SiteLock offers a suite of website security tools. Many people encounter SiteLock through web hosts SiteLock partners with.
Conflicts of interest
On SiteLock’s website, visitors can find a list of some of the hosts it partners with. Many (though not all) of the hosts are owned by the Endurance International Group.2 It’s almost certainly not coincidental that Endurance International Group’s companies recommend another UnitedWeb product.
Even web hosts that are not owned by The Endurance International Group may have a financial interest in recommending SiteLock. Here’s a blurb from a SiteLock’s web page detailing the affiliate program it offers:
Hosts that partner with SiteLock may enthusiastically pitch the service. For example, here’s an image I snapped from HostGator’s checkout process:4
Given HostGator’s conflicts of interest (it’s owned by Endurance International Group), I think it’s probably appropriate to interpret the highlighted “highly recommended” as meaning something along the lines of “We’d really like you to pay for this product.”
My bet is that SiteLock is probably more of a marketing-focused company than a product-focused company. As weak support for this, SiteLock’s current careers web page lists 6 openings in sales or marketing, but only 1 in engineering.5
It looks like a lot of work has gone into trying to optimize SiteLock’s ability to convert partners’ hosting customers into SiteLock customers. When setting up the test websites I use to collect performance data on web hosts, I declined SiteLock services every time they were offered. Hosts owned by the Endurance International Group generally followed up by letting me know I was going to get free access to a pared-down version of SiteLock. Here’s an excerpt from an email I received after signing up for FatCow:6
Notice that the email doesn’t acknowledge that FatCow is owned by Endurance International Group which shares a parent company with SiteLock. Also notice that FatCow gives a bad explanation for why it recommends SiteLock: “Website security is something we take very seriously at FatCow.” The explanation I find more satisfying is “MONEY!”
Although I’ve been ranting, SiteLock’s services might be genuinely useful. SiteLock’s primary offerings are bundles with the following services:
- A web application firewall
- DDoS protection
- Automated website scanning for malware and spam
- Tools for removing malware (likely to involve additional fees for those using the most basic plan)
- A seal website owners can display to show that a site uses SiteLock
The security tools have the potential to be useful for a lot of websites, although most of the tools could be obtained in other ways. Comodo Security Solutions offers a free website scanner. CloudFlare’s free plan includes DDoS protection.7
However, SiteLock is an easy, automated solution. If you purchase the service through a web host, there’s almost no work involved. SiteLock can immediately scan non-public files on your server that wouldn’t be accessible by easy-to-use, free scanners like the one from Comodo. Given SiteLock’s relatively low price, the convenience might justify the cost for some people.
At the moment, my own experience with SiteLock is extremely limited.8 I’m hoping to revise this article in a few months to give an update once I’ve had more experience with the product.
Silly security seal
SiteLock offers its clients the option to display the SiteLock Trust Seal on their websites. The seal is a little image website owners can display. SiteLock’s pitch is that displaying the seal increases websites’ credibility to visitors. I don’t know if that’s true, but it concerns me. There are lots of ways a website could be insecure or dangerous to visitors without SiteLock knowing. If the seal substantially improves visitors’ trust in websites, I would guess that’s because visitors are not well-informed about what it takes to receive a SiteLock seal.
Looking at some documents from hosts that offer SiteLock does not inspire confidence. Here’s a bit from HostGator (emphasis mine):9
Here’s a second excerpt from the host A Small Orange (emphasis mine):10
- I have a list of brands under The Endurance International Group that you can compare with brands listed on SiteLock’s partners page. The Endurance International Group and SiteLock are both owned by another company, UnitedWeb.1Both SiteLock and Endurance International Group are listed on UnitedWeb’s “Our Companies” webpage. (archived copy from 2/19/2019).
- This excerpt was taken from SiteLock’s “Affiliates” web page on 2/19/2019.
- The screenshot was recorded on 2/19/2019.
- To be clear, I don’t think this is anything like a knockdown argument. I’m sure there are companies with great software products and fewer engineers than sales team members. I accessed SiteLock’s “Careers” page on 2/20/2019.
- Email received on 2/8/2019.
- Cloudflare lists the following as part of it’s free plan: “Unmetered mitigation of DDoS attacks.” From Cloudflare’s “Our Plans” web page on 2/20//2019 (archived copy).
- At the moment, I’ve only explored SiteLock’s website, read some reviews, and seen results from free scans.
- Taken from HostGator’s “How to Use the SiteLock Trust Seal” article on 2/20/2019 (archived here).
- Taken from A Small Orange’s “Use The SiteLock Trust Seal” article on 2/20/2019 (archived here).