These days we have a lot of people contacting us looking for advice after the web security company SiteLock or one of their web hosting partners has contacted them about a claimed hack of their website. One of the things that has been coming up fairly often that we don’t quite understand are claims like the following:
I’ve recently had my site (a personal, wordpress blog hosted by Blue Host) deactivated and blocked and they are essentially holding it ransom and saying that I must pay an exorbitant fee to have sitelock ‘fix’ it and then pay a monthly fee on top to keep it safe.
As far as we are aware web hosts don’t require that SiteLock do the cleanup, only that the website needs to be cleaned up before being allowed back online.
Before getting further in to that it is worth noting that the web host in that instance, Bluehost, is one of many web hosting brands owned the Endurance International Group (EIG). Their other brands include A Small Orange, FatCow, HostGator, iPage, IPOWER, JustHost, and quite a few others. They seem to be SiteLock’s largest partner at this time, which might have something to do with the fact that the majority owners of SiteLock also run EIG.
The first thing we do in a situation where someone contacts us about a claim from SiteLock and or the web hosting partners that a website hacked is to ask about any evidence provided to back up the claim. In this case the person we were dealing with forwarded us an email from Bluehost. The email contained an example of the issue on their website and boilerplate text we have seen in numerous emails from Bluehost about hacked websites. Here is what the boilerplate text says about what needs to be done need to have the account reactivated:
You will need to review your files and clean the account accordingly by removing all malicious files, not just the reported url. Once you have confirmed your files are clean and no longer a threat, please contact us again to have your account reactivated.
It’s possible that in phone conversations Bluehost is telling people something else, but from our experience dealing with lots of website hosted with Bluehost and other SiteLock web hosting partners there is no requirement to use SiteLock. And we have never had anyone have a problem getting the the web host to reactivate the website after we have cleaned it.
The only mention of SiteLock in that email is this:
You may want to consider a security service, such as SiteLock, to scan your website files and alert you if malicious content is found. Some packages will also monitor your account for file changes and actively remove malware if detected. Click here to see the packages we offer: https://my.bluehost.com/cgi/sitelock
The other important thing to note is that while they refer to the account being deactivated, that doesn’t mean you can’t access your website if you want to move it. Usually they only restrict viewing the website, so cPanel and FTP access are still available. So you can copy the website’s files, database, and any other items handled by cPanel while the website is deactivated.
As for the claim about SiteLock’s fees being exorbitant that is true. For the quality level of the service SiteLock provides, which involves them failing to do basic parts of the cleanup, you can spend much less with other providers or for many website we actual charge less while doing a proper cleanup. Part of the reason for this is that a lot of the money you pay to SiteLock doesn’t go to the cost of the work, for example at EIG web hosts, like Bluehost, that company gets over half of the fee despite not doing any of the work.
A Better Alternative to SiteLock For Cleaning Up a Hacked Website
If your web host is pushing you to hire SiteLock to clean up a hacked website, we provide a better alternative, where we actually properly clean up the website.