As the Head Buff here at WP Buffs, I’m constantly looking for new ways to improve my clients’ websites—especially when it comes to their security. That’s why I’m always on the hunt for new WordPress security solutions to enhance their protection. In doing some research a talking WordPress security with my good friend Adam Warner, I came across SiteLock®.

SiteLock is a website security company that’s been around since 2008. I spent some time perusing to learn how they differentiate from other web security providers in the WordPress space. Some of their offerings caught my eye:

  • Automated malware removal.
  • Automated database malware cleans on WordPress sites.
  • Vulnerability patching on CMS sites is also automated.
  • Web application firewall that differentiates human traffic from bot traffic.
  • DDoS Protection (layers 3,4 & 7) that prevents downtime during DDoS attacks
  • A content delivery network that loads sites 50% faster on average.
  • 24/7 U.S.-based technical support.

What really sparked my attention is the fact that they can automatically remove malware and patch vulnerabilities on WordPress sites on the fly.

Of course, I always do an ample amount of research on a company or product before trying anything new. SiteLock attends and speaks at WordCamps around the country and Adam Warner is somebody I know very well, so I was familiar with the brand. That’s also why I wanted to take my research further.

sitelock reviews

I started searching for SiteLock reviews to see what other people have to say about the company. Overall, the reviews I found were mostly positive. Although I typically take reviews with a grain of salt, I decided to give SiteLock a shot.

Content Upgrade

Free WordPress Security eBook

[4 Pages] The 21-Step Checklist to
Ensure a 99.9% Secure WordPress Website

Getting Started & Setup

I got in touch with SiteLock and was set up with two products: SiteLock SMART® and SiteLock TrueShield™.

SMART is a daily website scanner that finds vulnerabilities and automatically removes malware in website files. TrueShield is a web application firewall (WAF), which according to the description, prevents malicious bot traffic, patches vulnerabilities, blocks targeted cyberattacks like SQL Injections (SQLi) and Cross-Site Scripting attacks (XSS), protects against DDoS attacks, and increases website speed.

Note that when shopping for a new a product or solution, it’s critical for our business that we try it on (or a test environment), before even considering implementing it on our clients’ sites.

Configuring these products was easy since SiteLock is completely cloud-based. Instead of installing a plugin, I connected my new solutions to their web server via FTP (file transfer protocol). After everything was set up, a SiteLock team member walked me through my Dashboard so I knew how to check the status of my security. I was pretty impressed with the SiteLock Dashboard—the design is simple, intuitive, and easy to navigate.

For those of you interested in trying SiteLock, here’s a breakdown of the products I tested, as well as my review of the Dashboard.

SiteLock SMART® Dashboard Experience

SMART completes the following scans to check for malware and vulnerabilities.

  • Application Scan – Checks web applications to ensure they’re up-to-date and free of vulnerabilities.
  • Malware Scan – Scans for malware and malicious links to dangerous websites.
  • SMART Scan – Scans for malware and removes malicious files and code.
  • Network Scan – Checks server ports to ensure the appropriate ports are open for the correct server type.
  • Spam Scan – Scans a website’s IP and domain against leading spam databases to see if the site is listed as a spammer.
  • SQL Injection (SQLi) Scan – Checks for any SQLi vulnerabilities that could be used to inject malicious code into a user input form, like a contact form.
  • Cross Site Scripting (XSS) Scan – Scans for XSS vulnerabilities that can be exploited to steal visitor data.

These scans are clearly labeled on the SiteLock Dashboard (screenshot below). If you want to check your stats on a particular scan, you just click one of the circles for more details.

For example, if I want details about my SMART scan, I can click the SMART circle and view my data from a specific date range.

As you can see from the screenshot below, approximately 10,300 of my website’s files were scanned each day, but zero malware was found (score!). The files added, modified, or deleted were changes we made to the site when installing and deleting plugins, an indication SiteLock was doing what it’s designed to do.

SMART also scanned about 500 web pages each day in search of malware, totaling approximately 15,000 pages at the end of my trial. It also scanned about 3,000 files per day, adding up to approximately 90,000 files scanned over the 30-day period.

To view my web application firewall stats, I can click the TrueShield circle.

I then have access to the following WAF stats:

  • Visitor Statistics – My visitor stats differentiate human traffic vs. bot traffic. This gives me insight into the percentage of “real” visitors on my site vs. good or bad bots. This was actually pretty eye-opening for me, since knowing how many really people vs bots come to your website can really affect engagement data.

  • Visitors by Country – I can also view my traffic by country. If I see a significant amount of traffic coming from a country associated with malicious bot traffic, I can block the country’s IP, therefore blocking malicious traffic.

The screenshots below reflect how TrueShield helped optimize my site speed.

  • Cached Data – The black bar represents my total megabytes (data transmitted), and the red bar represents my net saved bandwidth while using TrueShield. Essentially if I subtract the red bar from the black, I can calculate my net consumed bandwidth. Since cloud service providers typically charge for bandwidth, preserving my bandwidth can be very cost effective.
  • Cached Requests – The black bar is the total number of requests received and red bar represents requests saved using TrueShield. When subtracting the red from the black, I can calculate the net requests passed to origin. This means that 73% of my content was served from the SiteLock network at increasingly fast speeds, which implies that my visitors accessed my site content nearly as soon as they requested it.

Content Upgrade

Free WordPress Security eBook

[4 Pages] The 21-Step Checklist to
Ensure a 99.9% Secure WordPress Website

So, What Did I Think of SiteLock?

Overall, my SiteLock review is positive. I see the value in their products and feel comfortable protecting my clients’ websites with SiteLock. They had friendly customer service, product setup was efficient, and my security results are easy to read. Two thumbs up!

Want to give your feedback or join the conversation? Add your comments 🐦 on Twitter.

The post SiteLock Review: A Brutally Honest Assessment of Where They Stand appeared first on WP Buffs.

Share This

We are using cookies on our website

Please confirm, if you accept our tracking cookies. You can also decline the tracking, so you can continue to visit our website without any data sent to third party services.