Do you use HostGator as your web host? Have you received an email from SiteLock stating that one of your domains is infected with malware? If yes, this article is for you, so you would know about the HostGator SiteLock scam.
I’m a web developer and one of my clients faced a similar issue. It is a big business for these companies since I have seen over 40 sites infected by now. They use these cheap tricks to earn a big amount of money from several innocent website owners.
That is why I’m here to make you aware of this HostGator SiteLock scam. Here I’ll discuss how SiteLock works and scams people, how you can protect your website, and what are your alternatives to HostGator.
What is SiteLock and How does it work?
SiteLock is a website security tool used for detecting threats and scanning malware on websites. It determines the website vulnerabilities and helps remove them too.
Who owns SiteLock?
SiteLock is owned by a Boston-based firm Abry Partners LLC. Also, SiteLock is a partner company to HostGator and has an affiliation with Endurance International Group (EIG). EIG hosting is infamous for cheap marketing tactics and poor service quality.
Why does HostGator sell SiteLock?
HostGator has partnered with SiteLock for promoting its security services. The host’s staff receives a commission on each successfully sold SiteLock license. That is why HostGator executives do whatever they can in convincing you to buy SiteLock.
HostGator sells SiteLock as an upsell to its customers, so you will see the host selling it in the following modes:
- At the checkout page during new registration as a hosting addon.
- Through advertising at the dashboard of your HostGator account.
- Via email warnings that typically threaten you, for instance, “Better pay for SiteLock or get your website infected”.
- You will become a target to buy SiteLock through aggressive selling tactics if one of your websites gets infected somehow. In such a case, expect to receive lots of warning emails to buy SiteLock plans and account suspensions to push you for the purchase.
- When your website has already been compromised in the past, you will most likely be targeted via phone calls. SiteLock’s sales executive will constantly prompt you into buying their security addon for regular website protection.
The host did not want to lose its customer base, so it had no other option. But at the same time, HostGator started offering SiteLock as an add-on to make up for the revenue it lost.
What does this so-called HostGator Sitelock Scam looks like? (4 stages)
Now that you know the ways through which HostGator sells SiteLock, let’s look at what this HostGator SiteLock scam looks like:
HostGator sends you an email stating that your website is infected with malware. It takes down your site in the middle of the night without any prior notice. As a result of this, your website visitors see a blank screen since that is what happens with suspended URLs.
The host then forces you to pay for the SiteLock service for malware removal and get your website online again. This specific service is promoted since HostGator has a paid affiliate relationship with the service provider.
HostGator deactivates all your email services and websites even when one of your sites gets infected with malware. The host informs you about the existence of malware via email but won’t specifically mention the website that is infected.
HostGator might also suspend your hosting account but if it hasn’t done that yet, it will use scarcity tactics to blackmail you. You will be told to sign up for one of the SiteLock plans to prevent a complete account shutdown.
It is natural for any website owner to get in touch with HostGator to prevent the shutdown of his hosting account. When you contact HostGator, they will direct you towards a SiteLock employee to further push you into purchasing the service.
SiteLock support executives will demand a minimum sum of $300 per domain from you for cleaning your infected site. They call it an “emergency cleaning” service and the amount can even be higher than $300.
The service provider might also ask you to sign up for its SiteLock protection plans to ensure continuous and all-around security. These plans start at $14.99 per month and have varying monthly price tags.
You will be told to pay for them a year in advance.
So, what HostGator does here is to hold your website and transfer you to its affiliate SiteLock. You won’t get your site back unless you pay for SiteLock’s malware removal services.
It is like holding your website for ransom.
They will offer you heavy discounts and lower the price and make you believe that they are helping you, but do not fall into their trap. The service provider will also try to refer you to their “so-called engineer” for malware removal.
SiteLock will demand an astronomical price in exchange for providing you with a clean website that is free from any malware.
- To prevent yourself from getting scammed, ask HostGator as to which of your websites have been infected. Tell them to pinpoint the source from which the issue has arisen. Lastly, ask them to show what efforts they have taken to free your website from the “supposed” malware.
- If you choose to pay for the SiteLock services, you won’t receive any guarantee that such a situation will not arise again. If it has happened once, it is more likely to occur again! And when you pay for it, these fraud companies have someone to extort money from. You’ll keep paying for such fake malware issues forever!
- As a web developer, I host websites for my clients with dozens of hosting providers. From my experience, I’ve learned that this Bluehost-HostGator cartel (all EIG hosting companies, to be precise) is the only place where such fake malware issues are created. And these scams happen quite frequently, at an alarming rate.
I cannot remember any such experience with other hosting providers, working outside of the EIG cartel. The fact that HostGator and its sister companies lock you out of your website is even pathetic.
They don’t want you to reverse the changes or receive any external help to get the malware removed.
How much does SiteLock truly cost?
As mentioned above, SiteLock asks for a massive sum amount of at least $300 per domain instead of an emergency cleaning fee. Later, the company also tells you to commit to one of its security plans.
Here are the SiteLock security plans and their pricing:
Additionally, SiteLock tries to convince people to pay an ongoing fee for constant protection instead of cleaning up your website properly. And there are huge problems with such a practice, which we’ll discuss in our next segment.
4 Consequences of relying on HostGator’s so-called security
If you rely on the security offered by HostGator and SiteLock, you will experience:
1. A decline in business income
Since HostGator will hold your website until you pay for SiteLock services, your website will be unavailable. The unavailability of your site will result in a huge decline in your monthly business income.
You will also lose many potential customer leads.
2. Reputation damage
The appearance of a blank screen in the place of your website will build a negative image for your business. Your existing and potential customers won’t see your brand as reliable enough.
All this leads to severe damage to your brand and business reputation.
3. Drop in Google ranking
Since your website is made unavailable by HostGator, Google will no longer show it on its search result pages. Even when your site reappears, you will notice a considerable drop in the SEO ranking of your website on Google.
4. Losing time and money
Above all, you will lose dozens or hundreds of your productive hours in getting back your website from HostGator and SiteLock. Much of your precious time and money will be wasted in fixing and rebuilding your damaged website.
Customers’ Reviews about SiteLock
It is not a coincidence that so many HostGator customers are experiencing the same issue over such a long period. You will find so many honest customer reviews that hint toward this HostGator SiteLock scam:
What to do next? (4 Solutions)
From my experience, I can say that SiteLock is quite expensive for what it does. Its primary function is securing your website from malware but it is not at all an effective solution for that.
So it is better to go for an independent security solution for your website that can detect and automatically remove malware.
Many other hosting providers also provide free website backups. Such a feature is extremely useful when your website gets infected.
So my whole point is to encourage you to explore your options while comparing the prices and features of different security solutions. You don’t have to forcibly choose the security tools offered by HostGator.
Let’s find out the solutions you have to deal with the HostGator SiteLock scam:
Solution 1: Contact HostGator Tech Support
If I were at your place, my first step would be to get in touch with HostGator’s tech support team through live chat. I’d mention to the support executive that I do not wish to sign up for the SiteLock service.
Here, you must also ask them whether they can fix the issue at their end or restore your infected website from a backup saved before malware. If they are unable to do that for you, ask them to identify the infected files so you can clean them yourself.
Here are a few things to remember during your conversation with HostGator:
- Mention to the support executive whether you are locked out of only your website or your whole hosting account (it happens in many cases).
- The HostGator support team will insist on you and try to upsell you the SiteLock add-on. But you will have to stand your ground and seek their support in the form of pinpointing the infected files.
- Once the host identifies the files infected with malware, you can then either clean or delete them on your own. Lastly, create a backup copy of your repaired website and transfer it to a different host.
Solution 2: Hire a Freelancer
Apart from the above solution, you can also consider hiring a freelancer security expert. An expert can easily find the infected files for you and perform the site clean-up.
As soon as your website is free from malware, it is recommended to transfer your website to a new secured host. Consider a hosting provider not associated with the EIG cartel to prevent any further issues.
Solution 3: Rebuild your site
If for any reason you are unable to hire a freelance security expert or clean your site yourself, consider rebuilding it. You will have to start fresh with a new and secured hosting provider to rebuild your website’s new version.
Solution 4: Use Sucuri
Since rebuilding a website is impossible for many website owners, using Sucuri can be the best solution for you. They are experts in treating hacked websites, offering continuous site protection, and removing malware.
Moreover, this security tool is completely unrelated to SiteLock and the scam cartel runners. Though Sucuri does not come cheap, it prevents you from the huge task of rebuilding your website.
Once you clean all the malware from your site, migrate it to a safer and better hosting provider.
Web Hosting Alternatives to HostGator
The HostGator SiteLock scam and dozens of unsatisfied customers indicate that HostGator is not the right choice for you. If your website is constantly targeted by hackers, it means your host is not doing anything to protect your site.
By default, a good web host will take the necessary measures to protect your site from all types of attacks. It will have multiple security layers like Web Application Firewall (WAF), Distributed Denial-of-Service (DDoS) protection, etc.
Here are a few good hosting alternatives to HostGator that offer site security and are also officially recommended by WordPress.
SiteGround is a trusted host using the latest PHP 8+ version for its servers and employing intrusion detection and prevention systems. Additionally, the host:
- Uses WAF for all-round protection
- Keeps its database software up to date at all times
- Runs Apache with suEXEC
- Constantly monitors application vulnerabilities
- Installs ModSecurity on its shared servers
DreamHost offers a secured hosting environment with a free Let’s Encrypt SSL certificate, free domain privacy, and:
- In-house malware remover tool
- The use of lua-resty-waf for Nginx
- Utilizing the encrypted HTTP/2 protocol
- Installing ModSecurity WAF for Apache
Cloudways (Managed Cloud VPS)
I’d highly recommend a cloud host for website owners having multiple websites or those who have larger budgets. A managed cloud VPS solution like Cloudways is the best choice when it comes to security and flexibility.
The host offers a secured hosting environment through:
- End-to-end encryption
- Malcare bot protection
- DDoS mitigation and WAF
- Free SSL certificates
- Off-site and automatic server-level backups
- Two-factor authentication
- IP whitelisting and regular security patching
Is SiteLock Worth it?
No, SiteLock is not worth paying for.
- Firstly, when you are paying HostGator’s hosting package, it should be able to offer a secured hosting environment for your website. If it is not able to do that, what are you paying the host for?
- Secondly, you must ask HostGator about the specific issue that caused malware on your website. In most cases, they are unable to answer it. And when the host cannot pinpoint the source of malware appearance on your website, it is a good sign to move away from the host itself.
I haven’t yet found out that SiteLock provides any evidence of its services being effective. You will find much less such evidence available through independent testing.
I believe that it should be a baseline requirement for any such security service.
Moreover, the customer reviews at Trustpilot say it all. So it is completely not worth purchasing SiteLock plans to protect your website.
If you are lucky enough and haven’t been targeted by HostGator yet, ensure to move your website away from it. Cancel your HostGator hosting account or it might charge you or make you a victim of its SiteLock scam very soon.
To explain SiteLock in the best way is to compare it with the add-ons you receive with different programs you install on your computer. Usually, all these add-ons are selected by default and only adware trash.
So SiteLock can be called an equivalent of these add-ons since it is not of much use.
If you have received any one of the above emails from HostGator or its partner companies, please drop me a message. I’ll try my best to get your website out of the HostGator SiteLock scam.
Does EIG own SiteLock?
No, EIG does not own SiteLock but has an affiliation with the service provider. The hosts receive a commission for every single customer referred to SiteLock. So it is a regular source of income for EIG hosting companies.
Who owns HostGator?
EIG owns HostGator. Since the group earned a bad reputation for itself, it changed its name from EIG to Newfold Digital.
Can I get a refund for HostGator or SiteLock services?
Yes, it’s possible. If you haven’t crossed the refund period, just ask for it. Once the refund is complete, remove your credit card from the SiteLock account.
In case you’ve crossed the refund period, consider disputing the charge with your credit card company. HostGator or SiteLock won’t have a choice other than to refund your money.
To give you an idea, here is a conversation of a HostGator customer with the support team concerning the refund of money: