and content management systems, including WordPress.

Is SiteLock worth the money?

Based on our exploration, we would hesitate to say SiteLock is worth the investment. The challenging setup process and lackluster customer support mar the overall value.

Is SiteLock safe?

While it’s designed to enhance the safety of your site, the effectiveness of SiteLock’s security measures can vary.

What are the benefits of SiteLock?

SiteLock offers a blend of malware scanning and firewall protections. It also doesn’t consume too many server resources.

How do I get rid of SiteLock?

Planning to cancel SiteLock? Brace yourself for a few hurdles. You’ll need to speak with their support team, be redirected to their billing team, or perhaps use their chat function.

How much does SiteLock cost?

SiteLock pricing plans start from $14.99 and scale up to $34.99 per month, per site.

Is SiteLock free?

No, SiteLock isn’t free. It offers various paid plans starting at $14.99.


You may also like

WPMU DEV Review: Features, Pricing and Details
WPMU DEV Review: Features, Pricing and Details

In a world where time is money, you want tools that save you time, giving you room to make more money. When you manage multiple WordPress sites, your task list…

How can we help you?

If you’re worried that your website has been hacked, MalCare can help you quickly fix the issue and secure your site to prevent future hacks.

My site is hacked – Help me clean it

Clean your site with MalCare’s AntiVirus solution within minutes. It will remove all malware from your complete site. Guaranteed.

Secure my WordPress Site from hackers

MalCare’s 7-Layer Security Offers Complete Protection for Your Website. 300,000+ Websites Trust MalCare for Total Defence from Attacks.