SiteLock’s Vague Emails About Vulnerabilities Being Detected Don’t Indicate That Websites Have Been Hacked

We are always happy to provide a free second opinion if the web security company SiteLock or their web host partners are claiming that a website contains malware or is otherwise hacked, as we don’t want people pushed in to purchasing unneeded security services on the basis of their all to frequent false claims. In addition to people contacting us in that situation, we have a lot of people contacting us looking for that second opinion on whether their website is hacked in situations where there hasn’t actually been a claim that the website has been hacked. One situation we have seen that has come up fairly regularly is with vague claims that websites contain a vulnerability. A recent example of a form email they are sending out for that is the following:

Because website security is important, your hosting provider has provided you with a complimentary scanner from SiteLock that proactively checks for malicious threats and vulnerabilities. This scan regularly reviews your website plugins, themes and content management system (CMS) for potential vulnerabilities.

During a recent scan, a vulnerability was detected on your website.

For details on the findings, including the location of the vulnerability and remediation options, please contact SiteLock today. We would be happy to walk you through your dashboard and talk to you about next steps. Our security consultants are available 24/7 to answer your questions.

Call 844-303-1509 or email support@sitelock.com

There is good reason to believe that has no basis, considering the lack of any details, as well as things like us last August running across someone that had received a similar email for a hosting account that hadn’t existed for months and in June of last year running across SiteLock continuing to falsely claim that websites using WordPress contained vulnerabilities that had been fixed in earlier versions of WordPress than were in use on the websites, despite SiteLock being aware they were spreading false information.

You could probably safely ignore these messages, but if you want extra assurance you could contact SiteLock and ask for evidence of their claim (though we have heard in the past that they wouldn’t provide that) or check to make sure you are doing the important things to keep your website secure, like keeping your software up to date. While we don’t recommend it, we also offer a security review to check over things like if software you are using is known to be insecure.


A Better Alternative to SiteLock For Cleaning Up a Hacked Website
If your web host is pushing you to hire SiteLock to clean up a hacked website, we provide a better alternative, where we actually properly clean up the website.

2 thoughts on “SiteLock’s Vague Emails About Vulnerabilities Being Detected Don’t Indicate That Websites Have Been Hacked”

  1. how does someone stop receiving emails from sitelock when you didnt subscribe to anything on thieir site? There is no unsubscribe link on their email either. Do we need to make a complaint to the relevant authorities?

  2. I got sitelock bundled with bluehost and got this mail just before the renewal was due. I browsed to the sitelock dashboard and clicked the report and there was nothing there. It’s just not worth $72 per year.

Leave a Reply to Anonymous Cancel reply

Your email address will not be published.