SiteLock Website Security
Sitelock is easy, economical and effective
Automatically Prevents Attacks
SiteLock monitors your website 24x7 for vulnerabilities and attacks, which means you can worry less about your website and more about your business.
Boosts Customer Trust
Over 70% Customers look for a sign of security before providing personal details online. The SiteLock Trust Seal not only re-assures customers but also boosts sales.
Starts Working Instantly
You don't need technical expertise to install and set up SiteLock for your website. SiteLock is cloud-based and starts scanning your website and email instantly.
How it Works
Scans Daily
SiteLock screens every aspect of your web presence daily to identify security gaps. It not only checks your website, email and applications but also search engine blacklists and spam filters.
Identifies Threats
SiteLock's 360 degree scan and powerful firewall identify advanced vulnerabilities before they can be exploited to damage your web presence, thus putting you one step ahead of hackers, always!.
Instantly Notifies and Fixes
SiteLock not only identify threats but also fixes them for you automatically. This way, SiteLock works in the background to protect your website, while it's business as usual for you and your customers.
Website Files
Vulnerabilities are detected immediately with the use of TrueShield™ virtual patching technology. By evaluating your website’s request SiteLock applies all necessary repair automatically.
Applications
Obsolete or defenseless applications are the most popular way for hackers to gain access to websites and data. The SiteLock Application Scan checks website applications to verify they are up-to-date and free from vulnerabilities.
Emails
SiteLock always scans a website's IP and domain against leading Email spam database to check if it's listed as a spammer. It also prevents if your website or service are sending or referenced in spam mails.
Visitor Traffic
The Network Scan checks thousands of server ports to ensure that only the appropriate ports for the desired services are open. Customers are alerted of any high-risk visitor traffic. SiteLock creates a secured field around your website by true Shield Firewall technology.
Changes to Files
By using SiteLock, your impotent file will be always secure. SiteLock configured such a deep scanning experiences (FTP scans). If there anything wrong or have been any change, you will be instantly alerted. It will help you to prevent any kind of unauthorized edits before they cause any damage done.
Search Engine Blacklists
There are many malware sites. Sitelock monitors search engines blacklist and checks their own database of 7000+ malware sites. Actually SiteLock assure that your site is no more linked or blacklisted. Through this process, SiteLock boosts your site's organic traffic and ranking.
SQL Injections (SQL-I)
SQL Injection is one of the most common vulnerabilities. The SiteLock SQL Injection Scan penetrates a site with SQL injection methods to find vulnerabilities. This prevents leaking data to hackers.
Remote File Includes (RFI)
Attackers upload a custom coded, malicious file on a website or server using a script. The vulnerability exploits the poor validation checks in websites and can eventually lead to unintended code execution on the server or website.
Cross-Site Scripting (XSS)
Cross-Site Scripting is another common vulnerability that can be used to steal visitor’s data or trick visitors into providing data to third parties. On that particular case, SiteLock checks for susceptibilities and notifies customers of any problems.
Broken Authentication and Session Management
Often, application functions related to authentication and session management are not implemented correctly, allowing hackers to steal passwords, keys, tokens, or exploit other implementation flaws to assume users' identities.
Cross-Site Request Forgery (CSRF)
It is an ongoing attack, which forces the ultimate user to perform unwanted actions on a web application. CSRF attacks specifically target a state changing requests. SiteLock also prevents this attack.
Unvalidated Redirects and Forwards
Due to improper validation, websites often redirect users to other pages using untrusted data to determine the destination. This allows attackers to redirect victims to phishing or malware sites, or use forwards to access unauthorized pages.
Insecure direct object references
It is a common type attack. It occurs when a developer published a reference to an inner implementation object, such as the file, directory or database key. Short of access control check or other defense, this types of attackers can control these references to access unauthorized data.
Security misconfiguration
Security misconfiguration flaws give hackers unauthorized access to system data via default accounts, unused pages, unpatched flaws, unprotected files and directories.
Insecure cryptographic storage
Insecure Cryptographic Storage isn’t a single vulnerability, but a collection of vulnerabilities that compromise data storage. Usually, this collection involves encryption of very sensitive data. Known causes are incorrect encryption of data, improper key storage and management, using known bad algorithms or using your own insecure cryptography.
Insufficient transport layer protection
Applications often fail to authenticate, encrypt and protect the confidentiality of network traffic. Some use weak algorithms, expired or invalid certificates or use them incorrectly. This allows hackers to "eavesdrop" on online exchanges. An SSL certificate can also neutralize this threat.
Instantly Notifies
The global leader in website security, SiteLock scans over 5 million websites every day for malware and vulnerabilities. SiteLock uses such an instant 360's scanning tools that evaluate your website both from the outside-in and the inside-out to analyze your website and notify you instantly if any threat detected.
Instantly Fixes
SiteLock SMART, threat removal tools, provides full website analysis to detect and remove malicious files and code.SMART Tool:
- Cross-Site Scripting (XSS) Scan
- Daily FTP SMART Scan
- Daily vulnerability scans
- CDN (Content Delivery Network) website performance
- Reputation monitoring
- Verifiable Trust Seal
- Identifies loopholes or vulnerabilities in your code
| Features for websites |
Basic For Static websites /year |
Professional For Dynamic websites /year |
Premium For Ecommerce websites /year |
Enterprise For Web Applications /year |
|
|---|---|---|---|---|---|
| 360 Degree Scan and Network Security | |||||
| Number of Pages | 25 | 100 | 500 | 2,500 | |
| Daily Malware Scan | |||||
| Network Scan | |||||
| TrustSeal | |||||
| Daily FTP Scan | |||||
| Automatic Malware Removal | |||||
| File Change Monitoring | |||||
| Website Application Scan | 1-time | 1-time | |||
| SQL Injection Scan | 1-time | 1-time | |||
| Cross Site Scripting (XSS) | 1-time | 1-time | |||
| Trueshield Firewall | |||||
| Search Engine Blacklist Monitoring | |||||
| Spam Verification | |||||
| SSL Verification | |||||
| Business Verification | |||||
| Phone Number Verification | |||||
| Postal Address Verification | |||||
| Truespeed CDN | |||||
| Unlimited Bandwidth | |||||
| Global CDN | |||||
| Caching of Static Content | |||||
| Compression if Static Content | |||||
| Content Minification | |||||
| Image Optimization | |||||
| Buy | Buy | Buy | Buy | ||
Note: SSL-enabled websites are not compatible with the Basic Firewall and CDN that is included for Free in every plan. However, the scans will work as expected for such websites.
SITELOCK FAQS
- website scans to check for the presence of malicious code or vulnerabilities
- automatic removal of any identified malicious code / malware
- basic firewall
- website reputation monitoring (check if the website is blacklisted in search engines and spam blacklists)
- CDN to boost site speed, and hence rankings on search engines
SiteLock is only meant for websites and not for a personal computer or laptop.
- TrustSeal - requires minimal installation
- SMART Scan - requires user to input FTP details in the SiteLock Panel
- basic firewall
- Firewall - requires addition of an A record
- CDN - requires addition of a CNAME record
The badge is displayed only when no issues are found during the website scan.
- Daily Malware Scan
- Daily FTP Scanning
- Website Application Scan
- SQL Injection Scan
- Cross Site Scripting (XSS) Scan
You can choose to not allow SMART to remove any code. In that case, you will only be notified of the vulnerability identified, and you will need to manually check / remove it. Note
- To use this tool, you need to provide your FTP information in the SiteLock panel, along with the port number.
- This tool uses the FTP protocol.
- Domain names registered under XeonBD will be automatically verified
- For other domain names, the verification process can be completed in one of the following ways:
- Add DNS Records for the TrueShield setup
- Add a meta tag to your website page
- Upload a file to your website
- Phone Verification - You need to enter your phone number in the SiteLock Panel and request a verification. Within an hour, you will receive an automated call from SiteLock and you will be provided with a 4 digit code. You then need to submit that code in the SiteLock Panel to verify your phone number.
- Postal Address Verification - After providing your postal address in the SiteLock Panel, you will receive a letter at your postal address within 7-10 days of requesting verification. This letter will contain a 4 digit code that needs to be submitted in the SiteLock Panel to verify the physical address.
- Search Engine Blacklists: SiteLock monitors if any page or link on the website is listed in the blacklists maintained by search engines or matches with their database of over 7000 known malware sites.
- Spam Blacklists: SiteLock checks if the email server is listed as a spammer on leading blacklists so as to prevent emails from being marked as spam.
-
SSL Verification: SiteLock examines the site's SSL certificate to verify
- Encryption strength
- Certification Authority
- Certificate expiry
- Validity of name / domain name
To use SiteLock's Firewall, you need to add an A record to your domain name in order to point to SiteLock's servers where the Firewall is installed. This way, all traffic coming to the website is routed through the Firewall.
- contact the website developer to fix the affected code;
- use SMART for auto-removal of the malware;
- check if all the applications and scripts are up to date. Judiciously use the third-party plug-ins and disable them, wherever possible.
