SiteLock Review: The Truth About Performance, Support & Scams

Several comparison articles may place it in the limelight, but does SiteLock really deliver? Is it worth parting with your hard-earned cash for? More importantly, can it be the dependable guard your WordPress site needs? 

As seasoned WordPress security experts, we understand what makes a truly reliable security plugin stand out from the crowd. We purposely infected our test site with malware and vulnerability plugins for this SiteLock review and this article is our tell-all. 

TL;DR: In our SiteLock review, the plugin fails on multiple fronts, even the crucial ones like scanning, removal, and firewall. We recommend you install another WordPress security plugin instead. Choose one with a robust firewall, a comprehensive malware scanner, and a one-click malware removal tool. 

Quick summary: SiteLock review

SiteLock remains a contentious WordPress security plugin.

Its cloud-based architecture offers a low-impact solution for server resources. However, it lacks on practically all other fronts.

The platform relies heavily on its partnerships with hosting conglomerates. These partnerships often drive sales through reactive malware alerts. For most WordPress users, the high cost and mandatory 12-month commitment make it prohibitive.

Pros of using SiteLock

Cons of using SiteLock

⚖️ Our SiteLock review has this verdict: In a nutshell, nothing works. The configuration? Tough and non-functioning. The essential security features? Dreadfully lacking. Secondary security features? They fall flat. All this has left us wondering if it really is a security plugin. We do not recommend installing it.

Malware scanner

A malware scanner is a vital component of any security plugin. It detects and flags malicious code on your website. Regular scanning helps maintain website integrity and safeguards sensitive data, making it an essential feature for effective online security. 

Now, let’s talk about SiteLock’s malware scanner, shall we? It’s a feature that is found on the dashboard and enables you to have one on-demand scan a day. We’ll also give it some brownie points for being able to configure the number of automated scans.

However, it gave our infected site a clean bill of health. SiteLock’s scanner didn’t even bat an eye. So, that’s not great at all. 

Malware removal

Malware removal is a critical process that focuses on eliminating malware from your WordPress site. It mitigates the need for you to scour your code and remove the malicious instances manually. 

When it comes to malware removal, SiteLock’s performance leaves something to be desired. After all, if this security plugin can’t even detect malware, one can’t expect it to effectively remove it either. 

Digging through the settings, we discovered SMART, which is supposedly SiteLock’s automatic malware removal feature. Unfortunately, due to FTP connection issues, we were unable to put it to the test.

It’s crucial to consider the effectiveness of the scanner when evaluating the reliability of SiteLock’s malware removal capabilities. How can one trust that their site is truly clean?

Emergency malware removal

If a website is already hacked, SiteLock offers a one-time service called SiteLock 911. This service costs a flat fee of $199. It includes immediate priority access to security experts and a 6-hour response time guarantee. This service is designed to clean a site quickly and restore it to its original state. It does not require a long-term subscription but is often used as an entry point for the paid annual plans.

Firewall

A WordPress firewall monitors and filters incoming and outgoing traffic to your site based on predetermined security rules. 

The TrueShield firewall operates at the DNS level. This requires users to point their address records to SiteLock servers to filter traffic before it reaches the hosting environment. While this reduces server load it creates a single point of failure for the website. If the SiteLock network experiences latency the website performance decreases.

Endpoint firewalls like MalCare or Wordfence run at the server level. These provide deeper inspection of encrypted traffic. They do not require complex DNS changes.

SiteLock also lacks integrated support for virtual patching. Virtual patching allows developers to secure known vulnerabilities before a formal plugin update is released.

Unfortunately, we couldn’t test SiteLock’s firewall feature due to its absence in the basic plan. Without a firewall or bot protection, it leaves websites vulnerable to a variety of cyber threats. While other plans may offer this essential security component, it’s disappointing that it doesn’t come included in the entry-level offering. It should be one of the basic features of a security plugin to secure your site. 

Vulnerability scanner

Vulnerability detection is the process of identifying and analysing security weaknesses within the plugins and themes of a WordPress site. Hackers can exploit these vulnerabilities to gain unauthorised access, disrupt operations, or steal sensitive information. 

SiteLock claims to include vulnerability detection as part of its scanner feature, aiming to identify and alert users. However, our testing left us scratching our heads. Despite knowing that these vulnerabilities existed on our site, SiteLock’s scan results declared it clean as a whistle. 

Payment security and compliance

SiteLock markets heavily toward e-commerce businesses by offering PCI-DSS compliance scanning. This is a technical requirement for any website that processes credit card data directly. SiteLock provides a vulnerability disclosure report that satisfies certain compliance audits.

However many modern payment gateways like Stripe or PayPal handle data encryption off-site. This makes the SiteLock compliance scan redundant for many small business owners. The trust seals provided by SiteLock are static images. They do not offer real-time verification of a Secure Socket Layer certificate or encryption status.

Login security

Brute-force protection typically involves mechanisms to detect and block repeated failed login attempts, limiting the ability of hackers to guess passwords. Unfortunately, this specific safeguard is not provided within SiteLock’s suite of security features.

Two-factor authentication

SiteLock offers two-step verification as part of its security measures. However, during our trial, we encountered issues with the functionality of this feature. When trying to test the text message option for secondary authentication, the system failed to send the test message as expected. Similar issues were faced when attempting to set up the mobile verification method.

Activity Log

Activity logs keep track of actions, highlight anomalies and in a tight situation, help you trace your steps back to normality. It’s an incredibly useful feature that SiteLock does not offer. 

Install and config SiteLock

Let’s just say, setting up SiteLock wasn’t smooth sailing. With no visible settings link on the plugins menu and the need to navigate back and forth to SiteLock’s site, it felt more like a treasure hunt than an installation process.

Our next step was setting up the plugin. We found ourselves at a standstill with the “SMART setup”. It demanded FTP access, and when we tried using our SFTP, it was a no-go. Despite our best efforts, we had to admit defeat and move on. 

We explored the SiteLock dashboard and found options to toggle security alerts. But without clear information on what these alerts entail, we were left guessing. 

Configuration gaps in bundled plans

Another issue involves the ghost protection provided by hosting bundles. Many users pay for SiteLock as a line item on their monthly hosting bill without realising that it is not active. Unlike a WordPress security plugin that begins working upon installation and activation, SiteLock often requires manual configuration of DNS records and FTP credentials.

If these steps are not completed, the user continues to pay for something that is not actually scanning or protecting their website. This lack of automated setup is a common reason for re-infection on sites that supposedly have SiteLock protection.

Performance impact

SiteLock is a low-impact security plugin because it performs malware scans in a cloud environment. This off-site execution means it does not use server CPU or RAM. For websites on limited shared hosting plans, this prevents slows down page load speeds during a scan. ‘

However, this performance benefit relies entirely on the efficiency of the connection between the SiteLock servers and the website host. If the connection is throttled or interrupted, the scan may take several hours to complete.

The TrueShield Web Application Firewall can also introduce latency if it is not correctly configured. Because TrueShield acts as a reverse proxy, all website traffic must first pass through a SiteLock data centre before reaching the end user. If the nearest data centre is geographically distant from the website visitor, the time to first byte will increase. Competitors like Cloudflare or Sucuri maintain a larger global network which often results in faster content delivery.

SiteLock users frequently report that their website performance decreases after enabling the firewall due to this routing overhead.

Support

Turning our attention to help and support, SiteLock loses points. Expect a long 30-hour wait before you get a response to your ticket if you have the basic plan. If you’re wrestling with a mid-hack crisis, this could be dangerously slow. As for their support team, let’s just say it leaves much to be desired.

It is not straightforward to get a refund from SiteLock, in spite of a so-called 30-day guarantee. We purchased a premium plan for the purposes of testing the plugin, and it took us several days to get a refund. On top of this, the customer is forced to speak to customer service agents, who only work in US time zones, before they approve a refund. It is a lot of hoops to jump through for a refund, and the same process applies for a simple cancellation.

Pricing

SiteLock currently offers three main subscription tiers. Each plan requires a minimum 12-month commitment. Users can choose between monthly billing or annual payments. Annual payments typically include a discount equivalent to two months of service.

A significant point of contention for many users is the aggressive partnership model between SiteLock and major hosting providers. SiteLock has established deep integrations with companies under the Newfold Digital umbrella, including Bluehost and HostGator. When a hosting provider detects malware on a shared server, they frequently suspend the affected account immediately. This prevents the website owner from accessing their files to perform a manual cleanup. The support staff then directs the user to purchase a SiteLock subscription as the only guaranteed way to restore service quickly.

This sales tactic is often described as reactive rather than proactive. The emergency removal service is sold at the point of crisis. Website owners are frequently presented with a SiteLock 911 upsell which carries a high one-time fee for emergency removal. Users in technical forums often report that these malware detections are sometimes based on generic server logs rather than specific file infections. This creates a high-pressure environment where non-technical users feel forced to pay for a subscription to get their business back online.

Price comparison with competitors

SiteLock is often more expensive than its primary competitors when comparing features. Wordfence Premium costs approximately $99 per year for a single license. Sucuri offers an all-in-one platform for $199 per year which includes unlimited malware cleanups. MalCare provides a free tier and starts its premium tier at a lower entry price than SiteLock. The requirement for a 12-month commitment makes SiteLock a more significant financial investment for new website owners.

Top alternative to SiteLock

MalCare is a comprehensive WordPress security plugin with a range of features designed to ensure optimal protection for your website. These include:

What to consider in a security plugin

Choosing the right security plugin for your WordPress site is crucial. You have to factor in a lot of features. A good security plugin is your website’s first defense against a variety of threats. These threats range from malware intrusions  to DDoS attacks that can drop your site faster than a lead balloon. Without a trusty security plugin, your site could be incredibly vulnerable. 

Final thoughts

An efficient security plugin is essential to shield your WordPress site like a knight in shining armor. Unfortunately, SiteLock stumbles on this front, unable to adequately provide this protection. 

Enter stage right, MalCare, the worthy protagonist in our tale, returning dividends in robust protection. Over time, MalCare forms an impregnable fortress against threats hell-bent on wreaking havoc. Simply put, MalCare isn’t just a security plugin, it’s what your WordPress site deserves.

FAQs

Can SiteLock detect and prevent hacking attempts and unauthorized access?

Yes, SiteLock is designed to detect and prevent hacking attempts. But the efficiency can be questionable.

Is SiteLock compatible with different types of websites and content management systems?

Yes, SiteLock can be used with various websites and content management systems, including WordPress.

Is SiteLock worth the money?

Based on our exploration, we would hesitate to say SiteLock is worth the investment. The challenging setup process and lackluster customer support mar the overall value.

Is SiteLock safe?

While it’s designed to enhance the safety of your site, the effectiveness of SiteLock’s security measures can vary.

What are the benefits of SiteLock?

SiteLock offers a blend of malware scanning and firewall protections. It also doesn’t consume too many server resources.

How do I get rid of SiteLock?

Planning to cancel SiteLock? Brace yourself for a few hurdles. You’ll need to speak with their support team, be redirected to their billing team, or perhaps use their chat function.

How much does SiteLock cost?

SiteLock pricing plans start from $14.99 and scale up to $34.99 per month, per site.

Is SiteLock free?

No, SiteLock isn’t free. It offers various paid plans starting at $14.99.