Have you ever wondered what is the worst that can happen to your website? If you are a WordPress user, you probably have and that’s why you’re here now, going through our analysis of these two security services - to see which from Sucuri vs Sitelock is best for your site.
We’ll be completely honest with you; nothing can be worse than your platform being maliciously attacked, compromised, infected, and finally being delisted or deindexed from Google.
But even if your domain does not get demoted - that stark warning on search results will kill your traffic. People will, rightly, be cautious of visiting your domain.
And worse still, you will probably not see it coming because you were hardly aware of what was going on. You can probably agree with us that nothing hurts more than being knifed in the back when you least expect it.
So while you tirelessly work to a build a kick-ass business, remember that cybercriminals are working equally hard to gain access to it. It's their profession after all.
Did you know that the average website gets attacked 44 times per day?
The last thing you want for your online presence is spamvertizing, links to spammy content such as UGG boots or Air Jordans, or even worse to have the personal information or your customers exposed to the rest of the word. That's beside dropping out of Google results.
Well, that was the bad news.
The good news is that there is something you can do about it. After this Sitelock vs Sucuri review, you will be informed enough to take the right decision to protect your site. You will no longer have to worry about cybercriminals lurking, waiting to attack and compromise your business.
More importantly, you'll be able to make the best decision on whether to go for Sucuri or Sitelock as your choice of security service to protect your business.
In fact, in this article, we’ll be reviewing two of the leading security services to help you get a clear understanding of what you will be working with. You'll see in details what level of protection each of these services can offer.
Let’s dive right in.
|Price||From $9.99/month||From $109.99/year (excluding multi-year or bulk discounts)|
|Latest threats update||Yes||Yes|
|System Security Tweaks||No||No|
|Core Code Changes||No||Yes (Vulnerability patching)|
|Cloud-based / vs Website||Both||Both|
|Cool Feature||CDN for added performance||Vulnerability patching|
|What we liked||DNS Cloud-based protection takes brunt of attacks||Brute-force attack blocking|
|DDOS protection||Vulnerability patching|
|Zero-day exploits protection||True Code SAST|
|Core integrity checks|
|What we didn't like||Some features a bit pricey||Some dodgy reviews|
|More expensive that Sucuri and not as popular|
|Website||Visit Sucuri||Visit Sitelock|
So what exactly are we comparing?
Key Factors for comparison
In this review, we will be looking at which service between Sucuri vs Sitelock, satisfies our web security concerns. For this to happen we will check if they tick off every box in our key factors:
You’ll discover that the main reason why we’re getting a security plugin is to make sure we get the following benefits
- Detection - How well is the service equipped to detect threats which are aimed at your domain? And how well does it rate in terms of hacks which have ALREADY occurred, maybe your site is already hacked.
- Protection - Besides detecting threats, we obviously want to protect against them
- Quick Response - How fast the company is to reach a hacking incident and how quickly they are able to help you resolve such an incident.
- Backups - Does the service provide backups as part of the whole feature set?
- Pricing - How much does the service cost? Is it perpetual license? Does it need to be renewed monthly or yearly
- Customer Satisfaction - How does it look in terms of customer satisfaction? What are the reviews that the company and service gets in general?
Those are the most important factors to consider when you are looking to make a purchase.
Now let’s begin this Sitelock vs Sucuri comparison.
What are Cloud-based Website Security Services?
Both of these products are cloud-based website security and protection solutions.
But what does this really mean?
In essence, rather than having a plugin which is installed on your server, which happens with most web security plugins, these two plugins work as a reverse proxy.
Before getting lost in technical terminology, let's simplify this as much as we can. These services actually take the brunt of traffic sent to your site, both legitimate and malicious.
See a diagram below depicting how they work.
The services then use various technologies to root out all the malicious traffic and only send the good traffic to your domain.
This is a significant and great way of doing web security.
The reason that this is an excellent setup is this: a server which is under attack or suffering a number of malicious actions can easily get overwhelmed when it is hosted on standard services. Even with a security plugin in place, most hosting services will not be able to handle the wave of traffic sent to it.
On the other hand, cloud-based protection services are built to withstand this kind of assault, so they can never be overwhelmed by this.
Not only that, but they are literally fully optimized to kill any bad traffic to your server.
Who are SiteLock?
Bragging a 4.5-star rating, the SiteLock service stands out as one of the most popular, old-timers, having been around for about 10 years.
It doesn’t mean though that it’s flawless. Let's give it a closer look.
Before we start this review, have a look at the below video about how it actually works:
1. Ease of Access
The plugin requires that you log in to SiteLock’s platform and perform the integration process. The integration requires a number of steps:
- Verification of your domain by using either by adding a META tag on your domain or
- Adding a file to the root of your domain
Once the domain has been verified you will then need to perform DNS changes to start sending traffic to their service. Once the DNS settings have been done, you'll need to give it up to 24 hours for your domain to finally get fully protected.
Once this is done, you get access to a 24 badge that displays your protection status, which is great to instill confidence in your customers, that you care about the protection of your infrastructure, and you care for any data that they might give you when buying from you.
Let’s go straight to the features that make this service what it is, matching them against our key factors.
2. Detection & Response
In terms of this requirement, we can find the following feature set
- Website Scanning - This feature offers an in-depth check of all files and pages of your site which check for any existing, known and potential vulnerabilities like
- XSS cross-site scripting attacks,
- SQLi or SQL injection attacks,
- checks for any SPAM on your site which might mean that you have been hacked already, and such suspicious activity as external redirects or dodgy content,
- checks for any old applications and plugins used by your CMS or platform (which could cause problems).
- Most importantly, it also checks whether there is any malware already on your domain - to make sure this is identified and cleaned as soon as possible.
- Infinity - this is a feature that continuously scans for malware and removes immediately. This is an exclusive product by Sitelock, which essentially keeps watch over your site by continuously scanning the contents of it, to make sure that if any malware hits, it is remedied immediately. This is actually an award-winning feature, the one which we have mentioned above. Given that this industry is very competitive, picking up such an award is a clear indication that this is an excellent offering.
- True code SAST - this is another service which is catered more towards SaaS applications. Essentially, it keeps an eye on your own application which you have developed and any 3rd party services which your app integrates with. If any vulnerabilities are detected, you will be adviced immediately so that your developers can actually fix them asap.
Let's have a quick a look at the features offered by Sitelock in terms of protection of your website and web applications
- Smart Plus - Secure Malware Alert & Removal Tool (SMART) - is programmed to scan and clean web files every day. This feature included an automated CMS core patching, essentially catering for fixing any known vulnerabilities in specific versions of CMSes such as WordPress, Joomla, Drupal and others. This service actually replaces vulnerable files with their fixed patches automatically - a very neat service! It also actually goes beyond the CMS, to 3rd party plugins such as WooCommerce and Magento.
- Malware Removal - This service is actually a full-blown service which fixes threats and malware from your site. Essentially, if you have detected strange issues or know that your website is hacked, this service removes any threat. The service caters for various types of hacks including but not limited to, malware, defaced sites, backdoors (hackers controlling your site), phishing pages, pharma spam and malicious redirects.
- Trueshield Web App Firewall - This feature is a cloud-based firewall. Their technology actually detects human traffic and bot traffic, essentially killing off any automated malicious traffic and letting humans through. This is another very comprehensive service which is able to cater for the Top Ten Online Threats such as
- SQL Injections,
- Misconfigured Security,
- Cross-Site Scripting,
- Broken Authentication and Session Management,
- Exposure of Sensitive Data,
- Using components with known vulnerabilities,
- Cross-Site Request Forgery,
- Missing Function Level Access Control
4. Customer Satisfaction
Reviews of this plugin will most likely lead you to what the customers say when they talk about SiteLock. It's quite unfortunate that most of the reviews we are getting are negative with complaints like subsequent attacks hitting their domain even after integrating this security plugin.
What's worse is that SiteLock did not detect the attacks, and if it did, no warning was sent to the users. That’s not all. Some users have complained of blocked bots. So does this suggest that SiteLock is only excellent at cleaning but poor in being protective?
We're always wary of very negative customer reviews because a lot of people might have a specific issue or something circumstantial which broke their site. Be wary of negative reviews - we always recommend going for a trial, before making a judgment.
Still, we would prefer to find few if any negative reviews
Stick around to find out what we think.
5. Sitelock Pricing
SiteLock is available with 4 payment plans with two options: monthly or yearly subscriptions. Pricing is something which is not fixed - it varies depending on the services you choose so it's best to get in touch with them directly and request a quote for your specific use-case.
However, in general, you can find the following pricing plans:
Restores your site from a blacklist and
Offers protection against DDoS attack
Boosts Website navigation speed
Offers daily scans and clean-up of your files
Offers instant malware removal on already affected sites
Are PCI compliant
Offers unlimited expert support
Customer dissatisfaction (Lots of negative impressions)
Onwards with our comparison, we now focus on the competitor, so that we can continue our Sucuri vs Sitelock article.
Who are Sucuri?
This company stands out as leading favorite in online website security. With a clear objective to maintain customer satisfaction, they have put up excellent features in place to offer their customers:
- Protection - to protect and stop any potential hacks before they occur
- Detection - to inform the owner or webmaster of any potential security issue such that mitigating action can take place before any compromise happens
- Response - features which handle any existing compromise or hack and to remove any existing malware
- Back-up - to restore your setup if things are at a point where they are beyond repair, they will restore your site to a clean version (and then apply any additional protection)
- Performance - given that their very nature also includes a CDN, they offer your website increased performance to speed up your loading times and response.
Having been in the industry for years, they have mastered their customer’s security challenges with a record standing at 98% customer satisfaction. They have taken steps to avail themselves of a large team of experts to take care of their customer’s needs, all over the world.
Their global recognition and extensive research resources give them a positive reputation among small and large businesses alike, and even in the enterprise; the likes of PC World, Mashable and Forbes lead the thousands of customers that swear by Sucuri for their websites’ assured security.
Let's take a closer look at what they offer
Remember we mentioned earlier in this topic that Sucuri have narrowed their objectives to ensure they meet customer biggest concerns; detection, protection, performance, response and backups?
Let’s see if they have what it takes to do this.
Get alerted if vulnerabilities or hacks have happened and monitoring on-the-fly
Here, you get the following features that will help you monitor for hacks and any form of blacklisting:
- Server-side scanner
- Conditional Malware Detection
- Continuous Monitoring
No more Future Hacks
You can enjoy the protection from hacks and attacks with these features:
- Malware & Attack prevention
- DDoS attack Mitigation
- Brute Force Protection
Assistance for hacked sites
We love the fact that doors are not only open to those seeking preventive measures, but those already affected too. Here you find the following cool features:
- Hack cleanup
- Blacklist warning Removal
- SEO spam repair
Sucuri have expanded their feature set to accommodate all website owners. By providing 4 unique plans, they have a package that is suitable for all types of web users. We’ll break it down for you.
- Platform - This plan has a 3-tier pricing plan that is ideal for bloggers for a minimum of $199.99
- Agency Solutions - Web professionals with up to 1000 client base can take this plan up. It offers discounts for those who handle many clients and have no time to handle security matters.
- Firewall - If you are budget conscious, then this plan is for you. It also has a 3-tier pricing plan with a basic minimum of $9.99
- Custom Enterprise Solutions - Large organizations require a dedicated support system and the company offers this plan that features round the clock security support, all day, all year.
What more do they offer?
For an extra $5 a month, you can get your preferred back up schedule automated and securely stored in the cloud.
7. Enjoy Better Page Performance
Everyone appreciates a fast-loading website, and to be assured of the same you know you won't need to top up your cup of coffee while a page loads.
In fact, if your pages take more than 3 seconds to load, you might have already lost your potential customer.
Here’s something we think you’ll like; this feature doesn’t require you to install it. With a simple DNS change, their CDN is activated which instantly boost the loading time of your pages - making them load faster.
Setting up Sucuri
How to set up using the WordPress plugin
To install the security plugin, simply log on to the administration of your WordPress, select plugins, click to add new then search for Sucuri Security and install it. Once in, proceed you can navigate easily to the plugins dashboard and choose your plan. You’ll immediately start receiving alerts about relevant activity affecting your site.
Setting up the Cloud-based Service
Setting up the cloud-service is not as easy as installing a plugin, but it's not too complicated either. You'll need to tweak the DNS settings of your domain to point them to the DNS provided by the security provider. These will then pass all traffic to them, so that it can be fully filtered and secured before being forwarded to your own website.
Of course, any malicious traffic or attacks, or attempts at hacking your site are killed off at their servers.
Sucuri prides itself on being a reputable brand. This itself offers a brand assurance of quality security protection.
There is a tailor-made plan for every user. This will this save you time and spare you from taking in features you really don’t need (and paying extra for stuff you don't need).
The Sucuri service does not slow down your website. In fact, one of its features is that it actually improves performance with a little DNS change - due to the fact that the service is also a Content Delivery Network.
Sucuri offers a stronger defense to threats that local security plugins. We particularly like that it defends against zero-day threats - this is a real game-changer because this is where and when protection is needed the most.
What do others think of them?
We've picked up a few testimonials from customers who are truly happy with this service. Syed Balkhi, founder of WPBeginner.com (one of the largest and most visited WordPress related websites) says about moving to Sucuri. WPBeginner serves about 300,000 user (on average) and has more than 9 million page views per month!
"Our server load has come down on WPBeginner - insanely! Security is a big thing and is the primary reason we use Sucuri, but the added benefit is the speed aspect - because everything goes through the WAF and it’s that much faster."
"For me, the biggest advantage of using Sucuri is that I don’t have to get a server admin anymore. I don’t need a 5th admin, because before, the 5th admin’s job was to monitor the server and recognize and mitigate any attacks. I had a 5th admin, part-time and I was paying $2,500/month to keep him on retainer."
Here's another Sucuri testimonial from the founder of hostingpill.com:
"With Sucuri, I have peace of mind that the website is being monitored 24/7 and we will be alerted if something goes wrong.
Page load time is a huge factor of online experience. If you decide to use the Sucuri CDN service, you can expect increased customer satisfaction rates, more page views, increased conversion rate and decreased bounce rate."
So, who wins the challenge between Sitelock and Sucuri?
We have tried to be as fair as we can in our review. However, it is not our intention to bombard you with too much information but to help you make an informed decision when you finally get down to secure your website.
You will probably with us that both the SiteLock and Sucuri are excellent security plugins for the very reason that they are constantly updated to ensure round the clock protection.
And any website security service is always better than having none at all.
Both have managed to build excellent relationships with their users through their quick response to queries and concerns.
If we had to take a gut feel decision, the number of overall negative reviews of Sitelock pushes us towards Sucuri.
It is for this primary reason that we give the win to Sucuri. By offering its users a large team of readily available security experts, we owe it to them to recognize and appreciate that they are not only a big brand; they are also true to their purpose.
Sucuri has strategically managed to meet the needs of their users located all over the world for assurance of better assistance.
Between the two, Sucuri leads in term of threat detection, protection against malware and overall customer satisfaction. They have more sophisticated and stronger features that actually deliver their promise, unlike SiteLock’s claims to do more, but maintains a low satisfaction rate.
So, if you are looking to get a plugin for your business website or individual use, we recommend Sucuri as the most ideal to ensure you have a fast and prolific site.
Summary of Sitelock vs Sucuri
Understanding the benefits of these two powerful plugins clearly lays out the danger you could be saving your site from, or jumping into depending on what plugin you now swear by.
We have shortened the chase for you and presumably rescued you from the dilemma that had you all over the place in confusion. Following this review, you have our go-ahead to download your Sucuri security plugin, and buy your preferred plan.
And when you finally do, ensure your plan selection seamlessly caters for all your needs and meets our key factors. Finally, now that you are fully aware of it, get yourself protected immediately. You can then sit back, and enjoy working on your website knowing you have earned the peace of working on a secure platform.