Unfortunately Hostgator and Sitelock have partnered and things have gotten strange. For the first 3-5 years they were great and no issues, recently it has been less desirable. I’ll probably move when the current paid time is up.
Personally, I’d be ditching them around last week.
But then again, I’ve had a few years of managing my own VPS, for a couple of domains, and have shifted companies (ta @Kierun!) recently due to different idiocies inflicted by my previous provider (cutting short the duration of a domain registration by 2 months would have been the last straw, had it not happened after I’d cancelled the VPS contract to which it was attached, and it was particularly egregious, leaving me 2 weeks to find another registrar.)
HOLY CRAP! I haven’t seen that code in awhile. A friend of mine had some similar code put on his TT-RSS install by them about a year ago. They claimed it was a mitigation for an SQL injection attack.
disabling the app entirely would certainly mitigate any possible sql injections