Sitelock review including alternatives

If you create your website or run sites for others, there are many security monitoring aspects to cover. Being open to the world, websites are particularly vulnerable to hacker attacks. These attacks can be manually implemented or launched through automated processes. There are many ways in which a site can be compromised, and it is even possible for hackers to hijack your site to attack other computers.

SiteLock offers a bundle of all of the services that a site needs. So taking out a SiteLock subscription sweeps a whole lot of service research off your To-Do list.

Key Features:

  • Web Application Vulnerability Scanning: Regularly scans for vulnerabilities in web applications, enhancing website security.
  • Web Application Firewall (WAF): Filters and blocks harmful incoming traffic, including automated bots and DDoS attacks, protecting against unauthorized access.
  • Content Delivery Network (CDN): Distributes site content across global data centers, reducing load times and providing failover protection.
  • Regular Backups: Automatically backs up website content, ensuring data recovery in case of loss or damage.

What does SiteLock Do?

SiteLock offers a range of security services that will protect your sites from a range of attacks. Websites include a lot of different code snippets that various organizations supply. For example, suppose your site is built on a framework, such as .NET. In that case, there will be quite a lot of the functionality provided by Microsoft and not included in the bundle of files stored in your hosting account – they are run from Microsoft’s servers located elsewhere.

Other examples of external systems that contribute to your site include tracker libraries and widgets. You get tracker libraries on your site if you work with Google Ads and those social media. Like buttons that website builders automatically put on your pages are what are called “widgets.” You could not possibly monitor all of these elements by yourself. You have to have a security monitor to take care of that monitoring task, and that’s what SiteLock does.

Another important feature you need for your site is a regular backup. Once your site has gone live, the code will be pretty stable, so you might not think that you need to back it up very often. However, if your site runs an eCommerce system, you will be collecting customer data, and you will have transaction records that need to be protected. In addition, if ransomware gets into your account space, you will face a lot of problems. However, if you get frequent backups, you can just restore your system and get back online without paying the hackers.

Additional SiteLock services

Higher plans of SiteLock offer more features. For example, they include the Web application vulnerability scanning of the base plan but have extra services that protect and improve site delivery performance.

As well as checking your files, SiteLock offers a Web application firewall. It scans incoming requests and blocks automated traffic, such as click bots and DDoS attacks. It also patrols attempts to get around the front-end access management systems to prevent backdoor access through systems such as FTP and RPC.

Higher plans combine backup systems with a content delivery network (CDN). This involves copying the site to several data centers around the world. By having copies in different locations, visitors get faster access because they are directed to a closer copy than the original Web server for the site. This configuration also offers failover protection. If the primary server for the site goes offline, visitors are automatically forwarded to another copy held in a different location.

SiteLock history

SiteLock began operations in 2008. The key to getting business-protecting websites lies in partnering with hosting services. SiteLock managed to establish those working relationships and now has more than 200 partners. In total, SiteLock protects more than 16 million websites around the world.

SiteLock is particularly strong at protecting content management systems (CMSs). The system offers integrations, which makes them accessible from within WordPress, Drupal, Magneto, and WooCommerce. The package also has an integration for .NET and IIS Web server.

Those integrations are not just useful for marketing purposes. They also make it easier for the vulnerability scanner to search through site components contributed by those frameworks. This access is critical in CMSs, where most of the code that runs the site is provided by the environment.

In 2021, SiteLock became part of Sectigo. That conglomerate was formed by a buyout of Comodo CA Ltd, an SSL certificate authority, by Francisco Partners. Sectigo also owns CodeGuard, which is a rival backup service for websites. SiteLock is based in Scottsdale, Arizona, and Sectigo’s headquarters are located in Roseland, New Jersey.

SiteLock plans

SiteLock offers three plans. These are Basic, Pro, and Business.

The services offered in each plan are:


  • Daily backups of website files and database up to 2 GB
  • Daily site scanning
  • Daily code and database scanning


  • Daily backups of website files and database up to 5 GB
  • Daily site scanning
  • Daily code and database scanning
  • Automatic patching
  • Content delivery network (CDN)
  • Web application firewall (WAF)


  • Daily backups of website files and database up to 10 GB
  • Daily site scanning
  • Daily code and database scanning
  • Automatic patching
  • Content delivery network (CDN)
  • Web application firewall (WAF)
  • 2-factor authentication for protected/login areas via email or SMS
  • Firewall PCI reporting
  • Custom WAF rules editing dashboard

The daily site scan covers:

  • SSL scan
  • Malware scan
  • Spam scan
  • SQL injection scan
  • Cross-site scripting scans
  • SiteLock Risk Score

The daily code and database scanning service include:

  • Codebase, database, and CMS scanning
  • Vulnerability detection
  • The Web application firewall (WAF) provides the following protection:
  • Malicious bot blocking
  • Backdoor protection
  • DDoS protection

All plans get 24/7 access to Customer Support with a ticket response time that varies according to the plan:

  • Basic: 30-hours
  • Pro: 24-hours
  • Business: 12-hours

SiteLock also offers a consultancy service that provides a full assessment and thorough security sweep of a site called SiteLock 911. This service is priced at $199, but subscribers can get the service for $149.

SiteLock price

All three plans of SiteLock are available on a monthly subscription rate but paying annually for the service gets a discount that amounts to two months for free. Here are the prices per month and per year for the three SiteLock plans:

  • Basic — $14.99 per month or $149 per year
  • Pro — $24.99 per month or $249 per year
  • Business — $34.99 per month or $349 per year

Even if you pay per month, you have to sign up for a minimum service period of one year. After that, subscriptions are paid for the entire payment period in advance.

If you are on the monthly payment plan and cancel before the first year has expired, you have to pay 50 percent of the total fees for the year (at the monthly rate) as an early termination charge. If you are on the annual payment plan, you get no refund if you cancel during the year.

SiteLock doesn’t offer a free trial. However, it does offer a 30-day money-back guarantee. Those early termination penalties don’t kick in until the first 30 days have expired. If you cancel your account during this period, you get all of your money back.

SiteLock strengths and weaknesses

SiteLock is an excellent package for time-pressed website owners. However, the service is mainly aimed at small businesses that don’t have the technical skills to fully assess all of the security needs of a Web-based company. Nevertheless, here is our list of the highlights of this service.


  • CMS Integration: Seamlessly integrates with popular content management systems like WordPress, Drupal, WooCommerce, and Magento.
  • Enhanced Security Measures: Offers comprehensive protection through regular vulnerability scans, DDoS protection, and a robust web application firewall.
  • Performance Improvement: Utilizes a content delivery network (CDN) to improve site loading times and availability worldwide.
  • Data Protection: Regular backups safeguard website data, allowing for easy restoration.


  • Early Termination Fee: Includes a significant penalty for early service termination, which may be a deterrent for some users.


If you have time to scout around for other packages, you might find better deals elsewhere. However, matching the total package offered by SiteLock would probably require you to source services from several providers. A full match for all of the services provided by SiteLock is hard to find at such a low price.

Alternatives to SiteLock

Check on the services offered by your hosting provider before plumping for SiteLock. You might not need to pay for all of the services that the SiteLock plans provide.

Our methodology for selecting an alternative to SiteLock  

We reviewed the market for Web application vulnerability scanners and related website security services like SiteLock and assessed the options based on the following criteria:

  • Partial matches to the SiteLock packages, such as vulnerability scanning, backups, or CDNs
  • An easy-to-use service that is offered on a Web platform
  • Services suitable for different sizes of businesses
  • A flexible package that includes several security services in a bundle
  • Managed software that is bundled in with cloud storage space for logs and patch installers
  • A free tool or a paid tool that can be adapted by switching plans
  • A free trial or a demo version for a no-cost assessment

With these selection criteria in mind, we have compiled a list of some strong alternatives to SiteLock. In addition, while SiteLock is tailored to small businesses, we have identified some services that are better suited to large organizations.

Here is our list of the five best alternatives to SiteLock:

  1. Cloudflare This provider offers very competitive packages that represent promising alternatives to the services provided by SiteLock. This company has also successfully partnered with Web hosting services to catch new customers and currently protects more than 25 million websites. The Cloudflare system is offered in four plans, and the first of these is Free. The free plan includes an SSL certificate, continuously protected, DDoS protection, and a CDN. Higher plans include a WAF and data privacy protection. Unfortunately, Cloudflare doesn’t compete with SiteLock in the category of vulnerability scanning – it doesn’t have that. To fully match SiteLock, you would need to source a vulnerability scanner from another provider in addition to Cloudflare.
  2. Reblaze, this provider offers a menu of services that you can take out individually or select several modules that will work together. Services include a Web application firewall that will also act as a load balancer. This is an edge service, but it isn’t hosted, so several self-hosted deployment options are available. You can add services that include a bot detection service that blocks DDoS attacks and other automated malicious attacks, such as scraping or brute force credentials cracking. You can install this service as a virtual appliance on your site, run it on containers, or have it on a cloud platform. Try all of the Reblaze services on a 30-day free trial.
  3. Invicti This vulnerability manager would be an excellent partner to Cloudflare to make up the full functionality offered by SiteLock. However, this is a service that is probably a better bet for mid-to-large organizations. Invicti excels at spotting exploits because it doesn’t just work through a list of known vulnerabilities. Still, it also scans through code and runs each element in a website to test for illogical processes, unprotected data coupling, and unsecured remotely-hosted supporting services that back frameworks and APIs. Invicti is available as a SaaS platform or an on-site software package for Windows and Windows Server.
  4. Acunetix This is another vulnerability manager that is a good choice for businesses running their Web servers and an office with a private network. As well as operating as a Web application scanner that searches for more than 7,000 external vulnerabilities, it looks for more than 50,000 network exploits. Acunetix is packaged in three editions that provide on-demand, scheduled, and continuous testing. The service can be subscribed to as a SaaS platform, and it is also offered as a software package for installation on Windows, macOS, or Linux.
  5. DataDome is a good match for SiteLock because it combines a Web application vulnerability scanner with a bot blocker. At the same time, the vulnerability scanner hardens your system by searching for the OWASP Top 10 threats, among other exploits. The vulnerability scanner is frequently updated with a threat intelligence feed. The Bot Manager service operates as a Web application firewall, screening all incoming connection requests. The bot protection blocks account takeover attempts, scraping, click fraud, inventory hogging, and other automated malicious activity. DataDome is delivered as a SaaS platform. It is considerably more expensive than SiteLock, with plans starting at $1,190 per month if paid annually. You can get a 30-day free trial of DataDome.