Is HostGator Sitelock a Scam?

Do you use HostGator as your web host? Have you received an email from SiteLock stating that one of your domains is infected with malware? If yes, this article is for you, so you would know about the HostGator SiteLock scam.

I’m a web developer and one of my clients faced a similar issue. It is a big business for these companies since I have seen over 40 sites infected by now. They use these cheap tricks to earn a big amount of money from several innocent website owners.

That is why I’m here to make you aware of this HostGator SiteLock scam. Here I’ll discuss how SiteLock works and scams people, how you can protect your website, and what are your alternatives to HostGator.

hostgator sitelock scam

What is SiteLock and How does it work?

SiteLock is a website security tool used for detecting threats and scanning malware on websites. It determines the website vulnerabilities and helps remove them too.

what is sitelock

Who owns SiteLock?

SiteLock is owned by a Boston-based firm Abry Partners LLC. Also, SiteLock is a partner company to HostGator and has an affiliation with Endurance International Group (EIG). EIG hosting is infamous for cheap marketing tactics and poor service quality.

Why does HostGator sell SiteLock?

HostGator has partnered with SiteLock for promoting its security services. The host’s staff receives a commission on each successfully sold SiteLock license. That is why HostGator executives do whatever they can in convincing you to buy SiteLock.

HostGator sells SiteLock as an upsell to its customers, so you will see the host selling it in the following modes:

  • At the checkout page during new registration as a hosting addon.
  • Through advertising at the dashboard of your HostGator account.
  • Via email warnings that typically threaten you, for instance, “Better pay for SiteLock or get your website infected”.
  • You will become a target to buy SiteLock through aggressive selling tactics if one of your websites gets infected somehow. In such a case, expect to receive lots of warning emails to buy SiteLock plans and account suspensions to push you for the purchase.
  • When your website has already been compromised in the past, you will most likely be targeted via phone calls. SiteLock’s sales executive will constantly prompt you into buying their security addon for regular website protection.

hostgator sells sitelock

NOTE: HostGator used to sell SSL certificates for money before 2018. But when Google declared on July 1st, 2018 that it will mark all websites without HTTPS encryption as “Not secure”, HostGator made its SSL certificate free.

The host did not want to lose its customer base, so it had no other option. But at the same time, HostGator started offering SiteLock as an add-on to make up for the revenue it lost.

What does this so-called HostGator Sitelock Scam looks like? (4 stages)

Now that you know the ways through which HostGator sells SiteLock, let’s look at what this HostGator SiteLock scam looks like:

sitelock scam email

Stage 1

HostGator sends you an email stating that your website is infected with malware. It takes down your site in the middle of the night without any prior notice. As a result of this, your website visitors see a blank screen since that is what happens with suspended URLs.

The host then forces you to pay for the SiteLock service for malware removal and get your website online again. This specific service is promoted since HostGator has a paid affiliate relationship with the service provider.

hostgator sitelock scam

Stage 2

HostGator deactivates all your email services and websites even when one of your sites gets infected with malware. The host informs you about the existence of malware via email but won’t specifically mention the website that is infected.

HostGator might also suspend your hosting account but if it hasn’t done that yet, it will use scarcity tactics to blackmail you. You will be told to sign up for one of the SiteLock plans to prevent a complete account shutdown.

sitelock informing about malware partially

Stage 3

It is natural for any website owner to get in touch with HostGator to prevent the shutdown of his hosting account. When you contact HostGator, they will direct you towards a SiteLock employee to further push you into purchasing the service.

NOTE: On closely investigating the SiteLock email, you might sometimes find out that it has been forwarded to SiteLock services as well. In most cases, it is SiteLock staff members who will be contacting you since HostGator forwards your case to them.

sitelock staff communicating on behalf of hostgator

Stage 4

SiteLock support executives will demand a minimum sum of $300 per domain from you for cleaning your infected site. They call it an “emergency cleaning” service and the amount can even be higher than $300.

The service provider might also ask you to sign up for its SiteLock protection plans to ensure continuous and all-around security. These plans start at $14.99 per month and have varying monthly price tags.

You will be told to pay for them a year in advance.

sitelock plan pricing

So, what HostGator does here is to hold your website and transfer you to its affiliate SiteLock. You won’t get your site back unless you pay for SiteLock’s malware removal services.

It is like holding your website for ransom.

NOTE: The charges that I’ve mentioned above apply only to a single domain or website. So multiply these costs by the number of sites you are planning to have. Your overall SiteLock cost would be skyrocketing if, say, you have 15 sites.
NOTE 2: The correct decision would be to refuse to pay money for these fraud malware removal services. However, the SiteLock team will try its best to convince you into buying its services even when you refuse.

sitelock convincing to buy its services

They will offer you heavy discounts and lower the price and make you believe that they are helping you, but do not fall into their trap. The service provider will also try to refer you to their “so-called engineer” for malware removal.

SiteLock will demand an astronomical price in exchange for providing you with a clean website that is free from any malware.


  • To prevent yourself from getting scammed, ask HostGator as to which of your websites have been infected. Tell them to pinpoint the source from which the issue has arisen. Lastly, ask them to show what efforts they have taken to free your website from the “supposed” malware.
  • If you choose to pay for the SiteLock services, you won’t receive any guarantee that such a situation will not arise again. If it has happened once, it is more likely to occur again! And when you pay for it, these fraud companies have someone to extort money from. You’ll keep paying for such fake malware issues forever!
  • As a web developer, I host websites for my clients with dozens of hosting providers. From my experience, I’ve learned that this Bluehost-HostGator cartel (all EIG hosting companies, to be precise) is the only place where such fake malware issues are created. And these scams happen quite frequently, at an alarming rate.

I cannot remember any such experience with other hosting providers, working outside of the EIG cartel. The fact that HostGator and its sister companies lock you out of your website is even pathetic.

They don’t want you to reverse the changes or receive any external help to get the malware removed.

How much does SiteLock truly cost?

As mentioned above, SiteLock asks for a massive sum amount of at least $300 per domain instead of an emergency cleaning fee. Later, the company also tells you to commit to one of its security plans.

Here are the SiteLock security plans and their pricing:

sitelock security plans

NOTE: When there is a security compromise on your website, SiteLock does not accept a one-month payment. The service provider will force you to pay for at least a one-year SiteLock plan in advance.

Additionally, SiteLock tries to convince people to pay an ongoing fee for constant protection instead of cleaning up your website properly. And there are huge problems with such a practice, which we’ll discuss in our next segment.

4 Consequences of relying on HostGator’s so-called security

If you rely on the security offered by HostGator and SiteLock, you will experience:

1. A decline in business income

Since HostGator will hold your website until you pay for SiteLock services, your website will be unavailable. The unavailability of your site will result in a huge decline in your monthly business income.

You will also lose many potential customer leads.

decline in income

2. Reputation damage

The appearance of a blank screen in the place of your website will build a negative image for your business. Your existing and potential customers won’t see your brand as reliable enough.

All this leads to severe damage to your brand and business reputation.

domain suspension

3. Drop in Google ranking

Since your website is made unavailable by HostGator, Google will no longer show it on its search result pages. Even when your site reappears, you will notice a considerable drop in the SEO ranking of your website on Google.

google ranking drops

4. Losing time and money

Above all, you will lose dozens or hundreds of your productive hours in getting back your website from HostGator and SiteLock. Much of your precious time and money will be wasted in fixing and rebuilding your damaged website.

fixing damaged website

Customers’ Reviews about SiteLock

It is not a coincidence that so many HostGator customers are experiencing the same issue over such a long period. You will find so many honest customer reviews that hint toward this HostGator SiteLock scam:

hostgator review

hostgator sitelock scam review

hostgator sitelock review

hostgator customer review

hostgator sitelock customer review

What to do next? (4 Solutions)

From my experience, I can say that SiteLock is quite expensive for what it does. Its primary function is securing your website from malware but it is not at all an effective solution for that.

So it is better to go for an independent security solution for your website that can detect and automatically remove malware.

Many other hosting providers also provide free website backups. Such a feature is extremely useful when your website gets infected.

free website backups

So my whole point is to encourage you to explore your options while comparing the prices and features of different security solutions. You don’t have to forcibly choose the security tools offered by HostGator.

Let’s find out the solutions you have to deal with the HostGator SiteLock scam:

Solution 1: Contact HostGator Tech Support

If I were at your place, my first step would be to get in touch with HostGator’s tech support team through live chat. I’d mention to the support executive that I do not wish to sign up for the SiteLock service.

Here, you must also ask them whether they can fix the issue at their end or restore your infected website from a backup saved before malware. If they are unable to do that for you, ask them to identify the infected files so you can clean them yourself.

Here are a few things to remember during your conversation with HostGator:

  • Mention to the support executive whether you are locked out of only your website or your whole hosting account (it happens in many cases).
  • The HostGator support team will insist on you and try to upsell you the SiteLock add-on. But you will have to stand your ground and seek their support in the form of pinpointing the infected files.
  • Once the host identifies the files infected with malware, you can then either clean or delete them on your own. Lastly, create a backup copy of your repaired website and transfer it to a different host.

creating website backup

REMINDER: While talking to the HostGator support team, remain upfront about your decision of not having SiteLock. Mention to the executive that you want to solve the malware issue manually. If you do not strictly convey this message, HostGator will forward you to its partner SiteLock. In such a case, you will find yourself listening to endless sales pitches.

Solution 2: Hire a Freelancer

Apart from the above solution, you can also consider hiring a freelancer security expert. An expert can easily find the infected files for you and perform the site clean-up.

As soon as your website is free from malware, it is recommended to transfer your website to a new secured host. Consider a hosting provider not associated with the EIG cartel to prevent any further issues.

freelance website security expert

Solution 3: Rebuild your site

If for any reason you are unable to hire a freelance security expert or clean your site yourself, consider rebuilding it. You will have to start fresh with a new and secured hosting provider to rebuild your website’s new version.

rebuild website

Solution 4: Use Sucuri

Since rebuilding a website is impossible for many website owners, using Sucuri can be the best solution for you. They are experts in treating hacked websites, offering continuous site protection, and removing malware.

Moreover, this security tool is completely unrelated to SiteLock and the scam cartel runners. Though Sucuri does not come cheap, it prevents you from the huge task of rebuilding your website.

sucuri security tool

Once you clean all the malware from your site, migrate it to a safer and better hosting provider.

NOTE: Before transferring your website to a new host, reach the source of the malware. If you are unsure about the cause of the hack, the malware will reappear and you will have to take all the pain again.

Web Hosting Alternatives to HostGator

The HostGator SiteLock scam and dozens of unsatisfied customers indicate that HostGator is not the right choice for you. If your website is constantly targeted by hackers, it means your host is not doing anything to protect your site.

By default, a good web host will take the necessary measures to protect your site from all types of attacks. It will have multiple security layers like Web Application Firewall (WAF), Distributed Denial-of-Service (DDoS) protection, etc.

Here are a few good hosting alternatives to HostGator that offer site security and are also officially recommended by WordPress.

SiteGround (shared hosting)

siteground hosting

SiteGround is a trusted host using the latest PHP 8+ version for its servers and employing intrusion detection and prevention systems. Additionally, the host:

  • Uses WAF for all-round protection
  • Keeps its database software up to date at all times
  • Runs Apache with suEXEC
  • Constantly monitors application vulnerabilities
  • Installs ModSecurity on its shared servers

DreamHost (shared hosting)

dreamhost hosting

DreamHost offers a secured hosting environment with a free Let’s Encrypt SSL certificate, free domain privacy, and:

  • In-house malware remover tool
  • The use of lua-resty-waf for Nginx
  • Utilizing the encrypted HTTP/2 protocol
  • Installing ModSecurity WAF for Apache
NOTE: Unlike HostGator, the above two hosting companies do not belong to the EIG organization. So the main point here is to stay AWAY from the hosting providers that are associated with SiteLock.

Cloudways (Managed Cloud VPS)

cloudways hosting

I’d highly recommend a cloud host for website owners having multiple websites or those who have larger budgets. A managed cloud VPS solution like Cloudways is the best choice when it comes to security and flexibility.

The host offers a secured hosting environment through:

  • End-to-end encryption
  • Malcare bot protection
  • DDoS mitigation and WAF
  • Free SSL certificates
  • Off-site and automatic server-level backups
  • Two-factor authentication
  • IP whitelisting and regular security patching

Is SiteLock Worth it?

No, SiteLock is not worth paying for.

  • Firstly, when you are paying HostGator’s hosting package, it should be able to offer a secured hosting environment for your website. If it is not able to do that, what are you paying the host for?
  • Secondly, you must ask HostGator about the specific issue that caused malware on your website. In most cases, they are unable to answer it. And when the host cannot pinpoint the source of malware appearance on your website, it is a good sign to move away from the host itself.

I haven’t yet found out that SiteLock provides any evidence of its services being effective. You will find much less such evidence available through independent testing.

I believe that it should be a baseline requirement for any such security service.

Moreover, the customer reviews at Trustpilot say it all. So it is completely not worth purchasing SiteLock plans to protect your website.


If you are lucky enough and haven’t been targeted by HostGator yet, ensure to move your website away from it. Cancel your HostGator hosting account or it might charge you or make you a victim of its SiteLock scam very soon.

hostgator sitelock malware scam

To explain SiteLock in the best way is to compare it with the add-ons you receive with different programs you install on your computer. Usually, all these add-ons are selected by default and only adware trash.

So SiteLock can be called an equivalent of these add-ons since it is not of much use.

If you have received any one of the above emails from HostGator or its partner companies, please drop me a message. I’ll try my best to get your website out of the HostGator SiteLock scam.


Does EIG own SiteLock?

No, EIG does not own SiteLock but has an affiliation with the service provider. The hosts receive a commission for every single customer referred to SiteLock. So it is a regular source of income for EIG hosting companies.

Who owns HostGator?

EIG owns HostGator. Since the group earned a bad reputation for itself, it changed its name from EIG to Newfold Digital.

Can I get a refund for HostGator or SiteLock services?

Yes, it’s possible. If you haven’t crossed the refund period, just ask for it. Once the refund is complete, remove your credit card from the SiteLock account.

In case you’ve crossed the refund period, consider disputing the charge with your credit card company. HostGator or SiteLock won’t have a choice other than to refund your money.

To give you an idea, here is a conversation of a HostGator customer with the support team concerning the refund of money:

customer claiming a refund from hostgator

How useful was this post?

Click on a star to rate it!

Average rating 5 / 5. Vote count: 2

No votes so far! Be the first to rate this post.

Tommy Nao
Tommy Nao
Web Hosting Expert, Content Writer, SEO Consultant, and Web Developer with over 10 Years of Experience.

He has a passion for technology and has spent over a decade reviewing and testing web hosting companies to provide his readers with honest and accurate reviews of the companies he had experiences with.

Tommy loves helping people and has helped hundreds of people start their own successful blogs.

Leave a Comment