Web Design Blog



Sucuri vs SiteLock – Which Malware Removal Service Is Better?

What is Malware?

Malware, short for malicious software, is any software intentionally designed to cause damage to a computer, server, client, or computer network. Malware can take many forms, including viruses, worms, trojan horses, ransomware, spyware, adware, and more.

1. Viruses:


These are malicious programs that attach themselves to files and infect other files. They can spread uncontrollably, damaging a system’s core functionality and delete or corrupt files.

2. Worms:

Similar to viruses, worms can replicate themselves and spread to other computers. Unlike viruses, they can move across networks without human action, exploiting vulnerabilities in operating systems.

3. Trojan Horses:
trojan horse

These are deceptive software that appear legitimate but, when executed, can give a hacker access to the user’s system. They are often used to steal information or install more malicious software.

4. Ransomware:

This type of malware encrypts the user’s files and demands payment for the decryption key. It basically holds the user’s data hostage until the ransom is paid, with no guarantee that the files will be decrypted afterward.

5. Spyware:

This software secretly records what a user does on their computer, gathering personal and sensitive information without the user’s knowledge. It can track everything from web browsing habits to login credentials.

6. Adware:

While not always malicious in nature, aggressive adware can undermine system performance by displaying unwanted ads, redirecting search requests to advertising websites, and collecting marketing-type data about the user.

Why Does Malware Exist?

Most of these types of malware at least make logical sense, but what is the point of viruses and worms? Viruses and worms only exist to destroy files and systems – they don’t collect personal data to exploit or demand payment for data, so what is their purpose? Just to make us miserable?

After doing some more research, I found that viruses and worms exist for a variety of reasons, including demonstrating coding skills, protesting, damaging entities (individuals, companies, or governments), spreading political messages, or simply causing destruction for personal amusement.

While the creation and distribution of malware is illegal, its existence has also driven advancements in cybersecurity, leading to the development of more complicated defense mechanisms to protect against these malicious activities.

SiteLock vs Sucuri

I’ve used both SiteLock and Sucuri to remove malicious software from infected websites. When it comes to SiteLock, my experience with them was not positive.

  • They did not have a fast turnaround time – it took me almost a week to get some infected websites cleaned of malware.
  • I often had to follow up with them about existing tickets in order to escalate an issue.
  • I usually spoke to a different service rep each time I contacted them. Sometimes service reps simply weren’t available. “Billing support is not available, please call back in 3 hours.”
  • They didn’t detect that malware re-emerged on multiple websites after an initial cleaning. Months after the first malware cleaning, I logged back into my Plesk account and one website had over 5000 infected files – I was not notified of this.
  • After re-infection, they told me to contact my hosting company to “kill malicious process, fix file permissions and kill malicious cron jobs”. But my VPS plan is self-managed so this put me in a bad position. I eventually had to switch to a different Malware cleaning service that could handle this part separately.

In general, my experience with Sucuri was very positive.

  • They have an intuitive interface, which shows all websites, their status, whether or not they’re blocklisted, and firewall status. You can also manage a website’s history and settings from the dashboard.
  • They have a fast turnaround time. On average, my websites were cleaned from malware within 48 hours.
  • Sucuri also has an intuitive ticketing system. I was able to monitor each malware removal request and communicate directly with support on those ticket threads. They usually responded within a couple of hours at the most.


SiteLock Pricing

SiteLock’s pricing is tiered and can range from a few dollars a month for basic scanning services to several hundred dollars a month for their comprehensive security solutions that include advanced features like automated malware removal, web application firewall (WAF), PCI compliance, and more.

  1. Basic Plans: Starting at around $10 to $30 per month, offering basic scanning and malware detection.
  2. Intermediate Plans: Ranging from approximately $50 to $100 per month, adding features like automatic malware removal and basic DDoS protection.
  3. Advanced Plans: Can exceed $200 per month, providing full suites of security measures, including advanced WAF, DDoS protection, and priority support.

Sucuri Pricing

Sucuri’s pricing model is known for its simplicity and all-inclusive approach, with plans that cover website security and performance improvements.

  1. Basic Security Package: Starts at around $199 per year, offering website scanning, malware removal, and basic DDoS protection.
  2. Pro Package: Typically around $299 per year, adding enhanced detection capabilities, SSL support, and improved response times for malware removal.
  3. Business Package: Generally starts at $499 per year, providing all the features of the Pro package with the addition of a Web Application Firewall (WAF) and faster response times, often within a few hours for malware removal.

How Can You Prevent Your WordPress Site From Becoming Infected With Malware?

Preventing malware infections, especially on WordPress sites, involves a combination of best practices, security measures, and vigilance. WordPress, being the most popular content management system (CMS), is a frequent target for attackers. Here are key strategies to prevent malware infections on WordPress sites:

1. Keep WordPress, Themes, and Plugins Updated

  • Regularly update your WordPress core, themes, and plugins to their latest versions. Updates often include security patches for vulnerabilities that could be exploited by malware.

2. Use Strong Passwords and User Permissions

  • Implement strong, unique passwords for your WordPress admin area, database, and hosting environment. Use a password manager to manage complex passwords effectively.
  • Limit user permissions based on roles. Only give administrative access to those who absolutely need it.

3. Install a Security Plugin

  • Use reputable security plugins that offer features like malware scanning, firewall protection, login attempts limitation, and file integrity monitoring. Sucuri also provides a Security Plugin to keep a (clean) WordPress site free from malware, along with Wordfence and iThemes Security.

4. Implement a Web Application Firewall (WAF)

  • A Web Application Firewall (WAF) can block malicious traffic before it reaches your site, protecting against common attacks like SQL injection and cross-site scripting (XSS).

5. Secure Your Hosting Environment

  • Choose a hosting provider known for its security measures. Good hosting providers offer features like regular backups, SSL certificates, and advanced firewall protection.
  • Implement HTTPS by installing an SSL certificate to encrypt data transferred between your site and your visitors.

6. Regular Backups

  • Regularly back up your website. In the event of a malware infection, having a recent backup means you can restore your site to a clean state more easily.

7. Disable File Editing

  • In the WordPress dashboard, you can edit theme and plugin files directly. Disable this feature by adding define('DISALLOW_FILE_EDIT', true); to your wp-config.php file to reduce the risk of code tampering.

8. Limit Login Attempts

  • Use plugins that limit the number of login attempts from a single IP address. This can prevent brute force attacks, a common method used to gain unauthorized access.

9. Monitor and Scan Regularly

  • Regularly scan your website for malware and vulnerabilities. Security plugins can do this automatically, alerting you to any issues that need attention.

10. Use Secure Connections

  • Only access your WordPress admin area over secure networks. Avoid using public Wi-Fi without a VPN, and ensure that FTP connections are made through SFTP or SSH for encryption.

11. Educate Yourself and Your Users

  • Stay informed about the latest security threats and best practices. Educate users who have access to your WordPress site about the importance of security measures and safe browsing habits.

Implementing these strategies can significantly reduce the risk of malware infections on your WordPress site. While no site can be 100% secure, layering these security measures makes it much more difficult for attackers to compromise your site.