Common Website Security FAQs

SiteLock’s security experts are ready to answer the most frequently asked questions about cybersecurity and functionality. If you have more specific questions, don’t hesitate to contact our team.

What is website security?

Comprehensive website security protects your website and web applications from harmful cyber threats, like malware and vulnerabilities. Depending on your SiteLock website security package, you’ll receive daily website scans, automated malware removal and vulnerability patching, and a web application firewall to block harmful traffic from entering your site.

Do I need website security?

When it comes to your security, no website is too small to hack. It’s always better to be proactive than reactive. Meaning, we highly recommend you secure your website before security issues arise. This is important since websites experience an overwhelming 58 cyberattacks per day, per website from hackers on average! Let this blog, “Why Do I Need Website Security?” help answer your questions.

Why are website backups important?

Website backups are an integral security measure. Backups provide an easy way to save a copy of a website, including files and databases. With a single click, you can then restore your website in the event of accidental or malicious code corruption.

What are some common security threats?

The following are some of the most common website security vulnerabilities and threats:

  • Brute force attacks
  • Cross-site scripting (XSS)
  • Distributed Denial of Service (DDoS)
  • Phishing
  • Malware or malicious software
  • SQL injections

How can I help prevent malware in the future?

Some of the basic ways you can protect your site against malware include:

  • Update your CMS (WordPress, Joomla, Drupal, etc.), themes and plugins on a regular basis. Outdated themes, plugins and CMS are one of the main reasons websites are hacked.
  • Clean your hosting account regularly to decrease the risk of vulnerabilities and exploits. You can clean your account by removing all old code, unused user and FTP accounts, and unused files and domains.
  • Never leave a backup of your site on the same web server.
  • A weak password is a security threat. Frequently update your password to combine uppercase and lowercase letters, numbers, and symbols. A strong password that changes frequently is a moving target for cybercriminals.

If you have any additional questions or concerns, please contact our support team at (877) 563 - 2832.

I have an SSL Certificate, so why do I need this?

An SSL certificate is a great first step to a secure website and is required by search engines like Google. It decodes information passed between your site and its visitors to help prevent data theft. However, you still need to protect your site from defacement, theft of resources, and other attacks.

I take credit card numbers on my site, so I need to be PCI compliant. Can you help me with that?

Absolutely! Website owners are responsible for protecting their customer’s sensitive information. Our Enterprise level WAF is certified to PCI Compliance standards and can streamline the Self-Assessment Questionnaire (SAQ) process.

Is Your Website Currently Compromised?

SiteLock 911 will automatically find and fix common types of malware infections. Get Started Now (

Or contact our support team for a custom solution:
Call Toll-Free: (855) 378 - 6200
International: (415) 390 - 2500

Isn’t website security my host’s responsibility?

It’s a common misconception that hosting providers are responsible for site security. However, your web host only protects the server your website is hosted on, not the website itself. Think of it like securing an apartment building. Property management takes responsibility for securing the building, but each tenant must lock the door to their own apartment.

What does the "This Site May Be Hacked" warning mean?

If your website is blacklisted by Google and is displaying the following warning, 'This Site May Be Hacked,' we will submit your site to Google for de-blacklisting once cleaned. Please note that it could take Google up to 72 hours to remove this warning and de-blacklist your website. Please note that SiteLock has no control over the timing of this process.

What happens if my user account is suspended?

If your hosting account is suspended, we will not be able to request a Google review until your account is reactivated. Please contact us once your hosting provider reactivates your account.

What happens if my site has an issue?

We will alert you by email as soon as any issues are detected and work with you to get your site secured.

What if my website was deactivated?

If your website was deactivated by your hosting provider, we will request to reactivate the site. Reactivation generally takes up to 24 hours to complete. It is recommended that you contact your hosting provider if you need to escalate the reactivation process. Please note that if you have multiple websites on your hosting they can potentially cross-infect the website we are cleaning. If another website in your account is infected, your hosting provider can also deny your reactivation request. Please contact SiteLock support if your hosting provider takes more than 24 hours to reactivate your account.

What should I do about other websites on my hosting account?

If you have other websites on your hosting account that are not properly protected, they can potentially become cross-infected or reinfect the website we are cleaning. It is recommended you protect all your domains with a comprehensive website security solution that can automatically find and remove malware, as well as protect your site from harmful requests.

Who is SiteLock?

SiteLock is the global leader in website security. The company was founded in 2008 with a mission to protect every website on the internet. We currently protect over 12 million websites of all sizes around the world and are just getting started!

Reduce your website security risks

Get started with SiteLock today

Automatically protect your website, reputation and visitors against both common threats and advanced attacks.