Let me begin by stating that I have nothing against SiteLock. I have had a number of conversations with some of their people and they’ve been respectful.
However, according to people I have spoken with at various hosting companies, SiteLock has them sign agreements that prohibit them from suggesting any other security service. These employees are threatened with termination if they recommend any other security service.
Is that unethical?
I don’t know. I really don’t care.
What I do care about is removing malware from websites.
Since January 1, 2017, I have spoken with many of our new customers. Every one of them has told me the same thing,
“More people need to know about your service. The hosting companies are pushing their customers to contact SiteLock.”
This is why we are starting with ads on Google and Facebook. If you enjoy our pricing and our mission, please talk about us to your associates. Mention us on your social media channels.
When I started this business, I selected Bluehost as my hosting provider. I had more time to blog about infections we were seeing back then. One day I get a call from a guy saying that his boss’s personal blog was infected with the infection I had written about the previous day. He stated he was very technical and asked if I could provide him with some details. We spent over an hour on the phone. When we finished he simply said, “Thank you!”
The next day he calls back to tell me that the information I provided was great and exactly what he needed. Then he says, “I see you host with us.”
I asked, “Who are you?”
He replies with his name and says, “The boss you helped me with is Matt Heaton the founder of Bluehost.” And continues with, “How would you like us to send you some business?”
Of course I said yes. It went well for awhile, but then Bluehost and a number of other hosting providers were bought by Endurance International Group (EIG). Since EIG is part of the same company as SiteLock, our business relationship ended.
Oh well.
Let me know if you have more questions.
With our Basic Plan we scan once every 4 hours. If our system finds anything malicious, it is automatically removed. With our server plan, our file monitoring runs in real-time. As files are added or changed they are analyzed for anything malicious. We’re always working with the actual files. We don’t scan from the outside. This means that our methodology provides you with a more complete analysis of your website for anything malicious.
According to their website they do “Daily” malware scans. For the prices they charge, they should have the technology to scan more frequently. Their scans are performed from the “outside-in”. This means that they’re only checking for an infectious website. More often, cyber criminals use a website for phishing, or to send SPAM, or to attack other websites. An external scan like their’s will not detect these infections.
I focused on technology. My focus has been on keeping prices down so website malware removal is truly affordable. We automate more and more processes so our costs decrease or stay the same. That way our pricing stays the same. I focus on helping people. If you call our phone number (847)469-8713, or contact us on Skype: wewatchyourwebsite, it will be me, Thomas J. Raef that you’ll be communicating with. I don’t have additional staff to answer the phone. I don’t have a Marketing Department, or Sales Department. This is my choice.
I believe they’re focused on growth. It might be the investor backing, I’m not sure, but they certainly pride themselves on their stratospheric growth. They focus on increasing revenue. There’s nothing wrong with growth, but if you read many of the online reviews and complaints, you’ll see that growth should be refocused on customer satisfaction. Again, that’s my opinion.
Our growth strategy was always to help people. The more people we helped, the more we would grow. We roll out new services but only to help our customers. Not to have services to “upsell”. We don’t use scare tactics.
They grow by signing up more hosting providers. Some of these hosting providers have no choice as SiteLock is owned by the same company as EIG:
http://sitelockreviews.blogspot.com/2016/06/sitelock-eig-unitedweb.html
They also have a large sales staff. These sales people have quotas. We’ve heard from a few former employees of SiteLock that they would scan the internet looking for infected websites, then report those sites to Google and when the sites were blacklisted, the sales rep would contact the website owner to promote their services. It appears their growth strategy is to use these tactics to virtually force website owners into thinking they must sign-up for SiteLock’s service.
We have 2 prices: one for shared hosting accounts which is $39.95 a year and services all the websites on a single cPanel, and one for VPS’s, dedicated servers and reseller accounts which is $199.95 per year and covers all the websites on that account.
In creating the technology that performs all of our processes we designed it with scale in mind.
They don’t have pricing on their website. You have to “Request a quote”. However, if you look at the various hosting providers offering SiteLock’s services, the prices vary from almost free, $16 a year for a single website, (read our blog post about the fallacy of protecting one website on a cPanel with multiple sites) to nowhere near free, $199.95 for a one-time cleaning.
The majority of the programs and processes we use were created in-house. We do use YARA and some other open source tools to augment our processes, but the scanning technology is all ours. I didn’t want to be hand-cuffed by other’s work so I wrote all the programs myself in either C++ or Python.
For malware detection we use various methods: Signature based, Anomaly Detection, Behavior Analysis and Machine Learning (read more about our technologies here)
Based on the scan results they produce, it appears they use ClamAV. I know in my discussions with people from their company they have admitted to using ClamAV with some purchased signatures and some Perl scripts to identify and remove website malware. This means it’s strictly signature based. When hackers are changing their code multiple times a day, signature based is always one-step behind the hackers.
SiteLock likes to push their “manual” malware removal. However, with the average WordPress having about 1,900 files, can you imagine trying to manually scan that many files and have any kind of accuracy? I believe it’s a strategy for them to have such high prices.
As stated previously, if you call our phone, it will be me that answers. Quite often I call the customer to discuss what was found and ask some questions about legitimate logins to their website and their hosting account. I am the front line communicator and the technical mind behind our services. You can ask me anything about what we found – and I will provide you with all detail we have.
As far as I know, you don’t get a personal consultation with anyone other than the sales department. I know if I have a question about my car, I don’t want to be transferred to the sales department. I want the people in the Service Department. That’s your decision. Their sales people are referred to as “security consultants” but I don’t they focus on security as much as they do selling you their most expensive services.
We believe in sound security principals: strong passwords, software updates, limited access for outsiders. People frequently ask us why we don’t write a WordPress plugin. The answer is simple – they don’t keep the website from being infected. Many people want a “set it and forget it” solution to their malware issues.
They offer a firewall and CDN (Content Delivery Network), however, from reading log files for accounts that they previously serviced, the IP addresses are all associated with Incapsula. Therefore, it seems apparent that they are white-listing Incapsula’s technology. Is that a bad thing? No, but it does mean that someone else is responsible for your website security.
Order for Shared Hosting - $39.95/year
Order for Server & Reseller Accounts - $199.95/year