Sitelock is an automated website security scanning service. This means, the scope of support for the Sitelock software is to automatically scan your files and any detected threats will be reported to you. You will have an option to be only notified or take action for automatic cleaning. No software can guarantee 100% effectiveness against website hacks, however Sitelock provides protection to ensure that you are notified of most threats.
Initial Setup FAQ
I just registered my website and my network scan shows "No information available". Why?
SiteLock will be in the process of scanning your website, servers, and other hardware for vulnerabilities. This initial scan can take up to 24 hours. Please check back throughout the day. If you are still seeing this message after 24 hours, please contact our support team.
What is SMART?
SiteLock’s SMART, or Secure Malware Alert & Removal Tool, performs deep internal website scans that will tell you when any file on your website changes, giving you full visibility to all activity on your site. If malware is detected, SMART can automatically remove it so that your website maintains a safe and secure environment for our visitors.
This comprehensive scan performs daily inside-out, as well as outside-in, checks of your website that go beyond most surface scans.
How long does a typical SMART scan take?
Depends on the size of the site. Typically, SMART scans are complete with 24 hours.
My network scan shows a lot of vulnerabilities. I thought my site was safe. How can I fix this?
You have several options to remediate network vulnerabilities. When you open the detail section, you will see a list of all open ports. If you believe that we have identified these ports in error, click the "Report False Positive" link at the top of the box. The resulting page will allow you to mark any ports as false positive, or mark lower priority ports, to ignore them.
The malware scan came back with results for my site. What does this mean? How can I fix it?
The malware scan will notify you of any pages or links on your site that have been listed as distributors of malware (viruses, spyware, identity theft scams, etc.). If you are on these lists, many browsers and search engines will 'black-list' your site, meaning Internet users will not be able to see it in search results and it will be flagged if they navigate to your site. To get your site cleaned up and off of these lists, remove offending links and clean your website to make sure there are no viruses or spyware present.
The email scan came back with results for my site. What does this mean? How can I fix it?
The email scan will notify you if your website or servers are sending or referenced in spam emails. If you are identified on these lists, many email programs will ignore or classify emails from your site as spam. This means your customers and users will not get email from you in many cases. To get your site off these lists and re-open communication with your customer, you must get off these email 'blacklists'.
SiteLock has completed the scan of my site, but the number of pages is less than I expected. What happened?
There are two possible explanations. First, check the limits of the package you have purchased. Certain limits apply to our packages. If that is not the reason, it may be that our "spider" cannot find all of the pages on your site. In many cases, this can occur if there are portions of your site not linked in some way to your home page. Since our spider works primarily by "crawling" from link to link on your site, unlinked pages are sometimes missed. To help us get a more comprehensive scan, you can place a "sitemap" file on your site, which will tell our spider where to look. For details on how to create this file, please visit http://www.sitemaps.org
I recently signed up for SiteLock and noticed that we are getting some empty submissions from some of the forms on our web site (Contact us, etc.).
SiteLock probes your site to determine if fields and forms on your site are vulnerable to attempts by hackers looking to exploit these forms to gain access to your data. This will result in attempts to submit forms on your website with encoded data.
If you wish to stop receiving these e-mail's or entries, you may want to do some validation on the fields within your form to ensure that data is being submitted in the correct formats before triggering e-mail's or database inputs. Since we insert data that would not likely be valid for any fields on your site, these validation measures should stop you from getting these empty e-mail's or entries. It's also good coding and security practice to make sure your site's visitors are providing the correct data in the expected formats. If you need help with form validation, contact our Support team.
I own several websites. What do I need to protect them?
SiteLock is sold as a subscription per domain. You would purchase a separate subscription for each website that you would want to protect.
What is Malware?
Malware, short for malicious software, can be installed on your website by hackers who are able to find weaknesses on your web server. A typical website may have thousands of potential vulnerabilities for malware injection.
Once placed on a website, malware can then be used to spread viruses, steal personal or financial data, and even hijack computers. It is not easily detected and may infect your customers' computers after they visit your website. Ultimately, this negatively affects your business reputation and can result in lost business.
How does SiteLock protect my online reputation?
SiteLock's patent-pending 360-degree scan helps you make sure your website and communications are reaching your visitors as intended in three key ways:
- Malware blacklist monitoring: We monitor search engine and proprietary lists of sites reported as malware to make sure visitors arrive at your site, not a "Red Screen" warning from their browser or search engine
- E-mail spam blacklist monitoring: We compare your e-mail address, domain name, and e-mail server to industry and proprietary lists used by popular e-mail programs to identify which messages to mark as "Spam". This ensures that your e-mails reach your customers' inbox - not their spam folder.
- SSL Scanning: If you have an SSL certificate installed on your site for data encryption, we will scan that certificate to verify that it is not expired or otherwise out-of-compliance with web browser expectations. This prevents users from seeing warnings about data security when they visit your site.
Failure to keep up with and monitor any of these items can result in lost customers, abandoned visits to your website, and wasted marketing and website design efforts.
What is Application Scanning?
Application scanning will verify the applications you've installed on your website against known vulnerabilities. As application versions age (like Joomla 1.5 or WordPress 3.0), hackers will find ways to attack these programs. The publishers then update them with newer versions, which you need to upgrade to in order to stay safe. SiteLock verifies your version against catalogs of vulnerabilities to ensure you are running safe software on your site. If we discover a vulnerability in our testing, we report it to you immediately and can help you secure your site.
How does SiteLock protect my data?
SQL injection, is an extremely damaging attack in which hackers will attempt to access information stored in your database, such as customer data or user ID's and passwords. SQL stands for Structured Query Language and is the programming language understood by databases. By inserting commands from this programming language into fields on your website's input forms, hackers can gain access to the database records of vulnerable sites, stealing credit card data, passwords, e-mail addresses and any additional data available in the database.
SiteLock SQL injection scanning reviews all of the files and applications on your website to detect any injections that have been inserted in your website code. If we identify an infiltration, we will notify you immediately via email. Your SiteLock dashboard will show a list of infected pages, and our Expert Services team can help you repair your website.
SiteLock Trust Seal Installation
I am having trouble getting the SiteLock Security Certificate to display on my site.
- First, we need to determine where you are installing your shield. Are you trying it on a page stored on your local computer or on a live web site?
- If you are using a local computer for development, then you need to add http: before the several instances of '//shield.sitelock.com' in the code so that it looks like http://shield.sitelock.com. The original code should work on any live web site and any major browser, but you need to make the adjustment above to display it on your computer.
- To show the SiteLock badge on your site, please log in to your dashboard - available from your web hosting control panel or by visiting sitelock.com. At the bottom of the dashboard is the badge section. Choose a badge format, save your preference, and then copy and paste the code into your site wherever you want the badge to display.
- In most CMS tools, such as WordPress, Joomla Drupal, etc., you can simply place the code for the SiteLock Trust Seal in the Footer code of the website.