Back in May of last year someone contacting us about cleaning a hacked website mentioned that Sucuri had told them that they had 30 day refund guarantee, but when we went to look into that we found that in reality Sucuri didn’t provide refunds if someone had requested a cleanup, which is what that person had contacted them about having done.
Here is how the refund guarantee was advertised on their homepage at the time:
You have 30 days to request a refund according to our Terms of Service.
If you looked at the terms of service it turned out there was one exception for that refund guarantee, the aforementioned limit if you had requested a clean up to be done:
You will have thirty (30) days from the Service Commencement Date or any Renewal Commencement Date to cancel the Service (the “Cancellation Period”), in which case the Company will refund your Service Subscription Fee for the applicable Service Term provided that you have not submitted a Malware Removal Request during the Cancellation Period.
They could spelled that on the homepage in less than words than it took to mention the terms of service, which seems like a good indication they are tying to hide that.
Since then the terms of service haven’t changed, but as we noticed when we went to look at something on their website recently, the marketing of the refund guarantee has gotten worse. For example at the top of the page about their website malware removals they write this:
Repair and restore hacked websites before it damages your reputation. We offer a 30-day money-back guarantee because we know we can help. You can rely on our dedicated incident response team, state-of-the-art technology, and excellent customer service.
If you actually try to get help though, they won’t provide you a refund, even if they didn’t even do anything, seeing as there is no refund if you request help.
Similar on the Immediate Help page which has its own menu section at the top of all the website’s pages, the description of the second step in the process is:
We offer a 30-day money-back guarantee because we know we can help. After completing your billing information, you’ll get access to the Sucuri Dashboard.
Why Are Experienced Security Analysts Failing To Get Websites Clean?
If you look at the rest of their information on their website malware removal page it seems like they are providing a good warning they something is amiss.
They claim that their cleanups are done by “experienced security analysts” and that that “we aim to provide the best malware removal service”:
Experienced Security Analysts
Our dedicated researchers monitor active malware campaigns. With a trained team of analysts, we aim to provide the best malware removal service around.
They also claim that “[n]o hack is too complex for our incident response team”:
Automatic and Manual Cleanups
We use scripts and tools to quickly scan your website for malware. Our analysts check your site manually too. No hack is too complex for our incident response team.
That makes another section seem rather odd, since they highlight that they provide “unlimited cleanups”, which shouldn’t be needed if they properly cleaning and securing websites (they actually do neither of those things properly):
We love complex malware infections, and you’ll never pay more for them. Each plan covers your website for a year, including unlimited cleanups, pages, and databases.
Another claim that stands out is this:
Consider us an extension of your team. With professional security analysts available 24/7/365, you never have to worry about dealing with a hacked site.
In reality what we have hearing over and over from people coming to us after having used their service, is that they can’t get in touch with anyone at Sucuri. That doesn’t seem to be isolated issue, as numerous recent reviews of Sucuri on the website Trustpilot include the same complaint.