When it comes to the web security company SiteLock taking advantage of people, their web hosting partners have long been critical component of that. More recently there has been a new partner helping them to present a public face very different than the company that people end up dealing with if they have the misfortune of signing up for their services. That would be WordPress, which has allowed SiteLock to participate and sponsor WordPress’ WordCamp conferences.
It isn’t a situation where the people involved in running the WordCamps are not aware of the what SiteLock does. We contacted them back in September asking for a comment for a post we were preparing raising our concerns about the situation. We didn’t receive a response, but we received quite a bit of traffic to a post included in the message to them, shortly after we sent the message, so they seem to have reviewed it. SiteLock’s involvement has continued since then, which indicates to us that the WordPress folks can’t justify what they are doing, but will continue doing it anyway.
Fast forward to last week when in our monitoring of what SiteLock is up to we can across a post on the website for this weeks WordCamp US praising SiteLock. Wanting to let people know the reality of SiteLock we posted the following comment on the post:
It is rather unfortunate that you are promoting SiteLock in this way, as this company is quite bad at what they do and take advantage of so many people.
For example, a couple of months ago we were brought to fix a WordPress website after their cleanup left it broken, http://www.whitefirdesign.com/blog/2016/09/14/godaddy-and-sitelock-make-a-mess-of-a-hack-cleanup-and-drop-the-ball-on-security-as-well/. While fixing it we found that there were a couple of much larger issues, they had left the hacker with access to the website and didn’t detect that one of their web hosting partners, who had gotten the website’s owner to hire SiteLock in the first place, had a serious security issue that was leading to website being hacked.
Around the same time we found that they were spreading false information about vulnerabilities in WordPress to their customer, http://www.whitefirdesign.com/blog/2016/09/06/sitelock-spreading-false-information-about-wordpress-security-to-their-customers-through-their-platform-scan-for-wordpress/.
If you do a search for “sitelock scam” you will see a more of what SiteLock is really doing.
One thing we mentioned we think is important emphasis, is that SiteLock was (and maybe still is) claiming that customer’s website running older version of WordPress have vulnerabilities that they don’t. This was due to SiteLock not having a basic understanding of how WordPress handles security, which they should considering that is very important when properly cleaning up hacked websites and protecting them against future hacks, both of which are services they offer (some explanation to this might be that for one of their main protection services they don’t actually provide the service themselves, while claiming to). It is against that backdrop that one part of the WordCamp post sticks out:
With 2017 just around the corner, SiteLock hopes to continue their strong support for WordPress and WordCamps and make 2017 the best year yet!
Maybe it is just us, but it doesn’t seem that spreading false claims of vulnerabilities in WordPress based website shows support for WordPress, strong or otherwise.
We left that comment on Tuesday afternoon, by the next morning the existing comments (not just ours) on the post were gone and the ability to comment was removed. By comparison the previous post and next one still are open for comments and include comments. Again the WordPress folks would rather sweep under the rug the reality of what SiteLock is up to while being involved with WordCamps than deal with the situation.
What makes this all the more troubling is at the same time WordPress is helping to promote a very bad security company, they are intentionally not warning people when they are using insecure plugins, which could lead websites to be hacked and then those websites might wind up being taken advantage of by a bad security company like SiteLock.