8 Comments

  1. White Fir Design

    You make a big point of how many websites SiteLock is supposed to be protecting, but from what we have heard it sounds like a lot of their customers have been given some free SiteLock service, which they may not even be aware of, with their hosting account. It seems the purpose of that is so that SiteLock has a relationship with them that they can use to cold call them. Were you given any indication of how many of the websites they are supposed to be protecting are paying for the service and what kind of service they are getting, since a lot of their services don’t seem to offer much, if any, protection?

    Also, websites running WordPress 3.7 or above would normally get security vulnerabilities in WordPress patched automatically without requiring any additional service due to the automatic background updates feature in WordPress.

    Report

  2. Alec

    @WhiteFirDesign Not all WordPress security issues are in core or can even be dealt with just by updating WordPress. On a poorly configured server or install, even the latest version of WordPress won’t help you. It’s easy to make just a small slip and end up with an unwittingly vulnerable site. Or two tiny slips combined. A server side monitoring tool checking automatically that your laces are tied is a boon.

    A cheap and efficient security monitoring service applied at the host level is exactly the sort of service which can benefit from economy of scale. With Sucuri aiming for $30/month per site, more entrants in the server side security market are most welcome.

    PS. Paul Goodchild of iControlWP is running a launch special for his new Shield Central service (you control security settings for all your websites from a single dashboard – hurray no more logging into dozens of WordPress sites to set or alter security settings). Existing iControlWP clients will be grandfathered with free Shield Central. We’re happy ManageWP users so we can’t take advantage of the offer but it’s a good one.

    Report

    • Peter

      Right solution would be not to use “poorly configured server”. So instead of investing 30$ to Sucuri, it’s much smarter to invest that money to the correct and secure server setup. If the server setup is not secure, no any plugin, service or add-on will help you. For example if somebody can get your root access, you can have anything installed on your server, whole security team in the house, one line of code can delete everything forever ;)

      Report

    • White Fir Design

      We are familiar that updating WordPress doesn’t take care of all the security issues around WordPress, we run a service for helping to protect against vulnerable plugins, but what PatchMan does for WordPress is already done by WordPress and that is important to note.

      Sucuri is owned by a web hosting company, GoDaddy, that we have seen numerous security issues with, including those that have lead to websites being hacked in the not too distant past. So they don’t seem like the best people to be providing server level security services. SiteLock’s owners also run a major web hosting company, the Endurance International Group, that also has had issues in their handling of security, possibly recently leading to websites being hacked. It seems like it would be better for web hosts to focus on providing a secure environment to their customer instead of selling additional security services, which are not necessarily going to provide real protection, under a different name as they are doing now.

      Report

  3. Patrick B

    Well this all turned negative in the comments rather quickly.

    Report

Comments are closed.

%d bloggers like this: