However, anyone who knows the file structure of Joomla can bypass SiteLock and access files inside directories that do not have an "index.html" file.
For example: if a "videos" directory has been placed inside the "media" directory, the "videos" directory is accessible if you go to domainname/media/videos .
So make sure that your subdirectories have an "index.html" file.
Ewald, good point. However the Sitelock extension locks people from viewing the actual site and is not intended for protecting server directories. So that portion of the review is irrelevant to what Sitelock is used for. But thank you for the 4 star review.